InfoSec News

Motorola Mobility said Thursday that its shareholders voted overwhelmingly in favor of the proposed acquisition of the company by Google.
Mozilla Firefox/Thunderbird CVE-2011-3653 Information Disclosure Vulnerability
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Alcatel-Lucent is developing a cloud computing platform for carriers that aims to take full advantage of their networks to deliver guaranteed performance.
Mozilla Firefox and Thunderbird 'NoWaiverWrapper' Privilege Escalation Vulnerability
Mozilla Firefox and Thunderbird CVE-2011-3650 Remote Memory Corruption Vulnerability
Wi-Fi infrastructure vendor Aruba Networks will buy Avenda Systems to expand its network security offerings and help enable BYOD (bring-your-own-device) strategies in enterprises.
Google, Verizon, Intel, McAfee, Microsoft and Savvis are joining a voluntary program set up by the Cloud Security Alliance that provides public information about whether contributors comply with CSA-recommended cloud-security practices.
The Centers for Medicare & Medicaid Services is delaying by 90 days the enforcement deadline by which healthcare providers must roll out a new version of the standard governing how medical transactions are processed.
Herberlin BremsServer Directory Traversal Vulnerability
Multiple vulnerabilities in webERP
Cross-Site Scripting Vuln in Zoho ManageEngine ADSelfServicePlus
In an attempt to help developers create more modular enterprise Java programs, the Apache Software Foundation has reconfigured its Geronimo application server to a set of standards established by the OSGi (Open Services Gateway initiative) Alliance.
An industry analyst firm has lowered its forecast for the worldwide semiconductor market for this year because of declining revenue in the fourth quarter.
PayPal has launched a Facebook application designed to let users of the social networking site send money to each other.
[DSECRG-11-041] SAP NetWeaver - Authentication bypass (Verb Tampering)
[DSECRG-11-040] SAP NetWeaver SPML - XML CSRF user creation
[DSECRG-11-039] SAP NetWeaver TH_GREP module - Code injection vulnerability (NEW)
[DSECRG-11-038] SAP RSTXSCRP report - smb relay vulnerability
An industry analyst firm has lowered its forecast for the worldwide semiconductor market for this year because of declining revenue in the fourth quarter.
The next wave of mobile adoption is well under way as healthcare providers increasingly turn to tablets, smartphones and apps to bolster patient care, according to a new survey of physicians in the U.S.
A temporary patch has been released for BIND 9 DNS servers, mitigating a zero-day vulnerability causing server crashes. It's unclear if exploits are in the wild.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
Updated CSA guidance offers practical tips and advice on cloud-based security

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
[DSECRG-11-030] SAP NetWeaver JavaMailExamples - XSS
A small group of website and mobile app developers have kicked off an "Occupy Flash" campaign to put a stake in the heart of Adobe's popular browser plug-in.
30 Days With the Cloud: Day 7
OpDemand on Thursday opened its service that automates deployment of cloud infrastructure to all users. The service is free to use initially.
[DSECRG-11-032] SAP NetWeaver ipcpricing - information disclose
Tiki Wiki CMS Groupware Multiple XSS vulnerabilities
Secunia Research: DVR Remote ActiveX Control DVRobot Library Loading Vulnerability
[ MDVSA-2011:176 ] bind

Vulnerability management company Rapid7, commercial home of the Metasploit Project, announced today it has secured $50 million in venture funding from Technology Crossover Ventures of Palo Alto, Calif. The company said it will use the money for new hires, international expansion and to explore acquisitions. Bigger picture, Rapid7 could also position itself for an initial public offering, something CEO Mike Tuchen would not address in an interview with SearchSecurity.com.

“This will help us accelerate our ability to drive product innovation, expand our operations internationally and also go shopping,” Tuchen said. “We plan to pursue strategic acquisitions that would line up with our business. We think we have a unique portfolio in the assessment business, which is a strategically important area for us as a vendor and an important problem for companies to solve.”

Rapid7’s flagship product is its Nexpose vulnerability management platform, which scans networks, applications and databases for vulnerabilities. Rapid7 also houses the Metasploit Project and the Metasploit Framework, a platform used by penetration testers and vulnerability assessment products to execute exploits against targets. Tuchen said Metasploit, backed by its large, active open source community, was an important piece of the puzzle for investors.

“$50 million validates what we’re doing as a company and the interest in security as a sector and Rapid 7 as a company,” Tuchen said, adding that up to a half-dozen VC firms were interested in investing in Rapid7, which help push the number to $50 million.

Tuchen said his top priority for the immediate future is hiring talent to stock a new innovation center at its Boston headquarters, grow engineering teams in California and Texas and staff new international offices in London and Hong Kong.

“It’s all about hiring, and getting the right team and leadership in place and building and scaling out our engineering teams and finding the right leader in EMEA,” Tuchen said. “I’ll be busy hiring, and in my spare time, doing a little shopping.”

Rapid7 said it has grown revenue more than 900 percent over the past four years, boasting 10 quarters of record revenue through Q3 of this year. The company said it has more than 1,700 customers worldwide and is a growing company in a market whose predicted revenue, according to IDC, is expected to top $5.2 billion by 2015.

