Hackin9

InfoSec News

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Facebook said on Tuesday that it would begin allowing app developers on its platform to charge users for subscriptions but would require them to stop using Facebook Credits for in-app purchases, according to a blog post.
 
Latest news, analysis and reviews on Microsoft's tablet
 
LinkedIn has been hit with a potential class-action lawsuit alleging it failed to meet "industry standard" security practices in connection with a massive data breach earlier this month, according to court documents.
 
Wonderware SuiteLink Unallocated Unicode String Remote Denial of Service Vulnerability
 
python 'distutils' Component '~/.pypirc' File Local Race Condition Vulnerability
 
Hewlett-Packard on Tuesday introduced a low-power server system called Gemini that will be based on Intel's upcoming Atom processor, code-named .
 
A new version of Firefox, 13.0.1, was released today. Although the official release notes say that various security issues have been fixed in this version, by looking at the official security advisories for Firefox Icouldn't find any new advisories specifically for 13.0.1, as all them (from MFSA2012-34 to 2012-40)were fixed in version 13.0 (although unfortunately, the official release notes for Firefox 13.0 do not include the security fixes reference). We already announced these a couple of weeks ago.
In any case, be sure you get the update (via the automatic method or manually)and that it is properly applied (it includes a few functional fixes).
If you have more specific security details regarding 13.0.1 (if any), please share them through our contact page.
----

Raul Siles

Founder and Senior Security Analyst with Taddong

www.taddong.com (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
In much the same way that Java replaced C++ 15 years ago as the dominant programming language for enterprise software, Web development technologies such as HTML5, JavaScript and others might supplant traditional programming languages today, according to an Oracle software executive.
 
Datacenters in Hong Kong can never become greener -- because Hong Kong's government is lukewarm to the use of renewable energy."
 
Oracle refused to commit to continued porting of its software to Hewlett-Packard's Itanium platform as part of the companies' settlement over Oracle's hiring of Mark Hurd, Oracle co-President Safra Catz told a judge on Tuesday.
 
Rui Marcelo, CIO of CTM (Companhia de TelecomunicaASSAues de Macau SARL) has spent 30 years in Macau. He talks to Computerworld Hong Kong about his IT career in Macau, the 1999 handover, liberalization of gaming industry, and the evolving IT industry
 
Apple has little to worry about from Microsoft's tradition-breaking move to sell its own tablets, analysts said today.
 
Python SimpleXMLRPCServer Denial Of Service Vulnerability
 
Following Microsoft's announcement of its new Surface tablet, LG Electronics said it has decided to put its tablet development efforts on hold in order to focus on smartphones.
 
Microsoft's Surface tablet is a measured gamble to enter the cutthroat tablet business, but the company could be alienating longtime hardware partners that are also expected to announce Windows 8 devices starting later this year.
 
What better way for a salesperson to sour a long-term relationship than to bypass the CIO and tell the CFO that IT is wasting money?
 
Researchers from Fujitsu Laboratories, Japan's National Institute of Information and Communications Technology (NICT) and Kyushu University have set a new cryptanalysis world record by cracking a 278-digit-long (923-bit) key used in a pairing-based cryptography system, Japanese IT services provider Fujitsu said Monday.
 
You draw with your friends. You come up with clever words against them. You even play a game or two of hangman with them. You might as well challenge them to a game of trivia, too.
 
The U.S. Congress doesn't need to take major steps to protect the privacy of Web and mobile users, because self-policing efforts are generally working, the CEO of TRUSTe told lawmakers on Tuesday.
 
VUPEN Security Research - Microsoft Internet Explorer "Col" Element Remote Heap Overflow (MS12-037 / CVE-2012-1876)
 
VUPEN Security Research - Microsoft Internet Explorer "GetAtomTable" Remote Use-after-free (MS12-037 / CVE-2012-1875)
 
VUPEN Security Research - Microsoft Internet Explorer "CollectionCache" Remote Use-after-free (MS12-037)
 
[Win32-API] SetNamedSecurityInfo() IGNORES and DESTROYS protected DACLs/SACLs
 
Federal investigators have ended an H-1B fraud scheme in which people in India and in the U.S. were recruited for full-time jobs that did not necessarily exist.
 
Microsoft needs to hook customers with better pricing if it wants to capture market attention with its new Surface tablets, analysts said.
 
More than 100,000 health care providers are now using electronic health records that meet federal standards, according to the National Coordinator for Health Information Technology.
 
More than 100,000 health care providers are now using electronic health records that meet federal standards, according to the National Coordinator for Health Information Technology.
 
Hewlett-Packard introduced a low-power server system called Gemini that will be based on Intel's upcoming Atom processor, code-named Centerton.
 
A recently discovered fake Android security application is most likely a mobile component of the Zeus banking malware, security researchers from antivirus firm Kaspersky Lab said on Monday.
 
