InfoSec News

The Microsoft Malicious Software Removal Tool release warns users of Win32/Bafruz family backdoor Trojan.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
Rumors over the fate of cloud gaming service OnLive swirled on Friday afternoon after reports the company had fired most of its staff. OnLive is being coy about its business situation, but on Friday afternoon several employees were seen leaving the Palo Alto-based company carrying packing boxes.
Rumors over the fate of cloud gaming service OnLive swirled on Friday afternoon after reports the company had fired most of its staff. OnLive is being coy about its business situation, but on Friday afternoon several employees were seen leaving the Palo Alto-based company carrying packing boxes.
Oracle Java SE CVE-2012-1713 Remote Code Execution Vulnerability
OTRS 'Body' Field HTML Injection Vulnerability
Linux GNU Debugger 'debug_gdb_scripts' Loading Arbitrary Code Execution Vulnerability
EMC AutoStart CVE-2012-0409 Multiple Buffer Overflow Vulnerabilities
Tech stocks have been climbing recently as key vendors such as Cisco and Lenovo report positive quarterly earnings and the U.S. economy offers glimpses of good news.
With the Mars Curiosity rover's science instruments working well, NASA engineers are getting ready for two big tests of their robotic rover -- blasting a rock with a laser beam and getting the rover moving.
Both Google and Oracle said Friday they did not pay any journalists or bloggers for coverage or commentary of their high-profile copyright infringement battle that recently concluded in a California court, but the companies disagreed on what arrangements should be disclosed.
A hacker group calling itself the Arab Youth Group has claimed responsibility for what appears to be a serious hacking attack on Saudi Aramco, one of the world's largest energy companies.
Apple Mac OS X Multiple Information Disclosure Vulnerabilities
Microsoft Visio Viewer VSD File Format CVE-2012-1888 Remote Code Execution Vulnerability
With Windows 8 RTM, Microsoft has revealed how it will notify users of the 'Do Not Track' privacy setting for Internet Explorer 10.
Lost and stolen devices remain two of the top mobile security issues revealed in SearchSecurity.com's 2012 enterprise mobile security survey.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
Apple QuickTime CVE-2011-3220 Information Disclosure Vulnerability
ZDI-12-144 : EMC AutoStart ftAgent Opcode 0x4B Subcode 0x1D4C Parsing Remote Code Execution Vulnerability
Alt-N MDaemon Body HTML Injection Vulnerability
ZDI-12-143 : Microsoft Visio DWGDP MTEXT Remote Code Execution Vulnerability
ZDI-12-142 : Oracle Java WebStart Browser Argument Injection Remote Code Execution Vulnerability
ZDI-12-141 : Microsoft .NET Framework Clipboard Unsafe Memory Access Remote Code Execution Vulnerability
ZDI-12-140 : McAfee SmartFilter Administration Server SFAdminSrv.exe JBoss RMI Remote Code Execution Vulnerabilty
The continuing slide in Facebook's stock price is fueling speculation that the social network might be better off without co-founder Mark Zuckerberg at the helm.
The digital breadcrumbs left behind when people use Internet-connected gadgets are what led California investigators to recover iMacs, iPads and other items stolen from the home of the late Apple CEO Steve Jobs.
A new Trojan horse tries to covers its tracks by crippling the victim's computer after stealing data, a security researcher said today.
Two open source libraries, libxml2 and libxslt are insecurely used by the open source database and can let users read or write arbitrary files on a system. Patched versions of PostgreSQL are available, but there is some breaking of backwards compatibility

