Share |

InfoSec News

A new vulnerability reporting framework was announced this week to standardize security vulnerability reporting. The Common Vulnerability Reporting Framework (CVRF) is an XML-based language that will enable different stakeholders across different organizations to share critical security-related information in a single format, speeding up information exchange and digestion. [1]
A 12-page whitepaper is available on this new standard that can be freely downloaded here and a list of FAQ is available here.


[1] http://www.icasi.org/cvrf
-----------
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Microsoft said this week that it has evidence of a link between the fake security software now plaguing Mac users and a hard-charging family of similar software on Windows.
 
The CERT Societe Generale has released another cheat sheet for Distributed Denial of Service (DDoS) freely available here. This Incident Response Methodology is a cheat sheet dedicated to handlers investigating on a precise security issue. [1]


[1] http://cert.societegenerale.com/resources/files/IRM-4-DDoS.pdf
Previously published cheat sheet:
Worm Infection - http://cert.societegenerale.com/resources/files/IRM-1-Worm-Infection.pdf

Windows Intrusion - http://cert.societegenerale.com/resources/files/IRM-2-Windows-Intrusion.pdf

Unix Intrusion - http://cert.societegenerale.com/resources/files/IRM-3-Unix-Intrusion.pdf
-----------
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Exchange Online, the hosted version of Microsoft's e-mail system, ran into technical problems again on Thursday, the latest in a series of downtime and performance hiccups.
 
[SECURITY] [DSA 2238-1] vino security update
 
Several big IT vendors, including IBM, HP, BMC Software, Intel and Red Hat, are banding together to promote an open source virtualization platform as an alternative to VMware.
 
Microsoft today called comments made by an Intel executive about the next version of Windows "inaccurate" and "misleading."
 
MasterObjects, a software development company, added Microsoft to the list of companies it is suing for infringing on a patent for technology that displays potential completed search terms as users type into a search bar.
 
Texas Memory Systems has released what it calls the world's fastest PCIe-based NAND flash card, with up to 900GB capacity and 2GB/sec throughput.
 
LinkedIn's successful IPO today saw its stock price more than double and its valuation approach $10 billion.
 
Does your wireless network seem slow? A recent study shows that consumers lose an average of 30 percent of the data speed their broadband connection supplies when they use Wi-Fi connections in the home.
 
With a new $2 billion device successfully installed Thursday, the International Space Station has become a dark matter hunter.
 
Siemens is working on a fix for some serious vulnerabilities recently discovered in its industrial control system products used to manage machines on the factory floor.
 
The impact of technology on culture reached a turning point Thursday as Amazon.com announced that it's selling more Kindle e-books than printed books.
 
GNU libc glob(3) 'pattern' Remote Denial of Service Vulnerability
 
[ MDVSA-2011:094 ] pure-ftpd
 
RE: CA20110420-02: Security Notice for CA Output Management Web Viewer
 
Ubuntu Security Notice publication update
 
Apache Struts 2, XWork, OpenSymphony WebWork Java Class Path Information Disclosure
 
The U.S. Congress needs to pass new laws to protect smartphone customers from having their locations tracked by operating systems and applications, members of a Senate subcommittee said Thursday.
 
Apple's Mac App Store puts users at risk because it's slow to update vulnerable software, a security researcher said Wednesday.
 
Google boosted its social search efforts on Thursday by disclosing plans to make it available to users outside the U.S. in 19 languages in the coming week.
 
It was the spring of 2001--a year that had not yet turned sour beyond belief--when Apple chose to open its very first two retail stores. These two would be the first of some 25 stores opening later in the year. And in the years to come, they would be only two of over 300.
 
Everett Katzen had every right to be nervous when an Apple Store opened last year, just a few blocks away from where his Springboard Media shop has been selling and repairing Macs for 16 years. Apple Stores are retail juggernauts. How could Katzen compete?
 
For IT departments wanting to do chargebacks or cost-justification, figuring virtualization and cloud services ROI is tricky, at best. Experts outline four methods you can use to break down costs and returns.
 
Computer Associates SiteMinder User Impersonation Vulnerability
 
Linux Kernel Transparent Hugepages Local Denial of Service Vulnerability
 
Companies are considering tokenization as an alternative or in addition to encryption, a recent survey found.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Verizon Wireless and Medco Health Solutions today released a mobile application that guides BlackBerry and Android smartphone users to locations where they can purchase the lowest-cost prescription drugs.
 
