Hackin9
China has approved the sale of 5 million Xbox One units, opening the way for Microsoft to make a big splash in the country's emerging console sector.
 
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
A tricked-out version of YouTube offering exclusive content might prove lucrative bait for Google to lure some of its users deeper into its digital video and music services.
 
An analysis by security researchers of 48,000 extensions for Google's Chrome browser uncovered many that are used for fraud and data theft, actions that are mostly undetectable to regular users.
 
It's not surprising that former Microsoft CEO Steve Ballmer abruptly gave up his board seat some six months after leaving the top job, and the move should help cement the regime and strategy of his successor Satya Nadella, according to several industry observers.
 
 
Cisco ASR 5000 Series Software CVE-2014-3331 Denial of Service Vulnerability
 

The 'human firewall': a more proactive approach to infosec
SC Magazine
Security has always been expensive, and it's getting worse. In fact, a recent survey shows 60 percent of enterprises in the U.S., Canada, UK and Australia increased their IT security spending since last year. Of the U.S. companies surveyed, nearly 50 ...

 
Fully 70% of federal agencies experienced downtime of 30 minutes or more in a recent one-month period.
 
The data breach at Community Health Systems that exposed the personal information on more than 4.5 million people is a symptom of the chronic lack of attention to patient data security and privacy within the healthcare industry.
 
Ex-CEO Steve Ballmer resigned from the Microsoft board today, effective immediately.
 
Steve Ballmer's decision to step down from Microsoft's board draws to a close a 34 year-long career that took him from business manager to CEO.
 
MIT kerberos 5 'ldap_principal2.c' Buffer Overflow Vulnerability
 
ESA-2014-071: RSA Archer® GRC Platform Multiple Vulnerabilities
 
The U.S. Federal Communications Commission has the green light to collect new data on the pricing of so-called special access services, the middle-mile network services used to deliver business broadband and mobile service backhaul.
 
Google is reportedly eying the creation of a YouTube music subscription service to take on the likes of Spotify and Pandora.
 
About six months after retiring as CEO of Microsoft, Steve Ballmer has relinquished his seat on the company's board of directors effective immediately, citing a busy schedule and confidence in the company's current and future financial performance.
 
A petition started last year that urges Apple's CEO to recall older MacBook Pro laptops to fix a graphics problem has passed the 10,000-signature mark, part of an ongoing effort to get Apple to do something.
 
Put simply, cybercrime, especially financial malware, has the potential to be quite the lucrative affair. That's only because the bad guys have the tools to make their work quick and easy, though. Cripple the automated processes presented by certain malware platforms, and suddenly the threats -- and the losses --aren't quite so serious.
 
AMD said Tuesday that it will sell three 2.5-inch SSDs manufactured by enthusiast house OCZ, allowing AMD to offer high-speed storage alongside microprocessors and graphics chips.
 

A healthcare system spanning 29 states announced on Monday that cybercriminals operating from China stole information on approximately 4.5 million patients, including names, birth dates, and Social Security numbers.

Community Health Systems, which comprises 206 facilities in the southern and western states, announced the incident in an 8-K filing submitted to the Securities and Exchange Commission (SEC). The data breach likely stems from compromises in April and June of this year, involved sophisticated malware, and is apparently connected to China, the company stated.

"The attacker was able to bypass the Company’s security measures and successfully copy and transfer certain data outside the Company," CHS said in its 8-K filing. "Since first learning of this attack, the Company has worked closely with federal law enforcement authorities in connection with their investigation and possible prosecution of those determined to be responsible for this attack."

Read 5 remaining paragraphs | Comments

 
HTC announced the HTC One (M8) smartphone for Windows todayl it's available exclusively at Verizon Wireless for $99 on a two-year contract.
 
Venture capital fundraising has picked up steam in the U.S., with cloud computing, mobile technology and robotics getting solid backing.
 
September is shaping up to be a very exciting month for smartphone buyers around the world: We know that Motorola Mobility, Microsoft, Sony and Samsung Electronics will all launch new smartphones, and it looks like Apple will join the party too. So what new devices are we looking forward to the most? Here's our countdown:
 
Federal legislation on communications policy predates all the changes brought about by the Internet. It's time to address Internet regulation directly.
 
LinuxSecurity.com: Updated qemu-kvm packages that fix two security issues and three bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security [More...]
 
LinuxSecurity.com: USN-2232-1 introduced a regression in OpenSSL.
 
