Cisco Unified Computing System Baseboard Management Controller Local Command Injection Vulnerability
Oracle Java SE CVE-2013-5801 Remote Security Vulnerability
Oracle Java SE CVE-2013-5848 Remote Security Vulnerability
Oracle Java SE CVE-2013-5800 Remote Security Vulnerability
Oracle Java SE CVE-2013-5797 Remote Security Vulnerability
Two of the longest-running go-to narratives in the Android market -- that HTC is a shambles and Amazon wants to release a phone -- have been bolted together like an airplane's wing section, thanks to a report from the Financial Times that threw Android watchers into paroxysms of raising their eyebrows when it came out this week.
Oracle Java SE CVE-2013-5820 Remote Security Vulnerability
Oracle Java SE CVE-2013-5812 Remote Security Vulnerability
Oracle Java SE CVE-2013-5829 Remote Security Vulnerability
Oracle Java SE CVE-2013-5824 Remote Security Vulnerability
Oracle Java SE CVE-2013-5838 Remote Security Vulnerability
Oracle Java SE CVE-2013-5831 Remote Security Vulnerability
Oracle Java SE CVE-2013-5810 Remote Security Vulnerability
Reduced reliance on the PC market helped Advanced Micro Devices turn a profit in the third quarter, with the company looking for faster growth in the coming quarters.
Oracle Java SE CVE-2013-5842 Remote Security Vulnerability
Oracle Java SE CVE-2013-5832 Remote Security Vulnerability
Oracle Java SE CVE-2013-5784 Remote Security Vulnerability
Oracle Java SE CVE-2013-5790 Remote Security Vulnerability
Reduced reliance on the PC market helped Advanced Micro Devices turn a profit in the third quarter, with the company looking for faster growth in the coming quarters.
AT&T plans to offer tablet users a $5 day pass for mobile data service, as well as a $25 prepaid plan for 1GB over three months, in a bid to reach more types of consumers.
One of the largest users of H-1B visas, Infosys, is facing a federal class action discrimination lawsuit filed against it by four people, and may be close to reaching a potential multimillion dollar settlement with the U.S. government over allegations it misused visitor visas.
Google's quarterly sales increased again, although the company reported mixed results within its advertising business and a decrease in its Motorola mobile sales.

Contrary to public claims, Apple employees can read communications sent with its iMessage service, according to researchers who have reverse engineered it.

The finding, delivered Thursday at a Hack in the Box presentation titled How Apple Can Read Your iMessages and How You Can Prevent It, largely echoes the conclusion Ars reached in June. It contrasts sharply with assurances that Apple gave following revelations of an expansive surveillance program by the National Security Agency. iMessage conversations, Apple said at the time, "are protected by end-to-end encryption so no one but the sender and receiver can see or read them." It added: "Apple cannot decrypt that data."

Researchers from QuarksLab who delivered Thursday's talk, begged to differ.

Read 6 remaining paragraphs | Comments


Oracle Java SE CVE-2013-5804 Remote Security Vulnerability
Oracle Java SE CVE-2013-5817 Remote Security Vulnerability
Oracle Java SE CVE-2013-5814 Remote Security Vulnerability
[ANN] Struts GA release available - security fix
Controversial crypto technology known as Dual EC DRBG, thought to be a backdoor for the National Security Agency, crypto tec. But Cisco says they cannot be used because it chose other crypto as an operational default which cant be changed.
BitTorrent search engine isoHunt.com will shut down operations next week in a settlement with U.S. movie studios that have long accused the website of copyright infringement, the studios said Thursday.
Twitter reportedly is getting ready to begin its IPO roadshow on Oct. 28 and then begin trading on Nov. 15.
Verizon Communications' profit and sales rose in the third quarter of 2013, with the growth driven by higher mobile and broadband numbers.
Heeding the call from enterprise customers who clamor for more immediacy in their data-driven reports, Oracle has updated its data-integration software portfolio so that it can more rapidly deliver data to data warehouses and analysis applications.
For consumers looking forward to 5G mobile technology for super-high speed, network giant Ericsson says there will be more to it than that -- and less.
Twitter's direct messaging feature appears to be experiencing technical difficulties by not allowing certain messages to be sent if they contain links.
Companies are using the iOS platform more than 95% of the time to launch their custom and standard commercial apps, a new survey of Good Technology's 5,000 global customers found.
Your shirt could soon power a smartphone while monitoring your blood pressure and providing alerts about harmful bacteria nearby.
The list of reported parties interested in buying BlackBerry is growing, and now includes Lenovo Group, according to unnamed sources speaking to the Wall Street Journal.
Microsoft said it would start selling gift cards good for purchases on its digital content market, taking a page out of Apple's iTunes playbook.
Pandora BraceletThe elegant Pandora bracelet has been gaining popularity since its creation in 1999. The Pandora company is located in Copenhagen, Denmark; however, its jewelry is now sold in 18 countries, including the United States. One of the hallmarks of the Pandora bracelet is its secret clasp, which can be tricky to open. The clasp is designed to enhance the beauty of the bracelet while ensuring it stays securely on your wrist. Beats By Dr Dre