HP's TouchPad could emerge as a viable competitor to Apple's iPad tablet in a burgeoning market filled with disappointing competitors, industry analysts said this week.
 
Verizon's first Windows Phone 7-based device, the HTC Trophy, goes on sale next week for about $150.
 
BalaBit IT Security syslog-ng PCRE Denial of Service Vulnerability
 
Microsoft PowerPoint (CVE-2011-1270) Remote Buffer Overflow Vulnerability
 

Best-worst movies about hacking and infosec? Discuss!
CSO (blog)
It was started when Rio-based security specialist Felipe Martins shared a post from his IT and InfoSec Blog about some of his favorites. I've always loved movies, specially when they have something to do with my work area, study or personal taste, ...

 
The California Public Utilities Commission has proposed state rules for ensuring the security of data collected by new smart metering technology.
 
Oracle will no longer charge for personal use of its legacy JRocket Java Virtual Machine
 
The pricing relative to functionality could be the real stumbling block as Google tries to convert users to a new computing paradigm.
 
libmspack Multiple Unspecified Vulnerabilities
 
TIBCO iProcess Suite Session Fixation and Cross Site Scripting Vulnerabilities
 
Moodle Prior to 1.9.12/2.0.3 Multiple Security Vulnerabilities
 
Android became the most popular smartphone operating system worldwide in the first quarter of 2011, while Apple saw its share of the market grow, according to a report Gartner issued Thursday on sales of mobile phones to end users.
 
Ford is developing industry-first voice-controlled in-car connections to an array of health aids from blood glucose monitoring devices and other diabetes management services, asthma management tools and web-based allergen alerts.
 
About a third to half of all data centers will be physically expanding or leasing new space in the next two years, according to recent surveys.
 
Criminal hackers are industrious folks -- they stay up late devising new ways to attack individuals and businesses. Watch out for these cyberattacks that can turn smartphones into texting botnets, shut off electricity to homes and businesses, jam GPS signals and more.
 
Zend Framework 'PDO_MySql' Security Bypass Vulnerability
 
InfoSec News: OIG raps HHS agencies for lax PHI security: http://www.cmio.net/index.php?option=com_articles&view=article&id=27819
By Editorial Staff CMIO.net May 18, 2011
The U.S. Department of Health & Human Services (HHS) Office of Inspector General (OIG) has released two reports released two reports that [...]
 