Technology Crossover Ventures general partner Tim McAdam will become the newest member of Rapid7’s board of directors. TCV is a new investor in Rapid7; Bain Capital Ventures is Rapid7’s other VC investor.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
Tiki Wiki CMS Groupware Multiple Cross Site Scripting Vulnerabilities
OpenLDAP 'UTF8StringNormalize()' Remote Buffer Overflow Vulnerability
Google+ has been having a boost in traffic, recording its third-largest week of visits since the site launched in June, according to online traffic monitor Experian Hitwise.
Apple's iPhone has unseated the Research in Motion BlackBerry as the top smartphone used by mobile employees, according to an iPass survey of more than 2,300 workers.
The recent spam attack that planted pornographic images on Facebook was not the work of Anonymous, a security researcher said today.
[security bulletin] HPSBOV02470 SSRT080123 rev.2 - HP TCP/IP Services for OpenVMS Running SMTP Server, Remote Denial of Service (DoS)
wordpress Flexible Custom Post Type plugin Xss Vulnerabilities
FreeWebshop <= 2.2.9 R2 (ajax_save_name.php) Remote Code Execution Vulnerability
Parallels Desktop 7 is the latest release of Parallels' virtualization program, which allows users to run Windows, Linux, and now even OS X Lion directly within Mac OS X. Since Macworld last reviewed Parallels Desktop 5, the program has acquired an updated interface along with a slew of performance improvements and new features. Among the latter, there's a simplified window for configuring virtual machines, support for Lion's full screen mode, Launchpad integration, an in-app store for purchasing Windows and other programs, the ability to use iSight (and other) webcams within Windows clients, improved virtual printing, and more.
SAP could be entering significant new product categories soon, judging from remarks made by co-CEO Jim Hagemann Snabe on Thursday.
Although OpenFlow is stirring up all of the excitement around software defined networking (SDN), you can program a network with standard tools that have been around a while. Here are a few examples.
Ericuse165 has a friend with a PC that's making a grinding noise. Eric asked the Hard Drives, NAS Drives, Storage forum for advice.
The Amazon Web Services (AWS) management tool will from now on tell users about upcoming scheduled operational activities that will affect the availability of its cloud, the company said in blog post on Thursday.
APIs and messaging protocols, including some that are standards, can let users build software-defined networks today. The key issue, though, is that not everyone implements the same ones or implements them the same way. Will OpenFlow get us all on the same path to SDN nirvana?
Google is merging its Checkout and Wallet electronic payment services to consolidate them into a single product that works both on Web browsers and mobile devices.
When Apple announced iTunes Match in June as a part of a raft of announcements related to iCloud, I was a little skeptical. I had just been released from my annual $99 payment to Apple for MobileMe, thanks to iCloud--I wasn't excited about a new annual subscription taking its place.
Back in the old days of 2010, I used to walk into my home office in the morning, hit the power button on my production system, and then head back upstairs to have breakfast. By the time I returned to the office, my system had fully booted up and was ready to go.
Flash Professional users can use their existing skills to develop HTML5 animations
Samsung Electronics will launch a modified version of its Galaxy Tab 10.1 in Germany next week, after sales of the original were banned by a German court for being too similar to Apple's iPad 2.
Questions remain about whether or when enterprises will start widely deploying voice-recognition technology on mobile devices, partly because internally developed, specialized apps would have to be built to overcome issues like background noise that could corrupt its operation.
Google's new online music store offers integration with Google+ that could give it long-term staying power against rivals like iTunes and Spotify.

Posted by InfoSec News on Nov 17


The Chosunilbo
November 17, 2011

The National Intelligence Service has concluded that North Korea was
behind a hacking attack on the e-mail accounts of 27 alumni of Korea
University's Graduate School of Information Security.

"Analysis of the malware used to hack into the e-mail accounts confirmed
that it is identical to malicious codes spread by North...

Posted by InfoSec News on Nov 17


By Richard Chirgwin
The Register
16th November 2011

Updated - The Internet Systems Consortium is advising BIND users to
update immediately to protect against a bug that may already be under
attack to crash vulnerable servers.

The ISC says an unidentified network event caused BIND 9 resolvers to
cache an invalid record, and when subsequent queries requested the
invalid record,...

Posted by InfoSec News on Nov 17


By Mathew J. Schwartz
November 16, 2011

New information continues to emerge about the Duqu malware that was
designed to steal information relating to industrial control systems.

The latest analysis of the Duqu malware has found that one of the
components used in the attack was compiled in 2007. But Duqu was used in
a targeted attack as recently as April 2011,...

Posted by InfoSec News on Nov 17


By Ericka Chickowski
Contributing Editor
Dark Reading
Nov 16, 2011

A new report out from the Government Accountability Office (GAO) ripped
into the IRS once again for insufficient access controls, database
maintenance, and monitoring necessary to keep taxpayer information safe.
The report's...

Posted by InfoSec News on Nov 17


By Grant Gross
IDG News Service
November 16, 2011

The Stop Online Piracy Act, the subject of a hearing before the U.S.
House of Representatives Judiciary Committee Wednesday, has generated
heated debate since lawmakers introduced it on Oct. 26.

The bill, called SOPA, would allow the U.S. Department of Justice and
copyright holders to seek court orders...
Internet Storm Center Infocon Status