InfoSec News

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Microsoft took a bold step into the tablet market on Monday with the unveiling of a computer aimed squarely at bettering Apple's market-leading iPad.
Microsoft launched two 10.6-in. tablet computers dubbed Surface on Monday, built on Windows 8, with two versions of unusual attachable Touch Covers that double as keyboards.
Hewlett-Packard voiced concerns about Oracle attempting a hostile takeover after it hired former HP CEO Mark Hurd as co-president, Oracle's lead counsel told a judge on Monday.
While there's much more to both Microsoft's new Surface tablet and Apple's iPad than pure specifications, the physical and technological differences between the two are likely to play a part in which one buyers like.
Oracle Java SE CVE-2012-1718 Remote Java Runtime Environment Vulnerability
Microsoft took a bold step into the tablet market on Monday with the unveiling of a computer aimed squarely at bettering Apple's market-leading iPad.
This CVE-2012-1875 is now actively exploited in limited attacks but Microsoft has yet to update its MS12-037 bulletin [1] to clearly indicate that public exploit code is now widely available. This critical Internet Explorer update has a module available in the Metasploit framework.
Users are strongly encouraged to patch this vulnerability before your systems get exploited. Have you seen this vulnerability being exploited in your network? Let us know!
[1] MS12-037 - Critical: Cumulative Security Update for Internet Explorer

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Oracle Java SE CVE-2012-1725 Remote Java Runtime Environment Vulnerability
Oracle Java SE CVE-2012-1724 Remote Java Runtime Environment Vulnerability
BlazeVideo BlazeDVD Professional '.PLF' File Remote Buffer Overflow Vulnerability
Profits at Oracle climbed 8 percent in the quarter just ended, though hardware sales declined and overall revenue was up only slightly.
A former marketing executive at AT&T has pleaded guilty to charges related to an insider trading scheme in which he leaked sales information about Apple's iPhone and Research In Motion's BlackBerry devices to members of an investment community.
ARM processors could potentially coexist with x86 processors from Intel or Advanced Micro Devices in server environments, with the use case being similar to CPUs and graphics processors in some supercomputers today, chip maker Calxeda said on Monday.
Asterisk IAX2 Channel Driver Denial Of Service Vulnerability
Oracle MySQL CVE-2012-2122 User Login Security Bypass Vulnerability
SAP is creating a new program that seeks to anoint consultants as "distinguished engineers" working with its HANA in-memory database platform.
Storage software sales have had a rough ride over the past two years, according to IDC, with sales to large companies and government and educational sectors cooling off the most.
Attack code for two actively exploited vulnerabilities in Microsoft software, one of which has not yet been patched, was integrated into the open-source Metasploit penetration testing framework.
While Microsoft has aggressively talked up Windows 8, the company has been relatively quiet about Windows RT, the all-mobile OS destined for tablets. We fill in the blanks for you.
A Microsoft-branded tablet made by Barnes & Noble makes sense if the tablet is focused on the same market as the $200 Kindle Fire, analysts said Monday.
Facebook has acquired Face.com, the facial recognition software company whose products power Facebook's photo tagging suggestions, according to a blog post.
Improving the ability of law enforcement agencies to catch cybercriminals should be a priority when governments decide how their cybersecurity budgets get spent, according to University of Cambridge security engineering professor Ross Anderson.
Intel on Monday spent US$375 million to buy around 1,700 wireless networking patents from subsidiaries of digital communications company Interdigital.
Barnes & Noble today confirmed that it is not participating in Microsoft's hastily-called news conference today, likely making moot rumors that the two would co-introduce a new tablet or e-reader.
The fat client desktop system has ruled computing for 30 years. Could Google Chrome OS and other cloud-based, thin-client systems dominate the next 30?
Companies that turn off their local servers for e-mail, productivity and collaboration applications and switch to the cloud-hosted Google Apps suite can save significant amounts of money in energy costs, Google said on Monday.
A technology draft written by employees at China Mobile and China Telecom and submitted to the Internet Engineering Task Force describes how the Internet could be split into several parts using the Domain Name System and in the process give countries more control over their own segment of the network.
XnView FPX / ECW / RAS Image Multiple Buffer Overflow Vulnerabilities
iScripts EasyCreate HTML Injection and SQL Injection Vulnerabilities
Re: SAXoPRESS - directory traversal

Booth babe debate is back, in time for summer cons!
CSO (blog)
Let's begin with the post that restarted the discussion -- a great read in the Idiosyncratic Routine blog written by New York-based infosec practitioner Amber ...