InfoSec News: Registration for USENIX Security '11 and the Co-located Workshops Is Now Open: Forwarded from: Lionel Garth Jones <lgj (at) usenix.org>
Join us in San Francisco, CA, August 8-12, 2011, for a week covering the latest research in the security of computer systems, networks, healthcare, electronic voting, and more.
We know that keeping up with the latest advances in security can be costly and time-consuming. The 20th USENIX Security Symposium and the co-located workshops make it easier than ever to stay ahead of the game.
The week includes:
- USENIX Security '11: 20th USENIX Security Symposium Monday-Friday, August 8-12, 2011 http://www.usenix.org/events/sec11 The USENIX Security Symposium brings together researchers, practitioners, system administrators, system programmers, and others interested in the latest advances in the security of computer systems and networks. The 5-day program includes a Keynote Address by Charlie Stross, award-winning science fiction writer; refereed papers; invited talks; a tutorial program; poster session; and more.
- EVT/WOTE '11:2011 Electronic Voting Technology Workshop/Workshop on Trustworthy Elections Monday-Tuesday, August 8-9, 2011 http://www.usenix.org/events/evtwote11 EVT/WOTE brings together researchers from a variety of disciplines, ranging from computer science and human-computer interaction experts through political scientists, legal experts, election administrators, and voting equipment vendors.
- CSET '11: 4th Workshop on Cyber Security Experimentation and Test Monday, August 8, 2011 http://www.usenix.org/events/cset11 The focus of CSET is on the science of cyber security evaluation, as well as experimentation, measurement, metrics, data, and simulations as those subjects relate to computer and network security. Because of the complex and open nature of the subject matter, CSET '11 is designed to be a workshop in the traditional sense. Presentations will be interactive, with the expectation that a substantial amount of this time may be given to questions and audience discussion.
- FOCI '11: USENIX Workshop on Free and Open Communications on the Internet Monday, August 8, 2011 http://www.usenix.org/events/foci11 The first USENIX Workshop on Free and Open Communications on the Internet (FOCI) seeks to bring together researchers and practitioners from both technology and policy who are working on policies or technologies to detect or circumvent practices that inhibit free and open communications on the Internet.
- WOOT '11: 5th USENIX Workshop on Offensive Technologies Monday, August 8, 2011 http://www.usenix.org/events/woot11 Progress in the field of computer security is driven by a symbiotic relationship between our understandings of attack and of defense. The USENIX Workshop on Offensive Technologies (WOOT) aims to bring together researchers and practitioners in systems security to present research advancing the understanding of attacks on operating systems, networks, and applications.
- HealthSec '11: 2nd USENIX Workshop on Health Security and Privacy Tuesday, August 9, 2011 http://www.usenix.org/events/healthsec11 HealthSec is intended as a forum for lively discussion of aggressively innovative and potentially disruptive ideas on all aspects of medical and health security and privacy. The highly interactive workshop will combine posters and brief presentations by position paper authors, slightly longer talks by extended abstract authors, and panel discussions.
- HotSec '11: 6th USENIX Workshop on Hot Topics in Security Tuesday, August 9, 2011 http://www.usenix.org/events/hotsec11 HotSec is renewing its focus by placing singular emphasis on new ideas and problems. HotSec takes a broad view of security and privacy and encompasses research on topics including but not limited to large-scale threats, network security, hardware security, software security, physical security, programming languages, applied cryptography, privacy, human-computer interaction, emerging computing environment, sociology, and economics.
- MetriCon 6.0: Sixth Workshop on Security Metrics Tuesday, August 9, 2011 http://www.securitymetrics.org/content/Wiki.jsp?page=Metricon6.0 Attendance at MetriCon 6.0 is by invitation only.
Whether you're a researcher, a system administrator, or a policy wonk, come to the 20th USENIX Security Symposium and the co-located workshops to find out how changes in computer security are going to affect you.
See you in San Francisco!
P.S. Connect with other attendees, check out additional discounts, and help spread the word!
Facebook: http://www.facebook.com/event.php?eid=222251427791082
Twitter: http://twitter.com/usenix #sec11
Additional Discounts: http://www.usenix.org/events/sec11/discounts.html
Help Promote: http://www.usenix.org/events/sec11/promote.html
 
InfoSec News: SCADA hack talk canceled after U.S., Siemens request: http://news.cnet.com/8301-27080_3-20064112-245.html
By Elinor Mills InSecurity Complex CNet News May 18, 2011
Two researchers say they canceled a talk at a security conference today on how to attack critical infrastructure systems, after U.S. cybersecurity and Siemens representatives asked them not to discuss their work publicly.
"We were asked very nicely if we could refrain from providing that information at this time," Dillon Beresford, an independent security researcher and a security analyst at NSS Labs, told CNET today. "I decided on my own that it would be in the best interest of security...to not release the information."
Beresford said he and independent researcher Brian Meixell planned on doing a physical demonstration at the TakeDown Conference and shared their slides and other information on vulnerabilities and exploits with Siemens, ICS-CERT (Industrial Control Systems Cyber Emergency Response Team), and the Idaho National Lab on Monday.
A DHS official provided this statement: "DHS' Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) frequently engages with industry partners and members of the cybersecurity community to share actionable vulnerability information and mitigation measures in an effort to better secure our nation's critical infrastructure. In this collaboration, DHS always prioritizes the responsible disclosure of vulnerability information, while concurrently providing actionable solutions and recommendations to better secure our nation's infrastructure. This responsible disclosure process does not encourage the release of sensitive vulnerability information without also validating and releasing a solution."
[...]
 
InfoSec News: Top Cybersecurity Official Resigns: http://www.nationaljournal.com/whitehouse/top-cybersecurity-official-resigns-20110518
By Marc Ambinder National Journal May 18, 2011
Phil Reitinger, the Department of Homeland Security’s top cyber and computer crimes official, is resigning just days after the [...]
 