Re: Apple fast falling behind in China

by louis vuitton outlet store

Comfort Items for the First Day of SchoolWhether it is the first day of pre-school, kindergarten, or the first day at a new school, children will feel more secure with a comfort item from home. louis vuitton outlet store http://www.unitedtelacare.com/
Multiple Vendors 'alpha_auth_check()' Function Remote Authentication Bypass Vulnerability
Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Software
[ISecAuditors Security Advisories] CSRF vulnerability in LinkedIn
The latest code release of OpenStack's cloud computing platform named Havana is packed with features that organizers say appeal directly to enterprise audiences.
VMware hopes that improved graphics capabilities and the ability to circumvent Microsoft's licensing terms can persuade enterprises to make the leap to virtual desktops.

Malware that takes computers hostage until users pay a ransom is getting meaner, and thanks to the growing prevalence of Bitcoin and other digital payment systems, it's easier than ever for online crooks to capitalize on these "ransomware" schemes. If this wasn't already abundantly clear, consider the experience of Nic, an Ars reader who fixes PCs for a living and recently helped a client repair the damage inflicted by a particularly nasty title known as CryptoLocker.

It started when an end user in the client's accounting department received an e-mail purporting to come from Intuit. Yes, the attached archived zip file with an executable inside should have been a dead giveaway that this message was malicious and was in no way affiliated with Intuit. But accounting employees are used to receiving e-mails from financial companies. When the receiver clicked on it, he saw a white box flash briefly on his screen but didn't notice anything else out of the ordinary. He then locked his computer and attended several meetings.

Within a few hours, the company's IT department received word of a corrupt file stored on a network drive that was available to multiple employees, including the one who received the malicious e-mail. A quick investigation soon uncovered other corrupted files, most or all of which had been accessed by the accounting employee. By the time CryptoLocker had run its course, hundreds of gigabytes worth of company data was no longer available.

Read 10 remaining paragraphs | Comments


LinuxSecurity.com: Multiple vulnerabilities has been discovered and corrected in mysql: Unspecified vulnerability in MySQL 5.5.x before 5.5.23 has unknown impact and attack vectors related to a Security Fix, aka Bug #59533. NOTE: this might be a duplicate of CVE-2012-1689, but as of [More...]
LinuxSecurity.com: An insecure temporary file usage has been reported in the Perl Parallel-ForkManager module, possibly allowing symlink attacks.
LinuxSecurity.com: Multiple vulnerabilities have been found in PolarSSL, the worst of which might allow a remote attacker to cause a Denial of Service condition.
LinuxSecurity.com: Updated kernel packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate [More...]
Microsoft early today began feeding Windows 8.1 to customers already running Windows 8, making good on a bold promise to speed up the development and release of its flagship client operating system.
Oracle has acquired Compendium in an effort to offer a more complete platform for online marketing.
Choose a clasp that pickpockets cannot easily open.The best way to secure a bracelet around your wrist or a necklace around your neck is by attaching a clasp to its chain. If you have steady hands, this will definitely be an easy job for you. At your first try, it may take you a few minutes to finish the attachment. However, after making a few bracelets or necklaces, you will slowly pick up the speed and realize just how it can easily be done. You only need a handful of items to do this procedure. pandora charms http://www.bootcampventura.com/
PayPal Inc Bug Bounty #61 - Persistent Mail Encoding Vulnerability
Verizon Communications' profit and sales rose in the third quarter of 2013, driven by higher mobile and broadband numbers.
Interested parties, including Apple, may comment on a proposal from Samsung to refrain from seeking injunctions for five years against any company that agrees to a licensing framework regarding mobile standard essential patents in Europe.
Bluetooth U v1.2.0 iOS - Directory Traversal Vulnerability
Zikula CMS v1.3.5 - Multiple Web Vulnerabilities
Hackers managed to steal a database containing customer credentials and contact information from PR Newswire, a major press release distribution service that's used by tens of thousands of companies and public relations agencies.
Print this articleJewelry clasps fasten necklaces and bracelets so that they remain in place on the wearer. There are a few different types of clasps, some of which work better at securing jewelry than others. Jewelry makers choose clasps not only based on their function, but also on how they work visually with their jewelry pieces. Some clasps are easier to open and close than others, but those that are easy to handle may not be as secure, making it easy for your necklace or bracelet to slip off. pandora charms http://www.crystalvalleylouisvillehomes.com/
Oracle Web Services CVE-2013-3828 Remote Security Vulnerability
The shift toward network automation and virtualization offered by Software Defined Networks will increase demand for DevOps professionals. If you have both technical expertise and business acumen, you may soon have new IT career options.
Salt brings simplicity, flexibility, and high scalability to Linux and Unix server infrastructure management -- it does Windows too