and more »
A Microsoft-branded tablet made by Barnes & Noble makes sense if the tablet is focused on the same market as the $200 Kindle Fire, analysts said Monday.
DC4420 - London DEFCON - June meet - Tuesday June 19th 2012
SEC Consult SA-20120618-1 :: Airlock WAF overlong UTF-8 sequence bypass
SEC Consult SA-20120618-0 :: Western Digital ShareSpace WEB GUI Sensitive Data Disclosure
[ MDVSA-2012:095 ] java-1.6.0-openjdk
Download CIO'com's ebook for advice about how to get started on exploiting the power of big data analytics, which can provide your organization with a competitive advantage.
With interactive documents, you can choose from a range of predefined options for data, instead of typing the data from scratch each time. If you write lots of letters to the same few correspondents, generate electronic data-entry forms, produce documents with boilerplate language, or find yourself typing the same phrases over and over, wouldn't it be convenient if your documents were already partially formatted and allowed you to make selections from drop-down menus instead of copying and pasting from documents you created earlier? I'll show you how to use the Content Control tools within Microsoft Word to create templates that you can use every day.
QNAP Turbo NAS Multiple Vulnerabilities - Security Advisory
Re: [CAL-2012-0015] opera website spoof
[SECURITY] [DSA 2495-1] openconnect security update
[Suspected Spam] Swoopo Gold Shop CMS v8.4.56 - Multiple Web Vulnerabilities
Name: Dan Curtis
Intel on Monday introduced a high-performance chip family called Xeon Phi, which provides a stepping stone for the company to reach the milestone of creating an exaflop computer by 2018.
News Script PHP v1.2 - Multiple Web Vulnerabilites
Samsung announced a new program on Monday to help enterprise IT shops feel more confident about allowing workers to use the coming Galaxy S III smartphone on the job.
Canon said Monday it will launch a new augmented-reality platform that uses head-mounted displays to realistically project virtual images onto real backgrounds.
Multiple AntiVirus Products CVE-2012-1458 CHM File Scan Evasion Vulnerability
Multiple AntiVirus Products CVE-2012-1459 TAR File Scan Evasion Vulnerability
Multiple AntiVirus Products CVE-2012-1457 TAR File Scan Evasion Vulnerability
Ruby on Rails Active Record SQL Injection Vulnerability
PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
Japan's Sharp said Monday it will release a new user interface for its smartphones in an attempt to differentiate them from the Android masses.
Rumors that Microsoft may unveil its own e-reader or tablet later today would be confirmation of speculation that dates back more than a month, not just to last week.
As Meg Whitman, HP's CEO, took the stage at the recent HP Discover conference, the thousands sitting in the cavernous hall applauded politely -- and then stopped.
Security researchers have published detailed information about how Flame malware spreads through a network by exploiting Microsoft's Windows Update mechanism.
It's clear that U.S. businesses and infrastructure operators haven't even begun to prepare to defend against cyber-espionage and sabotage.
DigitalGlobe's CIO, Scott Hicar, says Earth imagery presents the ultimate big-data problem -- but it can also solve a multitude of business problems.
IT staffers rotate through various tech specialties and team up with business partners at the No. 84-ranked organization on our 2012 Best Places to Work in IT list.
The U.S., once again, is home to the world's most powerful supercomputer after being knocked off the list by China two years ago and Japan last year.
As more and more companies adopt BYOD policies, IT managers are taking steps to prevent employees from using cloud-based consumer storage services with their personal devices.
During the Computerworld Honors event early this month, Jason Palmer had some straightforward advice for executives looking to derive more value from technology: Be a contrarian.
With several big data initiatives announced at MIT recently, Massachusetts Gov. Deval Patrick said he wants to make his state a hub for research into that emerging field.
Over the past few weeks, Google has begun warning users of its Gmail service whenever it suspects customers may be targets of 'state-sponsored' hack attacks.
libgssglue 'GSSAPI_MECH_CONF' Environment Variable Local Privilege Escalation Vulnerability
Microsoft XML Core Services CVE-2012-1889 Remote Code Execution Vulnerability
Intel CPU Hardware Local Privilege Escalation Vulnerability
The U.S. once again has the most powerful supercomputer in the world, thanks to the U.S. Department of Energy's Sequoia, according to the latest edition of the Top500 supercomputer list, ending Asia's hold on the top spot. Sequoia's 1.57 million processor cores can perform 16.32 petaflops (quadrillion floating-point calculations per second).
Internet Storm Center Infocon Status