InfoSec News: Survey: Database Administrators, IT Security Still Not On The Same Page: http://www.darkreading.com/database-security/167901020/security/application-security/229502495/survey-database-administrators-it-security-still-not-on-the-same-page.html
By Ericka Chickowski Contributing Writer Dark Reading May 18, 2011
Database administrators still don't get security, according to a study published Wednesday.
Many DBAs and general IT decision-makers admit they know little about critical database security issues such as change control, patch management, and auditing, the survey says.
Conducted by Unisphere Research on behalf of Application Security Inc., the survey questioned 214 Sybase administrators belonging to the International Sybase User Group (ISUG) about their database security practices. The prevalent theme running throughout the survey was that most organizations lacked controls to keep database information protected across the enterprise.
"A majority of respondents admit that there are multiple copies of their production data, but many do not have direct control over the security of this information," the survey report stated. "Only one out of five take proactive measures to mask or shield this data from prying eyes."
[...]
 
InfoSec News: Iran accused of hacking nuke inspectors' phones, PCs: http://www.theregister.co.uk/2011/05/19/iaea_cellphone_tampering_probe/
By Dan Goodin in San Francisco The Register 19th May 2011
United Nations nuclear officials are investigating reports that Iranian spies may have hacked agency phones and laptops that were left [...]
 
InfoSec News: Mossad carries out daring London raid on Syrian official: Forwarded from: William Knowles <wk (at) c4i.org>
http://www.telegraph.co.uk/news/worldnews/middleeast/israel/8514919/Mossad-carries-out-daring-London-raid-on-Syrian-official.html
By Duncan Gardham Security Correspondent The Telegraph 15 May 2011
The original plan was apparently to assassinate the official and Israel only averted what would have been a huge diplomatic rift with Britain, when they decided the target was more valuable alive than dead.
The operation involved at least 10 undercover agents on the streets of Britain and led directly to a controversial bombing raid into Syrian territory that destroyed a nuclear reactor that was under construction.
It closely mirrored the assassination of Mahmoud al-Mabhouh, a senior Hamas arms trader, who was killed in his hotel room in Dubai last year using agents disguised as tennis players.
The operation began when Israeli intelligence picked up an online booking for a senior Syrian nuclear official at a hotel in Kensington, west London, in late 2006, according to the Israeli authors of the book Israel vs Iran: the Shadow War.
Mossad then dispatched three undercover teams to Britain including a team of "spotters" who were sent to Heathrow airport to identify the official as he flew in from Damascus under a false name. A second team booked into his hotel, while a third monitored his movements and any visitors.
[...]
*==============================================================* "Communications without intelligence is noise; Intelligence without communications is irrelevant." Gen Alfred. M. Gray, USMC ================================================================ C4I.org - Computer Security, & Intelligence - http://www.c4i.org *==============================================================*
 
Xen Multiple Buffer Overflow and Integer Overflow Vulnerabilities
 
Andy's PHP Knowledgebase 'step5.php' Remote PHP Code Execution Vulnerability
 
MediaWiki 1.16.4 Multiple Remote Vulnerabilities
 
Drupal Webform Module Cross Site Scripting and Arbitrary File Upload Vulnerabilities
 

commissum at Infosec Europe 2011
openPR (press release)
(openPR) - Another Infosec Europe has come and gone. Once again, commissum had a strong presence; the company's sixth year of exhibiting at this premier event. Information Security experts commissum [www.commissum.com] managed to make the even a great ...

and more »
 
Room Juice 'display.php' Cross Site Scripting Vulnerability
 

Posted by InfoSec News on May 18

http://news.cnet.com/8301-27080_3-20064112-245.html

By Elinor Mills
InSecurity Complex
CNet News
May 18, 2011

Two researchers say they canceled a talk at a security conference today
on how to attack critical infrastructure systems, after U.S.
cybersecurity and Siemens representatives asked them not to discuss
their work publicly.

"We were asked very nicely if we could refrain from providing that
information at this time," Dillon...
 

Posted by InfoSec News on May 18

http://www.nationaljournal.com/whitehouse/top-cybersecurity-official-resigns-20110518

By Marc Ambinder
National Journal
May 18, 2011

Phil Reitinger, the Department of Homeland Security’s top cyber and
computer crimes official, is resigning just days after the
administration launched its most ambitious cybersecurity initiative.

"I have decided that the time has come for me to move on from the
Department," Reitinger wrote in an...
 

Posted by InfoSec News on May 18

http://www.darkreading.com/database-security/167901020/security/application-security/229502495/survey-database-administrators-it-security-still-not-on-the-same-page.html

By Ericka Chickowski
Contributing Writer
Dark Reading
May 18, 2011

Database administrators still don't get security, according to a study
published Wednesday.

