InfoSec News

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
KGH, Kosova Hackers Group or Kosova Hackers Security who recently defaced a bunch of websites including a Ukraine police website has claimed to leaked 7000 Israeli credit card details.

http://uabonline.org/ has been hit by hackers who have targeted it as a part of the on going cyber war that has been targeting Arabs. UabOnline is Union of Arab Banks and the account leaks consist of usernames and clear text passwords.

Lawmakers opposing the controversial Stop Online Piracy Act have introduced alternative legislation in the U.S. House of Representatives.
Yet again Hannibal has dumped another load of accounts online today, claiming they are from Arabs which could be true, but most accounts have been reset or are in the process of being.

Google has built the WebRTC technology into a test version of Chrome to let the browser run voice and video chat applications within the browser interface.
Companies are on the path to cloud adoption. According to a recent report, 28% of U.S. organizations are using cloud computing today, with 73% reporting their first step was implementation of a single cloud application. Yet while 84% of organizations say they have employed at least one cloud application, most do not yet self-identify as "cloud users" who are "implementing or maintaining cloud computing."
Microsoft and Alcatel-Lucent have settled a patent dispute, following a jury verdict last year that would have had Microsoft pay US$70 million for infringement.
Red Hat has released the third version of its Red Hat Enterprise Virtualization RHEV virtualization software package, which includes improvements that would make it suitable for larger deployments, and a new console for self-provisioning.
A new form of nonvolatile MRAM memory with the promise to eventually replace DRAM is slowly making its way into products, but analysts said it could be a long time before DRAM technology is cast aside.
Yahoo co-founder Jerry Yang's departure this week from the company should put in in a better position to take drastic action to fix its long-running woes.
Opponents of the Stop Online Piracy Act and the Protect IP Act cheered Wednesday's Web blackout as a turning point in the debate over the two controversial copyright protection bills.
Online database repository provider RainStor unveiled what it is calling the industry's first enterprise-class database that runs natively on Hadoop.
Apple's iPhone made major inroads among recent buyers in its battle against smartphones running Google's Android, but still lagged behind its OS rival, pollster Nielsen said today.
Xpra memory disclosure
Drupal CKEditor 3.0 - 3.6.2 - Persistent EventHandler XSS
Cisco Security Advisory: Cisco IP Video Phone E20 Default Root Account
The pace of cloud computing will only accelerate in 2012. The increasing development of information technology, and the intense focus on cost reduction, are highlighting the benefits of moving IT administration off-site. And one cloud computing expert wants CFOs to be aware of the short-term challenges and long-term benefits to organizations.
Worldwide revenue from cloud services is expected to reach $55.5 billion in 2014, according to IDC. With a compound annual growth rate of 27.4%, the cloud is set for quite a trajectory.
LightSquared's proposed mobile data network was set up to fail in tests of interference with GPS that were conducted last November under government auspices, the would-be cellular carrier charged on Wednesday.
Oracle Outside In CVE-2012-0110 Remote Code Execution Vulnerability
Microsoft today said it opposes a controversial anti-piracy bill in the U.S., but did not join the widespread "Internet strike" that sites like Google and Wikipedia were conducting.
Beleaguered supporters of two online antipiracy bills today downplayed widespread protests against the legislation and insisted the opposition is misguided and misinformed.
As thousands of websites and blogs went dark Wednesday to voice their opposition to the Stop Online Piracy Act and the Protect IP Act, some U.S. lawmakers have had a change of heart about the controversial copyright enforcement bills.
IBM WebSphere Application Server JAX-WS Unspecified Vulnerability
Alcatel-Lucent is now offering a router with technology from Arbor Networks that defends against distributed denial-of-service attacks, the two companies said on Wednesday.
ARM hopes for a serious impact on the server market starting in 2014 when its 64-bit processor design reaches the market, CEO Warren East said.
A security company's advice on how to circumvent today's anti-SOPA Wikipedia blackout has roiled some users.
Verizon Wireless on Thursday will add five more cities to its rapidly expanding 4G LTE network, including Brownsville and McAllen, Texas.
Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
RETIRED: Oracle January 2012 Critical Patch Update Multiple Vulnerabilities
Amazon Web Services on Wednesday launched a managed NoSQL database service that lets users easily launch a database and scale it up or down as needed.
Motorola Mobility has confirmed the Android Ice Cream Sandwich upgrade to the Xoom Wi-Fi tablet will arrive over-the-air via Wi-Fi to U.S.-based owners on Wednesday.
Schneider Electric Quantum Ethernet Module Hardcoded Credentials Authentication Bypass Vulnerability
Cisco Digital Media Manager (CVE-2012-0329) Remote Privilege Escalation Vulnerability
The 404Project is a simple snippet of code you add to your 404 error page that submits information back to ISC for reporting. The main purpose of this project is to trend the web pages crawlers and automated bots are trying to access. A public report page will be available when enough data had been collected. isc.sans.edu/tools/404project.html


