(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Boost UTF-8 'utf_traits::decode()' Function Input Validation Vulnerability
Oracle Sun Products Suite CVE-2013-0400 Local Solaris Vulnerability
Microsoft Windows CSRSS CVE-2013-0076 Local Privilege Escalation Vulnerability
Microsoft DirectShow CVE-2013-0077 Remote Code Execution Vulnerability
Reflective/Stored XSS in Responsive Logo Slideshow Plugin Cross-Site Scripting Vulnerability
Reflective XSS in Marekkis Watermark-Plugin Cross-Site Scripting Vulnerability
[SECURITY] [DSA 2628-1] nss-pam-ldapd security update
Re: Aastra IP Telephone encrypted .tuz configuration file leakage
When economists, data scientists and medical professionals team up, the result is often remarkable innovation. These six examples from the Massachusetts Institute of Technology's Future of Health and Wellness Conference could change the way patients interact with hospitals, physicians and each other.
Oracle Java SE CVE-2012-3213 Remote Code Execution Vulnerability
Linux Kernel CVE-2013-0228 Local Privilege Escalation Vulnerability
Re: Scanning the IPv6 Internet with the scan6 tool (SI6 IPv6 toolkit)
Microsoft has quietly raised prices of Office for the Mac as much as 17% and stopped selling multi-license packages of the application suite.
Oracle Java SE CVE-2013-0446 Remote Java Runtime Environment Vulnerability
Sniffing HDCP crypto keys with a $30 Bus Pirate and a broken HDMI cable
[SECURITY] [DSA 2627-1] nginx security update
[SECURITY] [DSA 2626-1] lighttpd security update
On Monday The Pirate Bay, the world's largest file sharing site, reported an anti-piracy organization to Finnish police for allegedly breaching its copyright.
Mega will accept the virtual currency bitcoin for subscriptions for more storage space on the file-sharing service, cofounder Kim Dotcom announced on Twitter.
ZyXEL Communications will use software from Alcatel-Lucent to integrate mobile networking into its home networking equipment.
Oracle Java SE CVE-2013-0425 Remote Java Runtime Environment Vulnerability
Oracle Java SE CVE-2013-0424 Remote Java Runtime Environment Vulnerability
Scanning the IPv6 Internet with the scan6 tool (SI6 IPv6 toolkit)
[SECURITY] [DSA 2624-1] ffmpeg security update
SI6 Networks IPv6 Toolkit v1.3 released!
CORE-2012-1128 - SAP Netweaver Message Server Multiple Vulnerabilities


Sex Won't Sell at InfoSec, Organizers Vow
A week after CES officials revised 2014 guidelines to discourage the use of so-called “booth babes,” organizers of this year's InfoSec event in London issued an outright ban on “inappropriate, revealing and offensive” attire at the show, CRN UK has ...

European privacy authorities have threatened action before the Summer to curb Google's collection, combination and storage of its users' personal information, after growing impatient with the company's failure to respond to their criticisms of its revised privacy policy.
HTC and Nokia are separately expected to announce super-high-quality cameras in new smartphones being unveiled over the next week or so.
Disabling verification in the Shim bootloader allows Fedora 18 users to avoid all the operational restrictions that Secure Boot would otherwise entail

Microsoft Windows Kernel CVE-2013-1278 Local Privilege Escalation Vulnerability
Microsoft Windows Kernel CVE-2013-1279 Local Privilege Escalation Vulnerability
Microsoft Windows Kernel CVE-2013-1280 Local Privilege Escalation Vulnerability
Microsoft Windows NFS Server NULL Pointer Dereference Remote Denial of Service Vulnerability
Microsoft Windows TCP/IP TCP FIN WAIT CVE-2013-0075 Remote Denial of Service Vulnerability
Oracle Sun Products Suite CVE-2013-0415 Local Solaris Vulnerability

WidePoint Corporation to Present at AGC Partners' 9th Annual InfoSec and ...
MarketWatch (press release)
MCLEAN, Va., Feb. 11, 2013 /PRNewswire via COMTEX/ -- WidePoint Corporation (nyse mkt:WYY), a leading provider of cloud-based, telecommunications life-cycle and trusted cybersecurity management Enterprise-wide solutions, announced today that Jim ...

and more »
BlackBerry's Enterprise Server can be penetrated using a malicious TIFF file sent by email or messaging to a user of a particular server. Administrators can install BES 5.0.4 MR2 or interim security updates to protect themselves from the critical flaws

Oracle Solaris CVE-2013-0407 Local Vulnerability
HTC and Nokia are separately expected to announce super-high-quality cameras in new smartphones expected to be unveiled the next week.
Transcend's ESD200 external SSD is fast and very portable. Unfortunately, the backup software doesn't impress.
German security expert Michael Messner has identified more security holes in Wi-Fi access points and routers, as well as NAS devices. So far, the affected device manufacturers have shown little or no interest in fixing the flaws

Lockheed Martin almost missed detecting attackers who had acquired the SecurID credentials of a company partner, but once they did spot them, a Kill Chain framework ensured they did not leave the system with any data

pyrad Password Hash Information Disclosure Vulnerability and Packet Spoofing Vulnerability
pigz Insecure File Permissions Local Information Disclosure Vulnerability
Facebook engineers had their laptops compromised with a Java zero-day based attack in January. One of the results of this attack being detected seems to have been the early release of Oracle's Java patches

FFmpeg Multiple Remote Vulnerabilities
Wireshark CLNP Dissector Denial of Service Vulnerability
Wireshark DCP-ETSI Dissector Denial of Service Vulnerability

Posted by InfoSec News on Feb 17


By Dune Lawrence and Michael Riley
Bloomberg Businessweek
February 14, 2013

Joe Stewart’s day starts at 6:30 a.m. in Myrtle Beach, S.C., with a peanut
butter sandwich, a sugar-free Red Bull, and 50,000 or so pieces of malware
waiting in his e-mail in-box. Stewart, 42, is the director of malware research
at Dell SecureWorks, a unit of Dell (DELL), and he...

Posted by InfoSec News on Feb 17


By David Ruddock
Android Police
Feb 14, 2013

Put this one in the "weird but true" pile - researchers at Erlangen University
in Germany have managed to dump the contents of a Galaxy Nexus's RAM... which
doesn't sound exciting. Except for the fact that the phone had a PIN-protected

Posted by InfoSec News on Feb 17


By Chris Schneidmiller
Global Security Newswire
February 15, 2013

A leading U.S. nuclear arms site has taken significant steps in recent years to
defend against strikes on its computer systems, but key weaknesses remain to be
fixed, the Energy Department’s inspector general said this week.

The Los Alamos National Laboratory in New...

Posted by InfoSec News on Feb 17


By Manu Kaushik and Pierre Mario Fitter
Business Today
Feb 17, 2013

In early July last year, a staffer at the secretive National Technical Research
Organisation (NTRO) noticed odd "signals" on his monitoring system. Using
complex algorithms that NTRO had been developing since 2010, he categorised
these signals as a precursor to a major cyber attack....

Posted by InfoSec News on Feb 17


By Zachary Fryer-Biggs
Staff writer
Marine Corps Times
Feb 16, 2013

WASHINGTON -- The Defense Department wants to hire thousands of new cyber
experts to create a large force of skilled cyber warriors. But first, it has to
address concerns about the experts the agency already has.

Many of those tasked with protecting networks - key cogs in the U.S. national
Internet Storm Center Infocon Status