Many DBAs and general IT decision-makers admit they know little about
critical database security issues such...
 

Posted by InfoSec News on May 18

http://www.theregister.co.uk/2011/05/19/iaea_cellphone_tampering_probe/

By Dan Goodin in San Francisco
The Register
19th May 2011

United Nations nuclear officials are investigating reports that Iranian
spies may have hacked agency phones and laptops that were left
unattended during a recent inspection of that country's uranium
enrichment facilities, the Associated Press reported.

The news agency cited three unnamed diplomats who said...
 

Posted by InfoSec News on May 18

Forwarded from: William Knowles <wk (at) c4i.org>

http://www.telegraph.co.uk/news/worldnews/middleeast/israel/8514919/Mossad-carries-out-daring-London-raid-on-Syrian-official.html

By Duncan Gardham
Security Correspondent
The Telegraph
15 May 2011

The original plan was apparently to assassinate the official and Israel
only averted what would have been a huge diplomatic rift with Britain,
when they decided the target was more valuable...
 

Posted by InfoSec News on May 18

http://www.cmio.net/index.php?option=com_articles&view=article&id=27819

By Editorial Staff
CMIO.net
May 18, 2011

The U.S. Department of Health & Human Services (HHS) Office of Inspector
General (OIG) has released two reports released two reports that
question HHS agencies' efforts to secure electronic protected health
information.

An OIG audit cited the Office of the National Coordinator for Health IT
(ONC) for its...
 

Posted by InfoSec News on May 18

Forwarded from: Lionel Garth Jones <lgj (at) usenix.org>

Join us in San Francisco, CA, August 8-12, 2011, for a week covering the
latest research in the security of computer systems, networks,
healthcare, electronic voting, and more.

We know that keeping up with the latest advances in security can be
costly and time-consuming. The 20th USENIX Security Symposium and the
co-located workshops make it easier than ever to stay ahead of the...
 
InfoSec News: Michaels Breach: Patterns Showed Fraud: http://www.bankinfosecurity.com/articles.php?art_id=3639
By Tracy Kitten Managing Editor Bank Info Security May 13, 2011
Card issuers were quick to link incidents of debit and credit fraud to the Michaels retail chain, experts say - a sign that strong transaction [...]
 
InfoSec News: Sony resuming PlayStation Network, Qriocity services: http://www.computerworld.com/s/article/9216742/Sony_resuming_PlayStation_Network_Qriocity_services
By Martyn Williams IDG News Service May 14, 2011
Sony will begin a phased resumption of its PlayStation Network and Qriocity services on Sunday, more than three weeks after a cyber attack [...]
 
InfoSec News: Android Malware Volume Jumps 400%: http://www.informationweek.com/news/229500572
By Mathew J. Schwartz InformationWeek May 13, 2011
The volume of attacks that target the Android mobile operating system has increased by 400% since the summer of 2010. Also in that timeframe, one in 20 enterprise mobile devices has gone missing. [...]
 
InfoSec News: Square Enix customer data leaked after Sony problems: http://www.bangkokpost.com/tech/computer/237244/square-enix-customer-data-leaked-after-sony-problems
Bangkok Post 16/05/2011
Japanese game developer Square Enix Holdings said email addresses of 25,000 customers as well as resumes of 250 job applicants were leaked [...]
 
InfoSec News: Dropbox Lied to Users About Data Security, Complaint to FTC Alleges: http://www.wired.com/threatlevel/2011/05/dropbox-ftc/
By Ryan Singel Threat Level Wired.com May 13, 2011
Dropbox, the wildly popular online storage system, deceived users about the security and encryption of its services, putting it at a competitive [...]
 
InfoSec News: Security expert says casino databases tempting target for cyberterrorism: http://www.vegasinc.com/news/2011/may/12/security-expert-says-casino-databases-tempting-tar/
By Richard N. Velotta Vegas Inc. 12 May 2011
As repositories of the personal information and financial records of hundreds of thousands of guests enrolled in loyalty programs, Las Vegas [...]
 
InfoSec News: Social Networking Here To Stay Despite Security Risks: http://www.informationweek.com/news/security/privacy/229500138
By Paul McDougall InformationWeek May 12, 2011
Companies need to accept that employees will spend at least part of their day on social networks like Facebook, Twitter, and Linked In, and [...]
 