The 404Project submits URI, IP and USER AGENT. Additionally, date, time and your credentials are stored along with the data. Your personal information is protected https://isc.sans.edu/privacy.html#4 and your specific user information is not shared with third parties. https://isc.sans.edu/privacy.html#1


- You must have an ISC Portal ID and Identification Key to use this tool. https://isc.sans.edu/login.html

- Once logged in and submitting data, you can view your 404 summary information. https://isc.sans.edu/my404.html

- Get started! https://isc.sans.edu/tools/404project.html#instructions

Our skilled users have ported the 404Project to many languages! At the time of this writing, in addition to the original PHP, there is also Perl, Python, .NET and even Javascript! https://isc.sans.edu/tools/404project.html#alternatives

You can leave comments in the section below or send any questions or comments in the contact form https://isc.sans.edu/contact.html


Adam Swanger, Web Developer (GWEB)

Internet Storm Center (http://isc.sans.edu)
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Internet censorship or protecting creative work from theft? The controversy over SOPA and PIPA legislation.
CA Technologies has updated its CA Clarity Project Portfolio Management software with a new user interface, one that the company hopes will appeal to a broader set of business users.
[ MDVSA-2012:009 ] perl
[ MDVSA-2012:008 ] perl
XSS in OneOrZero AIMS
Cisco Security Advisory: Cisco Digital Media Manager Privilege Escalation Vulnerability
Two activist groups, one liberal and one conservative, have joined together in a campaign to defeat U.S. lawmakers supporting two controversial copyright enforcement bills, the Stop Online Piracy Act and the Protect IP Act.
Vulnerability research firm Secunia announced that, effective from the beginning of the year, software vendors will have a six-month deadline to fix vulnerabilities reported through its Vulnerability Coordination Reward Programme.
The two database patches represented a record low for repairs to Oracle?s database management system since the CPU program began in 2005.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
A hearing to amend and debate the controversial Stop Online Piracy Act should resume in February, its chief sponsor said, even in the face of new opposition to the copyright enforcement bill.
As the days go on more and more teams and hackers and joining forces on both sides to continue this cyber war. Today we see another group coming out and joining sides with Hannibal and dumping a huge load of Arabian Credit Card Details.

Hewlett-Packard has added chief strategy officer to former Microsoft veteran Bill Veghte's titles, the company announced.
Linux Kernel iocbs Local Denial of Service Vulnerability
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Mozilla, the open-source organization responsible for Firefox, joined other major technology companies today to protest anti-piracy legislation by blackening the browser's home page.
Amazon, Cloudera, Hortonworks, IBM, and MapR mix simpler setup of Hadoop clusters with proprietary twists and trade-offs
Business intelligence vendor Tableau Software on Wednesday announced the availability of Tableau 7.0, a release that boosts speed and scale as well as providing what the company calls "human-oriented" design and accessibility.
Analytics and business intelligence will be the top technology priorities for CIOs this year, according to Gartner Inc.'s annual survey of IT executives.
Now this is a bit confusing to say the least, as to why Indian websites have been attacked in the operation, but none the less it shows lack of security across more websites once again.

DevilzSec has been busy mass defacing a heap of websites in the name of the Operation OpFreePalestine, it was only 2days ago they had defaced over 300 websites and now a further 360.

Phishing has become one of the more common ways of obtaining data in modern days and as a result we are starting to see lots more being dumped into the public domain.

In testing cloud computing services and observing the growth of cloud activities, we've noticed that there are distinct phases that organizations go through in adopting cloud.
Wikipedia and other Internet companies blacked out their websites in one way or another early today in protest of controversial anti-piracy legislation in Congress.
HP Easy Printer Care Software 'XMLCacheMgr' ActiveX Control Remote Code Execution Vulnerability
Internet Storm Center Infocon Status