Hackin9

InfoSec News

The buttoned-down IT industry outshone flashy consumer Internet startups at raising money in the first quarter, logging a big increase in U.S. venture capital investments, especially in enterprise software.
 
Contrary to reports by several security companies, the Flashback botnet is not shrinking, the Russian antivirus firm that first reported the massive infection three weeks ago claimed today.
 
Several technology trade groups are pushing the U.S. Congress to pass a controversial cyberthreat information-sharing bill, despite ongoing privacy concerns voiced by digital rights and civil liberties groups.
 
Some of the biggest names in IT reported mixed results this week for the first quarter, leading to a dip in tech stocks Friday even as some major indexes showed gains for other sectors.
 
TYPO3 Exception Handler Cross Site Scripting Vulnerability
 
XSS in Kaseya version 6.2.0.0 web interface
 
[security bulletin] HPSBMU02764 SSRT100827 rev.2 - HP System Management Homepage (SMH) Running on Linux and Windows, Remote Cross Site Request Forgery (CSRF), Denial of Service (DoS), Execution of Arbitrary Code, Other Vulnerabilities
 
IPv6 host scanning in IPv6
 
Two senior lawmakers are asking the Federal Aviation Administration to explain how the agency will ensure that privacy rights are protected when it issues drone licenses to government, law enforcement and private organizations.
 
LightSquared has a further two years in which to seek regulatory approval for its LTE mobile network in the U.S. before it must begin making payments to its radio spectrum supplier Inmarsat, the companies announced Friday.
 
Microsoft may have simply run out of time with Windows RT as it tried to keep up with rivals Apple and Google, an analyst said today.
 
Rowan-Salisbury School System is looking to technology from Aerohive Networks for better management of its Wi-Fi network.
 
Google might want to use its new smart-glasses prototype to look over its shoulder.
 
A team of researchers from Pennsylvania State University (PSU) and IBM have designed a proof-of-concept Android Trojan app that can steal passwords and other sensitive information by using the smartphone's motion sensors to determine what keys victims tap on their touchscreens when unlocking their phones or inputting credit card numbers during phone banking operations.
 
YouTube must filter content uploaded by users a German court ruled on Friday.
 
HTTP Response Splitting in Oracle Enterprise Manager (prevPage parameter) (CVE-2012-0526)
 
DC4420 - London DEFCON - April meet - Tuesday April 24th 2012
 
[security bulletin] HPSBUX02761 SSRT100823 rev.1 - HP-UX Running Apache, Remote Denial of Service (DoS), Local Increase of Privilege
 
[SECURITY] [DSA 2454-1] openssl security update
 
Nokia has lost an intellectual property case against IPCom in Mannheim, Germany, but the verdict will have little effect because existing phones aren't infringing on the patent, Nokia said Friday.
 
Stronger-than-expected sales of Windows helped Microsoft post a 6% increase in revenue for the first quarter of 2012, the company said yesterday.
 
[Ask the iTunes Guy is a regular column in which we answer your questions on everything iTunes related. If there's something you'd like to know, send an email to the iTunes Guy for consideration.]
 
A Dusseldorf court has set a date to hear an appeal from Apple, which is seeking an injunction preventing Samsung Electronics from selling a tablet modified to beat an earlier injunction, a court spokesman said on Friday.
 
A federal court in California has ordered seven technology companies including Apple, Intel, Adobe and Google to face a private antitrust suit from five former employees, who alleged that the companies conspired to eliminate competition between them for skilled labor to suppress compensation and mobility of employees.
 
The FBI is unlikely to uncover from a seized server the identity of someone emailing bomb threats to the University of Pittsburgh, according to groups who used the equipment.
 
Tim Berners-Lee has said that the problem with companies like Facebook and Google is not that they collect vast troves of data about their users, but that they don't share with them what they learn from it.
 
Sony said Friday it will launch its online photo sharing service, "PlayMemories Online," next week.
 
From the desktop to digital music, search to mobile devices, these Big Three have shaped our digital lives for more than a decade. Who's winning now? Here's how the battle shakes out.
 
Microsoft yesterday laid out the exclusive features of Windows 8 Enterprise, one of three editions of the upcoming OS and the only one limited to corporate customers.
 
Adobe Flash Player Remote Command Execution Vulnerability
 
Linux kernel fcaps Local Security Bypass Vulnerability
 

What can software application developers expect from InfoSec?
ComputerWeekly.com (blog)
By Adrian Bridgwater on April 20, 2012 4:14 AM | No Comments The collective PR machine driving vendors' appearances at the show has been just a little wearisome, with very few clients taking the trouble (so far) to drill down into the real "what it ...

 
Apple and a Chinese company have started talks to try and resolve an ongoing legal dispute over the iPad trademark, according to a lawyer involved in the case.
 

Red Sky Alliance and Collaborative Cyber Sharing: It's good to give, but it's ...
SYS-CON Media (press release) (blog)
No one company has all of the skills required in their current bench of Infosec labor to do it all. Controls in a standard defense in depth infrastructure might number several hundred, ranging from managing data, ensuring the blood running through the ...

 

Posted by InfoSec News on Apr 19

http://news.techworld.com/security/3352463/infected-wordpress-blogs-blamed-for-mac-flashback-trojan/

By John E Dunn
Techworld
19 April 2012

The source of the Apple Mac Flashback Trojan was probably a large clutch
of compromised US-based WordPress blog websites hijacked to push
visitors to malware hosts, Kaspersky Lab research has revealed.

As has previously been established by various sources, between September
2011 and February of this...
 

Posted by InfoSec News on Apr 19

http://www.csoonline.com/article/704577/compliance-isn-t-security-but-companies-still-pretend-it-is-according-to-survey

By Taylor Armerding
CSO
April 19, 2012

It has become a cliche in information security: Compliance is not
security.

But there is still an unsettling amount of denial out there, based on a
recent study from HIMSS Analytics and Kroll Advisory Solutions.

According to the 2012 "HIMSS Analytics Report: Security of Patient...
 

Posted by InfoSec News on Apr 19

http://gcn.com/articles/2012/04/19/air-force-quantum-communications-mass-effect-3.aspx

By Greg Crowe
GCN.com
April 19, 2012

The U.S. Air Force Office of Scientific Research is funding a group of
scientists from seven universities to investigate the best way to
develop “quantum memories” for securing long-range communications.

The team, led by scientists at Georgia Institute of Technology, will
evaluate three ways of creating entangled...
 

Posted by InfoSec News on Apr 19

Forwarded from: cfp (at) ruxcon.org.au

Ruxcon 2012 Call For Papers

The Ruxcon team is pleased to announce the call for papers for the 2012
annual Ruxcon conference.

This year the conference will take place over the weekend of 20th and
21st of October at the CQ Function Centre, Melbourne, Australia.

The deadline for submissions is the 15th of July.

* What is Ruxcon?

Ruxcon is the premier technical computer security conference in the...
 

Posted by InfoSec News on Apr 19

http://www.darkreading.com/advanced-threats/167901091/security/vulnerabilities/232900561/anonymous-must-evolve-or-break-down-say-researchers.html

By Robert Lemos
Contributing Writer
Dark Reading
April 19, 2012

SOURCE Boston -- Boston -- Anonymous is a complex and chaotic movement:
It is the heroic free speech efforts that helped protesters in Tunisia
and Egypt; it is the lulz -- oddball, and sometimes vicious, pranks --
pulled to prove a...
 
Internet Storm Center Infocon Status