[security bulletin] HPSBUX02791 SSRT100856 rev.1 - HP-UX Apache Web Server running PHP, Remote Execution of Arbitrary Code, Privilege Elevation, Denial of Service (DoS)
 
[security bulletin] HPSBUX02789 SSRT100824 rev.1 - HP-UX CIFS Server (Samba), Remote Execution of Arbitrary Code, Elevation of Privileges
 
[SECURITY] [DSA 2496-1] mysql-5.1 security update
 
Sonos, maker of a variety of excellent multi-room music systems, has added a high-end bottom end to its line up of powered speakers--the $699 Sonos Sub. More than just a subwoofer, the Sub incorporates into existing powered Sonos configurations to add a rich bottom end to your streaming music.
 
A software implementation issue enables an attacker to escalate privileges or break out of a virtual machine environment.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Salesforce.com has acquired ChoicePass, a Web company that offers companies services for providing employees with perks and discounts at local businesses.
 
Google has high hopes for its Google+ social network in the enterprise, with a more corporate-friendly version on the way as the company also continues to slowly open up the API to more third parties with Flipboard the latest addition to that effort, a company executive said Tuesday at the LeWeb conference in London.
 
Microsoft's venture into selling company-designed tablets is fraught with risk, and one analyst says the company is setting itself up as its own rival.
 
Editor's note: The following review is part of Macworld's GemFest 2012 series. Every weekday from mid June through mid August, the Macworld staff will use the Mac Gems blog to briefly cover a favorite free or low-cost program. Visit the Mac Gems homepage for a list of past Mac Gems.
 
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1938 Memory Corruption Vulnerability
 
Cisco is taking enterprise social collaboration to the cloud.
 
Microsoft's venture into selling company-designed tablets is fraught with risk, and one analyst says the company is setting itself up as its own rival.
 
A total of 568 hours of downtime at 13 well-known cloud services since 2007 had an economic impact of more than $71.7 million dollars, said the International Working Group on Cloud Computing Resiliency (IWGCR) on Monday.
 
Cisco Systems is extending the functionality of its Quad enterprise social networking (ESN) software through integration with Microsoft Office applications and with email clients, including Microsoft Outlook, the company is announcing on Tuesday.
 
China Mobile's effort to support its own mobile operating system to compete with the likes of Apple's iPhone appears to be falling by the wayside, mired by its failure to attract developers and enough backing from handset manufacturers.
 
My quick hands-on with the new 10.6-in. Surface tablet at Microsoft's launch on Monday gave me a little surprise: The edges on all four sides are sharp.
 
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1937 Memory Corruption Vulnerability
 
Multiple Browsers WebGL Implementation Linux NVIDIA Driver 'glBufferData()' Security Vulnerability
 
Mozilla Firefox/SeaMonkey/Thunderbird NSS Parsing Multiple Denial of Service Vulnerabilities
 
Contract manufacturer Celestica said it would phase out manufacturing services for Research In Motion, as the struggling maker of the BlackBerry smartphone attempts to cut costs amid slowing demand.
 
About one third of Facebook's users in India appear to access the service from a mobile phone only, supporting the notion that many people in developing countries first experience the Internet through a mobile device rather than a PC.
 


No, I didn't make that title up. Someone else did. vulnerabilityqueerprocessbrittleness . in is currently one 600+ domains that link to a quite prevalent Fake Anti-virus malware campaign. Currently, the domains associated to this scam all point to web servers hosted in the 204.152.214.x address range, but of course the threat keeps moving around as usual.
The attackers show lots of creativity with their domain names
crashessafetypc. in

keepprotectcare. in

microsoftkeeper. in

hazardactivitytasks. in

hazardon-linekeeper. in

highrisksprotection. in
though they don't seem to have attended Marketing 101 yet, because some of the names appear to be less than ideal...:
keepperfomanceworms. in

dangerwreckguarantor. in

highfail-safetykeeper. in

optimizerwreckdeliverer. in
The current set of threats involves frequently changing malware EXEs (or EXEs inside of ZIPs) with low coverage on virustotal. The download URLs usually follow the pattern of http://bad-domain. in/16 character random hex string/setup.exe or /setup.zip
Example: http://fail-safetytestingcontrol. in/fc1a9d5408b7e17d/setup.exe
Stay safe .. and keep your PCs free of the dangerwreckguarantor! (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
About one third of Facebook's users in India appear to access the service from a mobile phone only, supporting the notion that many people in developing countries first experience the Internet through a mobile device rather than a PC.
 
As more and more companies use Hadoop to handle big data, anticipation for forthcoming Version 2.0 grows
 
Security expert Dan Clements is building a virtual "lost and found" box for data, a concept he hopes companies suffering from data breaches will embrace to find out just how bad the damage is.
 
A batch of names, addresses, emails and phone numbers of credit card customers around the world released on Monday indicates a breach of a payment processor, but the data appears old.
 
Microsoft on Monday introduced its own line of tablets, dubbed 'Surface.' In doing so, the company broke its 37-year tradition of never competing directly with the hardware partners that have helped make Windows the most successful operating system ever.
 
PHPList SQL Injection and Cross Site Scripting Vulnerabilities
 
Internet Storm Center Infocon Status