Re: Apple fast falling behind in China

by louis vuitton outlet online

Tie pandora leather necklaces creatively.Pandora necklaces feature leather cords in a variety of colors strung with a wide array of metal barrel beads. These barrel beads are studded with colorful rhinestones and come in gold and silver metallic bases. Women like these necklaces because they are versatile; you can turn a long necklace into a choker just by folding the leather cord in half and looping the double cord around your neck. The longer necklace style requires a simple bow or double knot behind the neck while the folded choker is a little more difficult to secure. louis vuitton outlet online
Cisco Identity Services Engine CVE-2013-5538 Arbitrary File Access Vulnerability
pwgen CVE-2013-4440 Insecure Password Generation Weakness
Cisco Identity Services Engine CVE-2013-5539 Arbitrary File Upload Vulnerability
Security Advisory for Bugzilla 4.4.1, 4.2.7 and 4.0.11
Acer's much anticipated Iconia W4 tablet with Windows 8.1 will be available this month starting at $329.99 with 32GB of storage.
Windows 8.1 is finally here and with it comes Microsoft's hopes of a second act for its flagship operating system.
Oracle MySQL Server CVE-2013-3839 Remote Security Vulnerability
Oracle MySQL Server CVE-2012-2750 Remote Security Vulnerability
Parallel::ForkManager Insecure Temporary File Creation Vulnerability
Tibco will release several add-ons next month for its Tibbr enterprise social networking suite, aimed at boosting its file, task and content creation capabilities.
Facebook was already implementing stronger security controls when the U.S. National Security Agency's expansive surveillance program was revealed in June, its chief security officer said Thursday.
A close look at Apple's iMessage system shows the company could easily intercept communications on the service despite its assurances to the contrary, researchers claimed Thursday at a security conference.
Marketers are always looking for a way to stand out, especially when it comes to email, and Chicago-based Pointdrive thinks it has the answer.
Facebook announced Wednesday that it is loosening privacy rules for its teen users.
[ MDVSA-2013:250 ] mysql
SaltStack Salt Security Bypass Vulnerability
Taiwan Semiconductor Manufacturing Co. saw net profit for the third quarter rise 5% year on year as revenue hit a record, but the chipmaker warned that this could slip later in the year due to a slowdown in demand for high-end smartphones.
The National Security Agency's new data center in Utah was built for a 65 megawatt load, making it one of the world's largest. But the $1.53 billion complex has had a rough start.

Posted by InfoSec News on Oct 17

Forwarded from: security curmudgeon <jericho (at) attrition.org>

"Us"? Or just Mandiant for very obvious reasons...

: By John Reed
: Foreign Policy
: October 14, 2013
: Kevin Mandia, CEO of the cybersecurity company Mandiant, takes a lot of limo
: rides. Normally, his limo company emails him PDF...

Posted by InfoSec News on Oct 17


By Kim Zetter
Threat Level

A pair of researchers have uncovered more than two dozen vulnerabilities
in products used in critical infrastructure systems that would allow
attackers to crash or hijack the servers controlling electric substations
and water systems.

The vulnerabilities include some that would allow an attacker to crash or
send a master server into an infinite...

Posted by InfoSec News on Oct 17


By John E Dunn
16 October 2013

Drug smugglers planted an extraordinary array of ingeniously-disguised
remote access devices as part of a major hacking attack on the Belgian
port of Antwerp’s logistics systems, Europol has revealed.

Announced by police in May this year, it is only now that the remarkable...

Posted by InfoSec News on Oct 17


Yonhap News Agency

The total damage from North Korea's cyber attacks on South Korea's
computer systems is estimated at more than 860 billion won (US$805
million) between 2009 and 2013, a lawmaker said Tuesday, citing government

According to the data submitted by the defense ministry's cyber warfare
headquarters, the...

Posted by InfoSec News on Oct 17


By Peter Suciu
October 16, 2013

The Showtime series Dexter wrapped up its run last month, but the serial
killer lives on – and not in ways that the show runners or the network
would likely have had in mind. South African banks have been hit by
malware known as “Dexter” that could be one of the biggest cyber-fraud

Posted by InfoSec News on Oct 17


By Brian Krebs
Krebs On Security
October 16. 2013

Earlier this year, hackers broke into the networks of marketing and press
release distribution service PR Newswire, making off with usernames and
encrypted passwords that customers use to access the company’s service and
upload news releases, KrebsOnSecurity has learned.

The stolen data was found on the same...
JBoss Enterprise Application Platform CVE-2013-1921 Local Information Disclosure Vulnerability
JBoss Enterprise Application Platform CVE-2012-4572 Authorization Security Bypass Vulnerability
Internet Storm Center Infocon Status