Microsoft Windows Kernel 'Win32k.sys' CVE-2014-1819 Local Privilege Escalation Vulnerability
 
Microsoft Windows Kernel Pool Allocation CVE-2014-4064 Local Information Disclosure Vulnerability
 

GSA to Involve InfoSec from Get-Go
GovInfoSecurity.com
General Services Administration Chief Information Officer Sonny Hashmi is on a mission to revamp the way the federal agency approaches information technology projects, including how it incorporates security into its IT initiatives. Hashmi, in July ...

 
Microsoft has tweaked the controls in SharePoint Online to let administrators make better use of storage resources allocated to SharePoint websites.
 
ESA-2014-079: EMC Documentum Content Server Multiple Vulnerabilities
 
[CVE-2014-0232] Apache OFBiz Cross-site scripting (XSS) vulnerability
 
FreeNAS Blank Password Authentication Bypass Vulnerability
 
Reverse mentoring helps seasoned IT execs get comfortable with new technologies like social media while gaining insight into what makes millennials tick.
 
GitLab 'SSH key upload' Feature CVE-2013-4490 Remote Code Execution Vulnerability
 
ESA-2014-067: EMC Documentum D2 Privilege Escalation Vulnerability
 
ESA-2014-059: EMC Documentum Multiple Cross-Site Scripting Vulnerabilities
 
ESA-2014-073: EMC Documentum Multiple Cross-Site Request Forgery Vulnerabilities
 
Verizon Wireless beat out the other three national carriers for overall network performance, reliability and speed in the first half of 2014, according to an analysis by RootMetrics released Tuesday.
 
The Ultra II SSD is a follow-up to the consumer-grade Ultra Plus SSD released last year that increases performance while slashing the price point.
 
389 Directory Server CVE-2014-3562 Information Disclosure Vulnerability
 
Kolibri Remote Buffer Overflow Vulnerability
 
Kolibri CVE-2014-4158 Stack Based Buffer Overflow Vulnerability
 

Posted by InfoSec News on Aug 19

http://www.bloomberg.com/news/2014-08-19/steel-city-s-hacking-cases-mean-gameover-for-trade-theft.html

By Chris Strohm
Bloomberg.com
Aug 18, 2014

The U.S. Justice Department is adding resources and agents in Pittsburgh
to combat hackers, after the steel city’s law enforcement agencies,
universities and companies led the way on two landmark prosecutions.

The two cases targeting people in China and Russia have helped make
Pittsburgh the...
 

Posted by InfoSec News on Aug 19

http://online.wsj.com/articles/community-health-systems-says-its-suffered-criminal-cyberattack-1408365259

By ERIN MCCARTHY
The Wall Street Journal
Aug. 18, 2014

Community Health Systems Inc. CYH +1.29% said Monday that its computer
network was a target of an external criminal cyberattack in April and June
that affected data related to some 4.5 million individuals.

The rural hospital operator and cybersecurity firm Mandiant believe the...
 

Posted by InfoSec News on Aug 19

http://arstechnica.com/security/2014/08/new-website-aims-to-shame-apps-with-lax-security/

By Robert Lemos
Ars Technica
Aug 18 2014

The amount of personal data traveling to and from the Internet has
exploded, yet many applications and services continue to put user
information at risk by not encrypting data sent over wireless networks.
Software engineer Tony Webster has a classic solution—shame.

Webster decided to see if a little public...
 

Posted by InfoSec News on Aug 19

http://www.nextgov.com/cybersecurity/2014/08/exclusive-nuke-regulator-hacked-suspected-foreign-powers/91643/

By Aliya Sternstein
Nextgov.com
August 18, 2014

Nuclear Regulatory Commission computers within the past three years were
successfully hacked by foreigners twice and also by an unidentifiable
individual, according to an internal investigation.

One incident involved emails sent to about 215 NRC employees in "a
logon-credential...
 

Posted by InfoSec News on Aug 19

http://www.heraldsun.com.au/news/foreign-minister-julie-bishops-phone-was-hacked-at-the-height-of-the-mh17-crisis/story-fni0fiyv-1227026241325

By Ellen Whinnet
Political Editor
Herald Sun August 16, 2014

FOREIGN Affairs Minister Julie Bishop’s mobile phone was compromised while
she was overseas leading tense negotiations to win access to the MH17
crash site in Ukraine.

Australian intelligence officials seized Ms Bishop’s phone on her...
 
Internet Storm Center Infocon Status