Hackin9

InfoSec News

Oracle has released a new LTO-5 tape library that scales from 45TB to 900TB and can be installed and expanded by users themselves.
 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
EPEAT has launched a review of ultra-thin and light laptops carrying its environmental ratings after Apple withdrew from and rejoined the organization last week.
 
Yahoo's new CEO, Marissa Mayer, was absent from the company's quarterly earnings call on Tuesday, disappointing any analysts who might have been hoping for an early clue about the direction she will chart for the company.
 
Marissa Meyer has her work cut out for her at Yahoo. The fading Internet star reported its second-quarter financial results Tuesday, in which revenue and profit both dipped slightly from a year earlier.
 
Paul Maritz will step down from his role as CEO of VMware, to be replaced by EMC Chief Operating Officer Pat Gelsinger, EMC confirmed on Tuesday.
 
 
Intel warned Tuesday that it expects to see lower-than-anticipated growth for 2012. The news came as the company posted mixed results for the second quarter of the year.
 
Megaupload cannot avoid prosecution in the U.S. simply because it had no physical presence in the country, the U.S. Department of Justice said in a colorfully worded opposition to the file-sharing site's motion to dismiss copyright infringement charges against it.
 
On Marissa Mayer's first day as CEO at Yahoo, she has to figure out which problem to tackle first to right a company that has been buffeted by scandal, financial trouble and, possibly worst of all, growing market invisibility.
 
A piece of malware called Mahdi or Madi has been used to spy on hundreds of targets from Iran, Israel and a few other Middle Eastern countries during the past eight months, according to researchers from security vendors Seculert and Kaspersky Lab.
 
Marissa Meyer has her work cut out for her at Yahoo. The fading Internet star reported its second-quarter financial results Tuesday, in which revenue and profit both dipped slightly from a year earlier.
 
Microsoft confirmed Monday that the new Office 2013 will not run on older PCs powered by Windows XP or Vista.
 
A federal judge dismissed a class-action lawsuit against LinkedIn that alleged the social media network violated provisions of the Stored Communications Act (SCA) when it disclosed the IDs and browsing histories of LinkedIn users to advertising companies.
 
Attack toolkits have grown in sophistication as cybercriminals add better code obfuscation and other techniques to avoid detection and improve attack effectiveness.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
IT organizations are justifiably concerned about the security risks inherent in bringing your own device (BYOD). Many are turning to mobile device management (MDM) products and services to address the problem. But a number of mobile security vendors believe organizations are focusing the device when they should be focusing on the data.
 
A large auto insurance provider has become embroiled in a court battle with Pitney Bowes, alleging that the software vendor claims a 20-year-old license agreement between the companies has been significantly misinterpreted and that a significant additional amount of money is owed.
 
[security bulletin] HPSBMU02797 SSRT100867 rev.1 - HP Network Node Manager i (NNMi) v9.1x Running JDK for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Information Disclosure, Modification, Denial of Service (DoS)
 
MIPS, continuing its push to make a mark in low-cost tablets, is quickly trying to bring Android 4.1, also called Jellybean, to its processors.
 
Motorola's Xoom tablet does not infringe on some of Apple's community designs, the regional court of DA1/4sseldorf ruled on Tuesday. Apple wanted a Europe-wide ban on the Motorola tablet, a court spokesman said.
 
This agile development framework could be your key to completing more projects on time, on budget and on scope. Insider (registration required)
 
Facebook may be the biggest social network in the world, but rival Google+ wins when it comes to user satisfaction, according to a report from the American Customer Satisfaction Index.
 
While Apple may have complicated the field of to-do and reminder apps with the introduction of its own Reminders app in iOS 5, that doesn't mean other developers have given up. Checkmark, a new app from developer Snowman, has upped the ante with a superior implementation of one of Reminders's key features, location-based reminders.
 
With the upcoming release of Office 2013, Microsoft is putting a lot of focus on the cloud in a bid to compete with Google.
 
[PT-2012-23] SQL Injection in Dr.Web Anti-virus
 
Secunia Research: Cisco Linksys PlayerPT ActiveX Control "SetSource()" Buffer Overflow
 
One of the world's most active spam botnets -- Grum -- was crippled after two of its command and control (CnC) servers hosted in the Netherlands were taken down, according to researchers from security firm FireEye.
 
CORE-2011-1123 - Windows Kernel ReadLayoutFile Heap Overflow
 
[security bulletin] HPSBMU02799 SSRT100867 rev.1 - HP Network Node Manager i (NNMi) v9.0x Running JDK for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Information Disclosure, Modification, Denial of Service (DoS)
 
AVAVoIP v1.5.12 - Multiple Web Vulnerabilities
 
DC4420 - London DEFCON - July meet - Tuesday July 17th 2012
 
European Union antitrust regulators today threatened Microsoft with more fines, potentially in the billions of dollars, after the company failed to make good on its promise to offer consumers there a choice of browsers.
 
