Hackin9

Australia's banks quietly swatting trojan
The Canberra Times
Australia's banks work around the clock to swat malware that steals from customers' accounts. Photo: Simon Rankin. Australia's banks have been quietly working with a Russian security and forensics firm to swat a nasty banking trojan crafted in the ...

 
NewsGator has upgraded its Social Sites enterprise social networking (ESN) add-on for SharePoint to make the software better able to tailor the content, notifications and capabilities it displays for each user.
 
The Open Data Center Alliance, a customer group that shares tips about cloud deployments and tries to nudge vendors into supplying the products they want, has added big data to the list of IT topics it covers.
 
Sprint Nextel sued Clearwire and Dish Network on Monday in a bid to block Dish from taking over Clearwire, Sprint's majority-owned network partner.
 
Lean storage techniques will keep a lid on storage investments over the next few years, though the world's enterprises still are on track to buy 138 exabytes of storage system capacity in 2017, IDC said.
 
Apple didn't try to fix or raise the prices of electronic books when it entered into the market in 2010, according to Apple Senior Vice President Eddy Cue. Rather, he says, the company was only working to ensure a profit for itself.
 
Much of Rambus' past is associated with lawsuits, but the company is moving forward with dispute settlements.
 
[security bulletin] HPSBHF02885 rev.2 - HP Integrated Lights-Out iLO3 and iLO4 using Single-Sign-On (SSO), Remote Unauthorized Access
 

BlackBerry has issued a security advisory to customers who have purchased the company's Z10 smartphone—the flagship device of BlackBerry's relaunch in February. A bug in the system designed to help users find their lost cell phone could be used to gain access to the phone, either physically or over Wi-Fi.

The bug isn't in the BlackBerry 10 OS itself, but in the BlackBerry Protect application. A malicious application could take advantage of weak permission controls in BlackBerry Protect to reset the password on the Z10 or prevent the phone's owner from remote-wiping it when the phone is lost.  If an attacker has the phone in hand, the bug in Protect could be used to gain access to the phone's functionality and the owner's personal data; the bug and a malicious application could be used to expose the phone over Wi-Fi and allow a user to pilfer files from the device.

BlackBerry (the company formerly known as Research In Motion) went out of its way to get its Z10 smartphone and the BlackBerry 10 operating system certified as secure well before launch, getting the US government seal of approval with FIPS 104-2 certification last November. The company is downplaying the immediate risks of this vulnerability, as there is no known exploit using the bug in the outside world and the worst risks require a combination of a user installing a malicious application and then an attacker gaining access to the phone. The Wi-Fi attacks are only possible if the device's owner has turned on Wi-Fi access.

Read on Ars Technica | Comments

 
After a year and a half of culling through 6,100 applicants, NASA has chosen four men and four women to train to become astronauts and potentially travel to an asteroid -- or Mars.
 
Many eyes in the tech world will fall on Oracle later this week, when the vendor's fourth-quarter results are set for release. This is typically the biggest reporting period for Oracle each year in terms of revenue, but a number of questions loom beyond its top-line performance.
 
Last week's release of Office Mobile for the iPhone nailed down one of the mysteries pundits had pondered -- how Microsoft planned to generate Office revenue from Apple's iPhone and iPad.
 
Swiss scientists have created a cat-like robot with the stability and agility to one day be used in search-and-rescue missions.
 
British intelligence agency Government Communications Headquarters (GCHQ) reportedly intercepted the electronic communications of foreign politicians during G20 meetings that took place in London in 2009.
 
If attackers can get the user to install a malicious app and convince the user to reset their password using BlackBerry Protect, it is possible to take complete control of a BlackBerry Z10
    


 
Wireshark NBAP Dissector Multiple Denial of Service Vulnerabilities
 
Wireshark PPP Dissector CVE-2013-4076 Denial of Service Vulnerability
 
Wireshark CVE-2013-4081 Stack Buffer Overflow Vulnerability
 
Samsung plans to begin selling a Samsung Galaxy S4 smartphone capable of running on LTE-Advanced 4G networks -- which offer download speeds that are twice as fast as LTE -- in South Korea this month.
 
Revelations over the U.S. National Security Agency's Prism surveillance program have much of the general public in uproar, but in terms of the controversy's impact to enterprise IT, some CIOs have measured, albeit watchful, reactions.
 
Google launched high-altitude balloons in a test to create a wireless network that could provide Internet access to remote and underserved parts of the world.
 
British intelligence agency Government Communications Headquarters (GCHQ) reportedly intercepted the electronic communications of foreign politicians during G20 meetings that took place in London in 2009.
 
