Today, Krebs on Security reported that publicity service PR Newswire was hacked in March 2013. But more interestingly, this hijacked data has surfaced on the same Internet servers where stolen Adobe Systems source code and customer data was recently found.

The location of this lifted PR Newswire data suggests that the same black hats may be behind both hacks. Brian Krebs confirmed the data (usernames and encrypted passwords) with PR Newswire, and the company will start contacting customers about password changes today. PR Newswire told Krebs its investigation into the data is still in progress, but early indications are that the breach affected customers in Europe, the Middle East, Africa, and India in particular.

Krebs and collaborator Alex Holden, chief information security officer at Hold Security LLC, found no evidence of abuse with the stolen data at this time. However, the duo notes that PR Newswire's clientele could be potentially very lucrative targets for hackers to use to manipulate financial markets.

Read 1 remaining paragraphs | Comments


Multiple HP Products CVE-2013-4822 Remote Code Execution Vulnerability

A pair of researchers have uncovered more than two dozen vulnerabilities in products used in critical infrastructure systems that would allow attackers to crash or hijack the servers controlling electric substations and water systems.

The vulnerabilities include some that would allow an attacker to crash or send a master server into an infinite loop, preventing operators from monitoring or controlling operations. Others would allow remote code-injection into a server, providing an opportunity for an attacker to open and close breakers at substations and cause power outages.

“Every substation is controlled by the master, which is controlled by the operator,” says researcher Chris Sistrunk who, along with Adam Crain, found vulnerabilities in the products of more than 20 vendors. “If you have control of the master, you have control of the whole system, and you can turn on and off power at will.”