InfoSec News: FBI fights to protect ISPs that snoop on their customers: http://www.theregister.co.uk/2011/05/12/fbi_protects_isps/
By Dan Goodin in San Francisco The Register 12th May 2011
The FBI has finally come clean on the real reason it doesn't want to name phone and internet service providers that participate in a sweeping [...]
 
InfoSec News: Michaels Breach Bigger than Reported: http://www.bankinfosecurity.com/articles.php?art_id=3628
By Tracy Kitten Managing Editor Bank Info Security May 12, 2011
The Michaels debit breach is much bigger than the company initially thought.
Michael Stores initially reported that a scheme, in which point-of-sale [...]
 
InfoSec News: Ruxcon 2011 Call For Papers: Forwarded from: cfp (at) ruxcon.org.au
Ruxcon 2011 Call For Papers
The Ruxcon team is pleased to announce the call for papers for the seventh annual Ruxcon conference.
This year the conference will take place over the weekend of 19th and 20th of November at the CQ Function Centre, Melbourne, Australia.
The deadline for submissions is the 30th of July.
* What is Ruxcon?
Ruxcon is the premier technical computer security conference in the Australia-Pacific region. The conference aims to bring together the individual talents of the best and brightest security folk in the region, through live presentations, activities and demonstrations.
The conference is held over two days in a relaxed atmosphere, allowing attendees to enjoy themselves whilst networking within the community and expanding their knowledge of security.
Live presentations and activities will cover a full range of defensive and offensive security topics, varying from previously unpublished research to required reading for the security community.
For more information, please visit http://www.ruxcon.org.au
* Presentation Information
Presentations are set to run for 50 minutes, and will be of a formal nature, with slides and a speech.
* Presentation Submissions
Ruxcon would like to invite people who are interested in security to submit a presentation.
Topics of interest include, but are not limited to:
o Mobile Device Security o Virtualization, Hypervisor, and Cloud Security o Malware Analysis o Reverse Engineering o Exploitation Techniques o Rootkit Development o Code Analysis o Forensics and Anti-Forensics o Embedded Device Security o Web Application Security o Network Traffic Analysis o Wireless Network Security o Cryptography and Cryptanalysis o Social Engineering o Law Enforcement Activities o Telecommunications Security (SS7, 3G/4G, GSM, VOIP, etc)
Submissions should thoroughly outline your desired presentation subject.
If you have any enquiries about submissions, or would like to make a submission, please send an e-mail to presentations () ruxcon org au
The deadline for submissions is the 30th of July.
If approved we will additionally require:
i. A brief personal biography (between 2-5 paragraphs in length). ii. A description on your presentation (between 2-5 paragraphs in length).
* Contact Details
Presentation Submissions: presentations () ruxcon org au
 
InfoSec News: Qld cops denounce 'ethical hacking': http://www.zdnet.com.au/qld-cops-denounce-ethical-hacking-339315264.htm
By Stilgherrian ZDNet.com.au May 18th, 2011
Police have spoken out strongly against so-called "ethical hacking" in the wake of yesterday's demonstration of a Facebook privacy hack at the [...]
 
InfoSec News: Researcher hacks Facebook to expose rival's private photographs: http://news.techworld.com/security/3280301/researcher-hacks-facebook-to-expose-rivals-private-photographs/
By John E Dunn Techworld 17 May 11
An Australian security researcher has compromised Facebook security in the most personal way imaginable, publically ‘hacking’ private [...]
 
InfoSec News: Regulator plans to discipline Hyundai Capital over hacking: http://english.yonhapnews.co.kr/business/2011/05/18/55/0503000000AEN20110518003500320F.HTML
Yonhap News Agency 2011-05-18
SEOUL, May 18 (Yonhap) -- South Korea's financial regulator decided Wednesday to punish Hyundai Capital Services Inc. for lax computer [...]
 
InfoSec News: It's the human threat, stupid: http://www.csoonline.com/article/682445/it-s-the-human-threat-stupid
By George V. Hulme CSO May 17, 2011
Anyone who has worked to defend enterprise secrets from theft knows that the answer to success certainly doesn't come from technology alone.
Few know this better than Eric O'Neill. [...]
 
InfoSec News: Some sites struggle to stay up due to Heroku attack: http://www.computerworld.com/s/article/9216795/Some_sites_struggle_to_stay_up_due_to_Heroku_attack
By Nancy Gohring IDG News Service May 17, 2011
A potential DDoS attack on Heroku, the Ruby platform-as-a-service provider now owned by Salesforce.com, is creating availability issues [...]
 
