Hackin9
Microsoft closed its fiscal year with a less-than-stellar earnings report, missing Wall Street's revenue and profit expectations and taking a gigantic charge related to its Surface RT tablet sales.
 
HP System Management Homepage (SMH) CVE-2013-2364 Cross Site Scripting Vulnerability
 
McAfee Data Loss Prevention Multiple Information Disclosure Vulnerabilities
 
Microsoft closed its fiscal year with a less-than-stellar earnings report, missing Wall Street's revenue and profit expectations and taking a gigantic charge related to its Surface RT tablet sales.
 
Google's second-quarter revenue increased by 19% to about $14 billion, aided by consumers' shift to mobile devices, the company said Thursday.
 
Advanced Micro Devices hopes to turn around its financial struggles in the third quarter, saying it will record significant revenue growth and return to profit after reporting a loss and drop in revenue during the second quarter.
 
Hot on the heels of T-Mobile and AT&T, Verizon on Thursday announced Verizon Edge, a new plan that lets you switch your smartphone or tablet as quickly as every six months.
 
Microsoft today took an unexpected $900 million charge to account for what it called "inventory adjustments" for the Surface RT, the poor-selling tablet that debuted last year.
 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
HP StoreVirtual Products Using LeftHand OS CVE-2013-2352 Remote Unauthorized Access Vulnerability
 
Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
 
Security researchers from Polish vulnerability research firm Security Explorations claim to have identified a new vulnerability in Java 7 that could allow attackers to bypass the software's security sandbox and execute arbitrary code on the underlying system.
 
An online advertising group this week attacked Mozilla, the maker of Firefox, for being anti-business, hiding behind a veneer of populism and harboring "techno-libertarians."
 
A call by U.S. prosecutors for phone manufacturers to install a "kill switch" to discourage smartphone theft has taken a step forward, with Apple and Samsung providing handsets whose security features will be put to the test.
 
Database software vendor FoundationDB has acquired Akiban, another purveyor of database software, in a move to develop a hybrid data-store application capable of storing both SQL and non-SQL data.
 
Facebook is acquiring the assets of Monoidics, a U.K.-based software startup, including its bug-hunting technical team.
 
The second-generation 7-in. Nexus 7 tablet, which Google may unveil next week, includes two cameras and is expected to run Android 4.3 (Jelly Bean), according to leaked photos and video.
 
U.S. lawmakers plan to resurrect national data breach notification legislation that has failed to pass in past sessions of Congress, but some advocates don't agree on what should be included in a bill.
 
LinuxSecurity.com: It was discovered that PHP could perform an invalid free request when processing crafted XML documents, corrupting the heap and potentially leading to arbitrary code execution. Depending on the PHP application, this vulnerability could be exploited remotely. [More...]
 
LinuxSecurity.com: Updated ruby packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate [More...]
 
LinuxSecurity.com: USN-1904-1 introduced a regression in libxml2.
 
LinuxSecurity.com: New php packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix a security issue. [More Info...]
 
LinuxSecurity.com: Updated openstack-keystone packages that fix one security issue are now available for Red Hat OpenStack Folsom. The Red Hat Security Response Team has rated this update as having [More...]
 
LinuxSecurity.com: Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having moderate [More...]
 
LinuxSecurity.com: Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate [More...]
 
LinuxSecurity.com: Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having [More...]
 
LinuxSecurity.com: IcedTea Web updated to work with new OpenJDK 7.
 
LinuxSecurity.com: Several security issues were fixed in OpenJDK 7.
 
LinuxSecurity.com: File Roller could be made to create or overwrite files.
 
Asante Voyager I and II Network Cameras Hardcoded Credentials Security Bypass Vulnerability
 
[SECURITY] [DSA 2725-1] tomcat6 security update
 
[security bulletin] HPSBMU02900 rev.1 - HP System Management Homepage (SMH) running on Linux and Windows, Multiple Remote and Local Vulnerabilities
 
Symantec Workspace Virtualization 6.4.1895.0 Local Kernel Mode Privilege Escalation Exploit
 
[SE-2012-01] New Reflection API affected by a known 10+ years old attack
 

SCADA vendor faces public backlash over bug bounty program
CSO
With that said, when word of a new bounty program spreads, there's usually a good deal of attention paid to it in the InfoSec world, and a measure of positive reinforcement from the research community. That wasn't the case last week when SCADA vendor ...

 
The telescope doors are open on a NASA spacecraft that could give scientists clues to space weather that affects communication systems, electronics and power networks.
 
Even as the market for Surface RT and other Windows RT tablets grows more dire by the day, chip supplier Nvidia said it remains bullish to the platform and is committed for the long term.
 
Dell has delayed a shareholder vote of a proposed buyout deal in which founder Michael Dell and Silver Lake Partners would take the company private.
 
Two NASA spacecraft, one studying Saturn's system, the other observing Mercury, are maneuvering into place to take long-distance pictures of Earth on Friday and Saturday.
 
Cloud computing offers affordability and agility, but that doesn't mean it automatically enables business agility. To achieve that, you may need to rethink the way you design, deploy and manage the application development lifecycle.
 
Do Millennials trust Facebook more than their employer? Why are they bringing their parents to work? Silicon Valley tech companies are fighting to hire these Generation Y workers, so it's time to gain some insight into the Millennial workforce.
 