NGS00288 Patch Notification: Windows Remote Desktop Memory Corruption Leading to RCE on XP SP3
"Bustin'," Ray Parker, Jr. once observed, "makes me feel good." Mr. Parker made that declaration in song for the 1984 movie Ghostbusters. Had he instead been tasked with recording a tune for the 2012 iOS game Ghostbusters Paranormal Blast, he'd be less likely to feel enthusiastically toward busting, be it ghosts or otherwise.
RoundCube Webmail 'href' Email Body HTML-injection Vulnerability
[ MDVSA-2012:138 ] acpid
[ MDVSA-2012:137 ] acpid
[ MDVSA-2012:136 ] phpmyadmin
[security bulletin] HPSBUX02806 SSRT100789 rev.1 - HP Serviceguard, Remote Denial of Service (DoS)
myCare2x Multiple Input Validation Vulnerabilities
Ecava IntegraXor 'igcom.dll' Directory Traversal Vulnerability
Oracle has agreed to pay a $2 million penalty to settle charges that it did not have proper controls to prevent employees at its Indian subsidiary from secretly setting aside funds from the company's books.
Amazon Web Services has announced four new features for Amazon RDS for Oracle, including the ability to run the database in a private cloud, the company said on Thursday.

Posted by InfoSec News on Aug 17


By Dan Goodin
Ars Technica
Aug 16, 2012

Malware researchers have uncovered an attack targeting an organization
in the energy industry that attempts to wreak havoc by permanently
wiping data from an infected computer's hard drive and rendering the
machine unusable.

The computer worm, alternately dubbed Shamoon or Disttrack by
researchers at rival antivirus providers...

Posted by InfoSec News on Aug 17


By Aliya Sternstein
August 16, 2012

The U.S. Cyber Command, which directs network offensive operations for
the Pentagon and protects its networks, is becoming more open about the
military’s capabilities in cyberspace. Recently, the Defense Department
was forced to show part of its hand when leaks surfaced about
U.S.-manufactured cyber weapons and cyber espionage...

Posted by InfoSec News on Aug 17


The West Australian
August 17, 2012

More than $25 million has been stolen from Australian credit cards by
overseas hackers, federal police say.

Australian businesses were targeted by the scammers, who obtained about
half a million credit card numbers, the Australian Federal Police says.

"The compromise is believed to have involved...

Posted by InfoSec News on Aug 17


By Ellen Messmer
Network World
August 15, 2012

Next month the National Institute of Standards and Technology (NIST)
plans to put out for public review its draft for a new government
encryption standard that, when finalized, is going to compel federal
agencies with older websites to replace them.

NIST's current standard calls for federal agencies to support Transport...

Posted by InfoSec News on Aug 17


The Smoking Gun
August 16, 2012

AUGUST 16 -- In a shocking security breach, a federal court clerk in Los
Angeles has been charged with selling information from sealed court
documents detailing upcoming arrests and law enforcement raids targeting
affiliates of an organized crime syndicate.

Investigators discovered the alleged scheme earlier this year after a
Sockso 'username' Field HTML Injection Vulnerability
Proman Xpress SQL Injection and HTML Injection Vulnerabilities
Gypsy Information Disclosure and Buffer Overflow Vulnerabilities
The U.S Department of State has withdrawn plans to place a $16.5 million order on Amazon.com for its Kindle Touch devices along with content management, and logistics, stating that it intends to conduct additional market research and re-examine its requirements for the program.
Lenovo said on Thursday the company was not worried about Microsoft's new Surface tablet, with its CEO stating the PC maker is confident it provides better hardware than its competitors including Microsoft.
Microsoft has resumed publishing applications on Marketplace, after sorting out a problem related to the certificates used to sign apps in the store, according to a post on Thursday on its Windows Phone developers' blog.
Taiwanese PC maker Acer, revising its estimates, does not expect "explosive growth" for Windows 8 devices when the Microsoft operating system launches in October, with its company CEO citing a lack of consumer interest as one of the reasons.
Google made its Voice Search for Android available in 13 new languages, bringing the total to 42 languages and accents in 46 countries, the company said on Friday.
Apple and Facebook this week each filed plans to expand data center operations in Prineville, Ore., a little community that's on its way to becoming one of the largest data center locations in U.S.
New malware is spreading that claims to be a security tool to protect users against hackers. Instead, it installs a remote access tool onto victims' systems

Changes to Twitter's upcoming API release are aimed at restricting consumer-focused client applications in favor of business-oriented ones, according to the company's blog on Thursday.
Internet Storm Center Infocon Status