Analysts at the U.S. National Security Agency can gain access to the content of U.S. targets' phone calls and email messages without court orders, NSA leaker Edward Snowden said, contradicting denials from U.S. government sources.
 
 
ownCloud CVE-2013-2149 Multiple Cross Site Scripting Vulnerabilities
 
The battle of takeovers among Sprint Nextel, Dish Network, Clearwire and SoftBank has heated up as the Clearwire board of directors recommended that shareholders accept the bid of Dish instead of Sprint's.
 
Samsung plans to begin selling a Samsung Galaxy S4 smartphone capable of running on LTE-Advanced 4G networks -- which offer download speeds that are twice as fast as LTE -- in South Korea this month.
 
Patient monitors, medical pumps, and analysis devices – like industry control systems, the equipment used in hospitals is increasingly connected to networks. Now, ICS-CERT says that some 300 devices from 40 manufacturers have backdoors
    


 

Australia's banks quietly swatting trojan
Brisbane Times
Australia's banks work around the clock to swat malware that steals from customers' accounts. Photo: Simon Rankin. Australia's banks have been quietly working with a Russian security and forensics firm to swat a nasty banking trojan crafted in the ...

 
Revelations over the U.S. National Security Agency's Prism surveillance program have much of the general public in uproar, but in terms of the controversy's impact to enterprise IT, some CIOs have measured, albeit watchful reactions.
 
Samsung has started mass shipments of its XP941 PCIe flash drive, a card for ultra-slim notebooks that delivers a sequential read performance of 1400MBps throughput.
 
Nullsoft Winamp M3U File Processing Buffer Overflow Vulnerability
 
Samsung has started mass shipments of its XP941 PCIe flash drive, a card for untra-slim notebooks that delivers a sequential read performance of 1,400MB/s throughput.
 
Europe's top privacy watchdog and the Digital Agenda commissioner both said Monday that more transparency and trust is needed between the European Union and the United States following the Prism scandal.
 
Not realizing that your behaviors constitute harassment is no excuse.
 
Samsung has started mass shipments of its XP941 PCIe flash drive, a card for untra-slim notebooks that delivers a sequential read performance of 1,400MB/s throughput.
 
Feedly said Monday that it has started migrating its users to its own back-end RSS infrastructure two weeks before Google is to pull the plug on its Reader service.
 
If you run a small business, you have a lot of choices to protect your network. You can buy a consumer-grade router for less than $50, you can spend more than $4,000 for an enterprise firewall, or you can select something in between.
 
LinuxSecurity.com: Krzysztof Katowicz-Kowalewski discovered a vulnerability in fail2ban, a log monitoring and system which can act on attack by preventing hosts to connect to specified services using the local firewall. [More...]
 
LinuxSecurity.com: Multiple vulnerabilities has been found and corrected in apache: mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute [More...]
 
LinuxSecurity.com: Several security issues were fixed in the kernel.
 
LinuxSecurity.com: Several security issues were fixed in the kernel.
 
LinuxSecurity.com: Several security issues were fixed in the kernel.
 
LinuxSecurity.com: Several security issues were fixed in the kernel.
 
LinuxSecurity.com: Several security issues were fixed in the kernel.
 
LinuxSecurity.com: Several security issues were fixed in the kernel.
 
LinuxSecurity.com: Several security issues were fixed in the kernel.
 
LinuxSecurity.com: Several security issues were fixed in the kernel.
 
LinuxSecurity.com: Keystone did not always properly verify expired PKI tokens or properlyauthenticate users.
 
LinuxSecurity.com: DBus could be made to crash if it received specially crafted input.
 
When we tested next-generation firewalls last May, at least one important security vendor wasn't there: Cisco, because they weren't ready to be tested. Now that the ASA CX next-generation firewall has had a year to mature, we put the product through its paces, using the same methodology as our last NGFW test.
 
Media reports have suggested that Microsoft has been supplying the US government with Windows security vulnerabilities for uses related to the PRISM programme. Microsoft has now released a statement denying all such allegations
    


 
RETIRED: Microsoft June 2013 Advance Notification Multiple Vulnerabilities
 
Module::Signature CVE-2013-2145 Local Arbitrary Code Execution Vulnerability
 

Information security executives need to be strategic thinkers
Help Net Security
In this interview he talks about the challenges in working in a dynamic threat landscape, offers tips for aspiring infosec leaders, discusses BYOD, and much more. How have your previous positions prepared you for the challenges you face as the Director ...

 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Raytheon CIO Rebecca Rhoads was tapped earlier this year to lead the defense contractor's newly formed Global Business Services unit, whose goal is to improve operations and services by optimizing resources.
 
Talented IT staffers are being wooed constantly by recruiters. Is your organization prepared to snag the best candidates? Here are four tips from TEKsystems' Rachel Russell, an IT hiring expert.
 
The most elegant thing you can do to motivate geeks is to define a problem that your team will want to solve.
 