Verizon Communications has reported a revenue increase of 4.3% for the second quarter of 2013, compared to a year ago, with mobile and Fios broadband customers additions driving the growth.
 
Nokia sold 7.4 million Lumia smartphones in the second quarter, its best yet for sales of the Windows Phone devices, but still made a net loss.
 
Sony wants to simplify laptop backups.
 
Alkacon OpenCms Multiple Cross-Site Scripting Vulnerabilities
 
Microsoft Windows Media Runtime 'wmvdecod.dll' Remote Code Execution Vulnerability
 

CodenomiCON 2013 July 30th Las Vegas: Howard Schmidt Keynotes the ...
MarketWatch (press release)
Michelle Cantone, Wesley Marsh Jr., and Dan Byrnside (winning team from James Madison University's Infosec MBA Program Case Study Competition) present the case study Amazon Kindle: The Cost of Vulnerability Persistence. Mikko Varpiola ...

and more »
 
Collaboration software vendor Open-Xchange has received a US$20 million investment that it will use to expand its development team to speed up feature rollouts for its Web-based office suite, the company announced on Thursday.
 
With Apple's iWatch and several competing smartwatches from major manufacturers in the works, some analysts question whether consumers will embrace such wearable technology.
 
IT departments are rethinking their outsourcing deals, making them shorter and smaller, taking a stronger hand in managing them or bringing them fully back in-house.
 
Taiwan Semiconductor Manufacturing Co. said its net profit in the second quarter grew 23.8% year over year, driven by demand for faster and power-efficient chips for mobile phones built with its new 28-nanometer manufacturing process.
 
SAP reported revenue growth in the second quarter driven by growth in cloud subscriptions and revenue from support and its HANA in-memory database.
 
Influential technology companies and groups want the U.S. government to lift restrictions on publicizing secret requests for user data as the fallout continues over the scale of government surveillance.
 
Microsoft's attempt to transform its dog-eat-dog corporate culture into a kinder, gentler cooperative climate is likely doomed, an expert in failed business strategies said today.
 
Google has updated Chrome for iOS, which now opens some links in other Google apps, yet more evidence of the search giant's push to subvert rivals' ecosystems by keeping users corralled within its own.
 
HTC has finally unveiled its much-rumored "HTC One mini" handset, and will bring the compact version of its flagship smartphone to select markets as soon as August.
 
Samsung Electronics will offer a range of faster SSD drives for consumers from next month, including a zippy new 1TB drive meant for everyday use.
 
KDE Sc 'plasma-desktop' CVE-2013-4133 Denial of Service Vulnerability
 
KDE Sc CVE-2013-4132 NULL Pointer Dereference Denial of Service Vulnerability
 
With Apple's iWatch and several competing smartwatches from major manufacturers in the works, some analysts question whether consumers will embrace such wearable technology.
 

Posted by InfoSec News on Jul 18

http://motherboard.vice.com/blog/anonymous-hacked-fema-leaked-hundreds-of-email-addresses

By Derek Mead
Vice.com
July 17, 2013

Anonymous breached FEMA servers and pulled information on hundreds of
agency contacts worldwide. According to the hacker collective, it was in
response to Homeland Security training exercises that centered on a
fictional version of the hacker collective. In a document containing
non-sensitive data pulled from...
 

Posted by InfoSec News on Jul 18

http://www.csoonline.com/article/736544/why-help-desk-employees-are-a-social-engineer-s-favorite-target

By Steve Ragan
Staff Writer
CSO
July 17, 2013

A new report from the SANS Institute and RSA on help desk security and
privacy finds help desk workers are the easiest victims for a determined
social engineering criminal. Due to metrics and basic job requirements,
end user and network support operations are still the top target when it
comes...
 

Posted by InfoSec News on Jul 18

https://www.computerworld.com/s/article/9240859/Quantum_Dawn_2_will_test_Wall_Street_s_cyber_readiness

By Jaikumar Vijayan
Computerworld
July 17, 2013

Starting at around 8.30 a.m. ET Thursday and continuing through Friday
morning, dozens of major Wall Street firms will come under a series of
massive cyberattacks aimed at crippling financial services networks around
the country.

Fortunately for the firms -- and their customers -- the attacks...
 

Posted by InfoSec News on Jul 18

http://allthingsd.com/20130717/google-glass-had-a-vulnerability-for-being-taken-over-via-qr-code-but-its-been-fixed/

By Liz Gannes
AllThingsD.com
July 17, 2013

A Google Glass security vulnerability that allowed an outsider to take
control of the wearable computing device via QR code has been fixed.

Basically, since Glass allows users to connect to Wi-Fi by taking a
picture of a QR code, it’s possible that someone could trick a Glass...
 

Posted by InfoSec News on Jul 18

http://www.govexec.com/technology/2013/07/hacker-magnet-or-sophisticated-tool-obamacares-database-debated/66917/

By Charles S. Clark
GovExec.com
July 17, 2013

The centralized data hub that will link agency records on people who sign
up for Obamacare is either solidly on schedule and impenetrable to
hackers, or it is floundering and in danger of swelling into "the biggest
data system of personal information in the history of the...
 
Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
 
Internet Storm Center Infocon Status