Read 22 remaining paragraphs | Comments


Multiple HP Products CVE-2013-4823 Information Disclosure Vulnerability
HP IMC Service Operation Management Software CVE-2013-4824 Authentication Bypass Vulnerability
HP Intelligent Management Center CVE-2013-4825 Local Unauthorized Access Vulnerability
Cisco Identity Services Engine Disk Consumption Denial of Service Vulnerability
Managing its way nimbly through times of economic sluggishness, IBM reported a 6 percent increase in profit for the third quarter even as its revenue declined.
In another example of the blurred lines between business and personal computing, Whirlpool chose Google Apps because it's convinced that Google's focus on consumers gives it a special innovation edge as a provider of enterprise software.
Hewlett-Packard has assembled a number of its data-mining software programs into a service, called the HP Digital Marketing Hub, that can synthesize multiple sources of marketing data to help organizations better identify potential customers.
Oracle Outside In Technology CVE-2013-5791 Stack Buffer Overflow Vulnerability
Oracle MySQL CVE-2005-2572 Remote Code Execution Vulnerability
Apple today fixed an iCloud bug that had turned OS X and iOS users' calendars into a gaudy range of colors that one frustrated customer labeled the "Barbie Dreamhouse" palette.
Two Republican lawmakers Wednesday demanded that the U.S. Department of Health and Human Services (HSS) provide information on security measures used to secure the Federal Data Services Hub that was built to support Obamacare healthcare exchanges.
RubyGems CVE-2013-4287 Denial of Service Vulnerability
libvirt 'virBitmapParse()' Function Denial of Service Vulnerability
Lenovo has entered the Windows 8.1 tablet market with the 8-in. Miix2 tablet, which starts at $299 and has an Intel Atom chip code-named Bay Trail.
Google today stuck a finger in Microsoft's eye, telling users of Windows XP that its Chrome browser will support their aged operating system a year longer than will Microsoft's Internet Explorer.
Hiring managers are busy bees who sometimes have to close a deal from their mobile phones, which is apparently what led LinkedIn to offer a mobile app for recruiters on the go.
More than two weeks after U.S. President Barack Obama's administration launched a website allowing uninsured U.S. residents to sign up for health coverage, officials still aren't releasing the numbers of people who have successfully navigated the error-prone process.
You can add secure texting to the list of enterprise-grade social collaboration tools companies are adopting for their workers.
Dropbear SSH 'svr-auth.c' User Enumeration Weakness
[security bulletin] HPSBPV02918 rev.2 - HP ProCurve Manager (PCM), HP PCM+ and HP Identity Driven Manager (IDM), SQL Injection, Remote Code Execution, Session Reuse
PayPal Inc Bug Bounty #61 - Persistent Mail Encoding Vulnerability
After releasing the first version of Knox security software after a long testing period, Samsung is working on version 2.0.
Searching for a new IT position in a competitive market can be an uphill battle. One little mistake could cost you the opportunity. Read on to make sure you aren't making one of these commonly seen blunders in your job search.
Private equity firm Cerberus Capital Management is reported to be considering a bid to acquire all of ailing BlackBerry.
A TV commercial for T-Mobile US that parodies a smartphone theft is "more than tasteless" and should be pulled, two prosecutors wrote in a letter to T-Mobile CEO John Legere.
After recent revelations about the U.S. National Security Agency's widespread surveillance of Internet communications, the coordination of the Internet's technical infrastructure should move away from U.S. government oversight, said 10 groups involved in the Internet's technical governance.
LinuxSecurity.com: Updated xorg-x11-server packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having [More...]
Mahara Multiple Security Bypass Vulnerabilities
RETIRED: Oracle Java Runtime Environment 'Reflection API' Remote Code Execution Vulnerability
[SE-2012-01] Issue 69 details and IBM Java vulnerabilities
Remote Code Execution in Microweber
Getting Windows Phone 8 Update 3, and eventually Windows Phone 8.1, on phablets is one thing, but getting a foothold in the low-end tablet market is a bigger opportunity.
Apple has cut orders for the iPhone 5C by between a fifth and a third, Asian sources have told the Wall Street Journal and the Reuters news service, leading some financial analysts to again argue that the company misjudged the appeal of the lower-priced smartphone.
Cloud computing obsolesces the idea that IT operations must put users through the ringer to get their hands on scarce resources. Many organizations continue to insist that someone must review resource requests when, in reality, an automated policy engine can do the same thing -- and put computing power in users' hands that much faster.
Oracle Sun Products Suite CVE-2013-3838 SPARC Enterprise T & M Series Servers Security Vulnerability
Up to one million Jamba Juice smoothies will go to Isis mobile wallet smartphone users later this year, when Isis takes its NFC-ready technology to the national stage.
Oracle Portal CVE-2013-3831 SQL Injection Vulnerability
Oracle fixed on Tuesday 127 security issues in Java, its database and other products, patching some flaws that could let attackers take over systems.
A new tool from security vendor Onapsis aims to secure SAP's in-memory database HANA, the German company's fastest-growing data processing product.
International Components for Unicode CVE-2013-0900 Unspecified Race Condition Vulnerability
Poppler 'DCTStream.cc' File Denial of Service Vulnerability
New Tilera co-processors tuned for Hadoop, video and networking applications can free up the primary CPUs of x86 servers to run other applications.
An innovative program at Rush University Medical Center will support returning veterans by helping them find careers in the IT field.
Oracle Java SE CVE-2013-5849 Remote Security Vulnerability
Oracle Java SE CVE-2013-5825 Remote Security Vulnerability
Intel has delayed production of its "Broadwell" processors due to a manufacturing glitch, something analysts say could postpone the launch of PCs and tablets based on the new chip.
Twitter lost almost as much money in the July-to-September quarter as it did in the first six months of this year, according to a regulatory disclosure made by the company on Tuesday.
Microsoft has enhanced its Yammer enterprise social networking suite's mobile applications, email integration and document collaboration.
Twitter, with an IPO looming, needs to make money. To do that, a key focus is being placed on advertising and promoted content around television, the company signaled on Tuesday.
If you want to avoid traffic accidents or aren't very good at parking, the latest SoC (System-on-Chip) from Texas Instruments offers relief.
The Apache Software Foundation unveiled its latest release of its open source data processing program, Hadoop 2. It runs multiple applications simultaneously to enable users to quickly and efficiently leverage data in multiple ways at supercomputing speed, Apache said Wednesday.
As it embarks on what's likely to be a long journey to its next big increase in speed, Ethernet is in some ways a victim of its own success.
Its fortunes in the West having stumbled, HTC is looking to the massive China smartphone market to keep it in business.
Oracle Java SE CVE-2013-3829 Remote Security Vulnerability
Oracle Java SE CVE-2013-5809 Remote Security Vulnerability
Oracle Java SE CVE-2013-5802 Remote Security Vulnerability
Oracle Java SE CVE-2013-5819 Remote Security Vulnerability
Apple on Tuesday tagged Burberry CEO Angela Ahrendts as the company's new head of retail and online stores, filling a spot in the executive top tier that's been vacant for nearly a year.
First came desktop security, then laptop security. But the next wave -- mobile -- throws new wrenches into the works, as IT is now supporting multiple types of devices and warding off sophisticated threats. Here's how IT leaders are coping.

Buy FFXIV GIL For Sale, Cheap FF14 Gold with Professional Service Online, Final Fantasy 14 Gil at FF14mall is Security and Fast Delivery Guaranteed. http://www.ff14mall.com/

Oracle Java SE CVE-2013-5830 Remote Security Vulnerability
Oracle Java SE CVE-2013-5778 Remote Security Vulnerability
[ISecAuditors Security Advisories] PL/SQL Injection in Oracle Portal Demo Organization Chart
APPLE-SA-2013-10-15-1 Java for OS X 2013-005 and Mac OS X v10.6 Update 17
Oracle Java SE CVE-2013-5772 Remote Security Vulnerability
Oracle Java SE CVE-2013-5803 Remote Security Vulnerability
Internet Storm Center Infocon Status