InfoSec News: Hack attacks on US could spark military action: http://www.theregister.co.uk/2011/05/17/white_house_cyberspace_strategy/
By Dan Goodin in San Francisco The Register 17th May 2011
The Obama Administration has put the world on notice that hack attacks directed against US assets could be met with military action. [...]
 
InfoSec News: ISI Major hacked army officer's mail: http://www.hindustantimes.com/ISI-Major-hacked-army-officer-s-mail/Article1-698006.aspx
By Sanjib Kr Baruah Hindustan Times New Delhi May 16, 2011
A serving Inter-Services Intelligence (ISI) officer Major Sameer Ali hacked an Indian Army major's e-mail account in 2010 and extracted many [...]
 
InfoSec News: Zeus Sourcecode Leak Opens Up New Crimeware Markets: Researchers: http://www.crn.com/news/security/229500710/zeus-sourcecode-leak-opens-up-new-crimeware-markets-researchers.htm
By Stefanie Hoffman CRN May 16, 2011
Sourcecode for the notorious Zeus banking Trojan leaked onto the Internet could have been a strategic move to reinvigorate demand for [...]
 
InfoSec News: Cyber attackers try Treasury hack at least once a day: http://www.csoonline.com/article/682397/cyber-attackers-try-treasury-hack-at-least-once-a-day
By Anh Nguyen CSO May 16, 2011
'Hostile intelligence agencies' made hundreds of attempts to hack into the Treasury's computer system last year, Chancellor George Osborne has revealed. [...]
 
InfoSec News: White House Sets Global Cybersecurity Strategy: http://www.darkreading.com/advanced-threats/167901091/security/news/229500701/white-house-sets-global-cybersecurity-strategy.html
By Kelly Jackson Higgins Dark Reading May 16, 2011
The Obama administration today made it clear that it sees the fight [...]
 
InfoSec News: How security chief's bank details leaked: http://www.smh.com.au/technology/security/how-security-chiefs-bank-details-leaked-20110516-1eopz.html
By Ben Grubb The Sydney Morning Herald May 16, 2011
Security firm Symantec's Australian chief has revealed how his personal credit card details were leaked by a Melbourne restaurant, which he said highlighted the need for mandatory privacy breach notification laws.
The security chief, Craig Scroggie, told of his experience at a Symantec roundtable discussion in Sydney last week which revealed the average cost of a data breach to Australian companies was $2 million.
He said the government should implement Australian Law Reform Commissioner (ALRC) recommendations requiring companies to notify customers when a data breach has occurred, but raised questions over how it could be enforced.
Such laws would require an organisation to notify individuals if, for example, their username, password or credit card details had been breached by a hacker. The government has been criticised for failing to implement these laws despite sitting on recommendations for them since 2008.
[...]
 
InfoSec News: [Dataloss Weekly Summary] Week of Sunday, May 8, 2011: ========================================================================
Open Security Foundation - DataLossDB Weekly Summary Week of Sunday, May 8, 2011
17 Incidents Added.
======================================================================== [...]
 
InfoSec News: Teens sentenced for vicious attack on UK hosting firm: http://news.techworld.com/security/3279975/teens-sentenced-for-vicious-attack-on-uk-hosting-firm/
By John E Dunn Techworld 16 May 11
Two UK teens have been sentenced to a suspended prison term and community service for a vicious online campaign that caused an online [...]
 
InfoSec News: David Millar reacts angrily to UCI's secret Tour de France doping investigation leaked by L'Equipe: http://www.telegraph.co.uk/sport/othersports/cycling/8512926/David-Millar-reacts-angrily-to-UCIs-secret-Tour-de-France-doping-investigation-leaked-by-LEquipe.html
By Brendan Gallagher The Telegraph 13 May 2011
An angry David Millar insists "heads should roll" within cycling's [...]
 
InfoSec News: Internet attack files sent to RCMP: http://www.timescolonist.com/Internet+attack+files+sent+RCMP/4784705/story.html
Times Colonist May 14, 2011
Details of the cyberattack that choked thousands of websites hosted by Islandnet.com are now in the hands of the RCMP.
Mark Morley, who owns Islandnet. [...]
 


Internet Storm Center Infocon Status