As one of the computer scientists who created the Internet's TCP/IP protocol, Vinton Cerf is concerned that much of the data created since then, and for years to come, will be lost.
 
Nearly three-dozen computer scientists have signed off on a court brief opposing Oracle's effort to copyright its Java APIs, a move they say would hold back the computer industry and deny affordable technology to end users.
 
Hackers have found a devious new way to disseminate malware: They're using peer-to-peer networks.
 
As the consumerization of IT and self-service trends gain momentum, IT's role is changing from technology implementer to technology enabler.
 
The star of Apple's Worldwide Developers Conference last week was clearly iOS 7, which gets a new look and a raft of new features. Columnist Michael deAgonia takes a look at what's coming this fall.
 
The threat of tornadoes in Oklahoma is real, but the data centers in that state are ready. Insider (registration required)
 
China has produced a supercomputer capable of 54.9 petaflops that will likely be recognized as the world's fastest system this week with the unveiling of a new Top500 list.
 

Posted by InfoSec News on Jun 17

http://arstechnica.com/security/2013/06/encrypted-e-mail-how-much-annoyance-will-you-tolerate-to-keep-the-nsa-away/

By Peter Bright and Dan Goodin
Ars Technica
June 14 2013

In an age of smartphones and social networking, e-mail may strike many as
quaint. But it remains the vehicle that millions of people use every day to
send racy love letters, confidential business plans, and other communications
both sender and receiver want to keep...
 

Posted by InfoSec News on Jun 17

http://www.theregister.co.uk/2013/06/17/philippine_anonymous_nabs_president_mobile/

By Phil Muncaster
The Register
17th June 2013

An Anonymous hacktivist has published what he claims to be three telephone
numbers belonging to the Philippine president Benigno Simeon Cojuangco Aquino
III, including his private mobile number, in a bid to urge voters to confront
their leader directly.

Going by the pseudonym “#pR.is0n3r”, the hacker posted...
 

Posted by InfoSec News on Jun 17

http://healthitsecurity.com/2013/06/14/data-breach-costs-decline-malicious-attacks-increase-in-us/

By Kyle Murphy, PhD
Health IT Security
June 14, 2013

The cost of data breaches is on the decline, but a new source of breaches is on
the rise, according to a recent survey by the Ponemon Institute. In the 2012
Cost of Data Breach Study, the organizational cost of dealing with data
breaches has gone down from $5.5 to $5.4 million with the cost...
 

Posted by InfoSec News on Jun 17

http://www.timesofisrael.com/start-ups-ride-a-cybersecurity-wave-into-israel/

By David Shamah
The Times of Israel
June 17, 2013

There are two big “waves” set to hit Israeli hi-tech in the coming year,
according to Gadi Tirosh, a general manager at venture capital fund Jerusalem
Venture Partners. One wave will consist of new companies working in the
cybersecurity space, as protecting government, enterprise, and consumers from
hacking,...
 

Posted by InfoSec News on Jun 17

http://www.stripes.com/news/army/army-major-guilty-in-data-leak-gets-10-year-sentence-1.226150

By Ken Kobayashi and William Cole
The Honolulu Star-Advertiser
June 15, 2013

An Army officer who worked for U.S. Pacific Command was found guilty Friday by
a military jury of illegally possessing and passing classified national defense
information, an Army official said.

The jury Friday night sentenced Maj. Seivirak Inson to 10 years in prison,...
 
Initially as a preview only, Microsoft is offering Azure customers the facility, after entering their username and password, to authenticate via a smartphone app or over the phone. This option does not, however, come cheap
    


 
Trimble Sketchup CVE-2013-3664 Multiple Buffer Overflow Vulnerabilities
 
Artweaver CVE-2013-3481 Stack Buffer Overflow Vulnerability
 
Apple received between 4,000 and 5,000 requests for customer data from U.S. law enforcement between Dec. 1 and May 31, the company said on Monday.
 
Monkey HTTP Daemon 'dirlisting' Plugin Cross Site Scripting Vulnerability
 
The supercomputing arms race is heating up again between the United States and China, as China retakes the top spot in the 41st Top500 listing of the world's most powerful supercomputers with Tianhe-2, an updated system that was able to execute 33.86 petaflops, or 33.86 thousand trillion floating point operations per second.
 
Fail2ban Multiple Denial of Service Vulnerabilities
 

PBS NewsHour

Why Are Massive National Security Breaches So Ridiculously Easy?
The Nation.
Witness after witness from the subcontracted world of “information assurance” took the stand to declaim the military's ironclad information security (“InfoSec”) protocols and to also mumble about how these rules were never enforced. Installing the ...
The Gift of Bradley ManningMother Jones

all 17 news articles »
 
Internet Storm Center Infocon Status