---------------

Jim Clausing, GIAC GSE #26

jclausing --at-- isc [dot] sans (dot) edu (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
The European Commission has launched a formal investigation of Microsoft's compliance with commitments it made to settle a browser antitrust case.
 
Samsung Electronics will buy the handset connectivity and location chip development operations of UK chip maker CSR for $310 million, the companies said Tuesday.
 
SAP is planning to organize its analytics and BI (business intelligence) product strategy around five "pillars," or subject areas, spanning from essential platform technology to social collaboration.
 

Hackers For Charity auction for one #Defcon Über Badge
CSO (blog)
A few observant infosec friends eagerly flagged the listing on Facebook this morning. Here are the details, as posted on eBay by Hackers for Charity, a non-profit organization that uses the skills of volunteer technology experts to solve challenges for ...

 

Payment Systems Support Manager
AME Info
•Familiarize with, adheres to and enforce Bank's / InfoSec's policies, standards and procedures. •Participate in the Information Security Operational Risk assessment and suggest necessary steps in mitigating such risks. •Assist PSC to ensure ...

and more »
 
Now that Microsoft has officially unwrapped the next edition of its Office, you, no doubt, have questions. We've got the answers.
 
Japanese electronics giant Fujitsu on Monday showed a new smartphone for the elderly, with a simplified Android user interface and a new touch screen designed for senior users.
 

Posted by InfoSec News on Jul 17

http://www.darkreading.com/risk-management/167901115/security/vulnerabilities/240003810/at-t-to-sponsor-zero-day-contest-for-kids.html

By Kelly Jackson Higgins
Dark Reading
July 16, 2012

AT&T has joined forces with an 11-year-old hacker -- that's right, 11 --
and DefCon Kids in sponsoring a hacking contest during the second annual
conference that runs in conjunction with the adult DefCon later this
month in Las Vegas. Whoever finds...
 

Posted by InfoSec News on Jul 17

http://www.wired.com/threatlevel/2012/07/oil-companies-hacked/

By Kim Zetter
Threat Level
Wired.com
July 16, 2012

Five top multinational oil companies have been targeted by members of
Anonymous, who published about 1,000 email addresses for accounts
belonging to the firms, as well as hashed and unencrypted passwords.

The hacks, against Shell, Exxon, BP and two Russian firms -- Gazprom and
Rosneft, were conducted as digital protests against...
 

Posted by InfoSec News on Jul 17

http://www.theregister.co.uk/2012/07/16/cisco_telepresenceflaws/

By Iain Thomson in San Francisco
The Register
16th July 2012

Cisco slipped out four security advisories on Friday warning of serious
vulnerabilities in its high-end videoconferencing system – or
TelePresence, as it prefers to call it.

The flaws affect versions of Cisco TelePresence Manager, Recording
Server, Immersive Endpoint System, and Multipoint Switch, and would...
 
The U.S. Department of Homeland Security (DHS) has issued an alert warning of vulnerabilities in a software technology called the Niagara AX Framework, used to manage millions of devices over the Internet.
 
Microsoft launched the public beta of Office's next version on Monday, saying that from now on the suite's cloud-based edition, Office 365, will be its primary focus of development.
 
Rep. Lamar Smith (R-Texas), the chairman of the House Judiciary Committee, may be getting ready to support legislation to grant green cards to holders of advanced degrees in so-called STEM fields.
 

Posted by InfoSec News on Jul 17

http://arstechnica.com/security/2012/07/android-jelly-bean-hard-to-exploit/

By Dan Goodin
Ars Technica
July 16, 2012

The latest release of Google's Android mobile operating system has
finally been properly fortified with an industry-standard defense. It's
designed to protect end users against hack attacks that install malware
on handsets.

In an analysis published Monday, security researcher Jon Oberheide said
Android version 4.1,...
 

Posted by InfoSec News on Jul 17

http://www.informationweek.com/news/security/management/240003767

[This is research based on interviews with 20 hackers, I have to wonder
what other research the Government of Ireland has helped fund Dr. Kirwan
with such a small sample base. - WK]

By Mathew J. Schwartz
InformationWeek
July 16, 2012

Want to put a stop to hacking? The solution is simple: Get hackers
girlfriends.

To be sure, that prescription is tongue-in-cheek, but it...
 
Internet Storm Center Infocon Status