AFORE Solutions today announced encryption software aimed at securing data in virtualized environments where Microsoft Windows applications are used, including virtualized desktop infrastructure deployments based on VMware, Citrix or Microsoft VDI.
Linux Kernel Multiple Local Information Disclosure Vulnerabilities
[security bulletin] HPSBUX02922 SSRT101305 rev.1 - HP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
Many companies have begun using specialized software to analyze what people are saying about their products and services on social media, and now SAP says it can help them match up individuals' social profiles with customer history data from CRM (customer relationship management) systems.
Google has reduced the time buyers have to wait to receive the US$35 Chromecast TV device, saying it will ship orders in two weeks or less.
Hewlett-Packard has launched a file storage service for users of its Autonomy WorkSite document management software that it promises can be more helpful than consumer-focused hosted file services.

Motorola has unveiled an accessory for its new Moto X smartphone that its marketers claim "provides all the benefits of a PIN without the hassle." That claim is only half right, but you wouldn't know it from a blog post introducing the Motorola Skip and all the headlines that followed. Left out of the coverage are some key protections people may lose when using the thumb-sized clip.

Yes, the wearable fob, when electronically paired with a Moto X, instantly unlocks phones with a simple tap, skipping the step of first entering a personal identification number or swiping a pattern. Making things even easier are three "dots" that accompany the clip and can be affixed to desks, bedside tables, and other trusted zones. Paired phones can be unlocked by tapping them on the tiny stickers—again, with no PIN or pattern required. Assuming it takes 2.3 seconds each time a four-digit PIN is entered and people unlock their phones from 39 to 100 times each day—as Motorola figures claim—a device like Skip can save huge amounts of time over the lifetime of a phone.

But as is almost always the case with security, the added convenience comes with a cost. In exchange for making things easier, people who use Skip may be vulnerable to several threats that are impractical against mobile devices protected only by old-fashioned personal identification numbers.

Read 5 remaining paragraphs | Comments


Google is making good on its promise to make its Maps app more comprehensive and useful following its acquisition of mapping company Waze, with some new traffic update features going live Tuesday.
After a Palestinian researcher was denied a bug bounty by Facebook, Marc Maiffret, CTO of BeyondTrust, kicked off a crowd-sourced fund yesterday to come up with a reward.
BlackBerry 10 smartphone sales have been disappointing, and last week the company announced that it's essentially up for sale. Bad news aside, five key industry trends suggest that BlackBerry's purported advantages no longer matter.
The recommendations can be leveraged by any organization that wants to more effectively adopt cloud-computing services.
Over the next two decades, automated cars, like the one Google is building, will reach sales of 95 million worldwide, according to research firm Navigant, but significant legislative and legal hurdles remain.
Linux Kernel CVE-2013-0343 IPv6 Temporary Addresses Remote Security Vulnerability
Samsung DVR authentication bypass
A new report* by biometric researchers at the National Institute of Standards and Technology (NIST) uses data from thousands of frequent travelers enrolled in an iris recognition program to determine that no consistent change occurs in ...
The National Institute of Standards and Technology (NIST) has updated two of its series of computer security guides to help computer system managers protect their systems from hackers and malware. Vulnerabilities in software and firmware ...
The American National Standards Institute (ANSI) has recognized two staff members from the National Institute of Standards and Technology (NIST) for their significant contributions to national and international standardization ...
YouTube is adding new video-playing functions to its mobile app on both iOS and Android devices. Some of the tools are aimed at giving users more control over how they stream video to their television sets using Chromecast, Google's new video streaming device.
Linux Kernel CVE-2013-4127 Use After Free Memory Corruption Vulnerability
Linux Kernel CVE-2013-4247 Memory Corruption Vulnerability
Linux Kernel 'mmc_ioctl_cdrom_read_data()' Function Local Information Disclosure Vulnerability
Technology legal news website Groklaw is shutting down due to concerns over the continued availability of secure email in the wake of revelations about U.S. government surveillance.
Amazon Web Services remains the top IaaS public cloud computing provider, offering the widest breath of services of any vendor in the market, Gartner concluded in its annual Magic Quadrant report.
ESA-2013-047: RSA® Authentication Agent for PAM Unlimited Login Attempts Vulnerability
Verizon's Motorola Droid Ultra has a larger display and a couple of other features, but that doesn't put it ahead of its smaller cousin, the Moto X.
Although cyberattacks caused just 6% of significant outages of public electronic communications networks and services in the E.U. last year, they affected more people than hardware failure, a much more common factor in service disruptions, according to a report from the European Union Agency for Network and Information Security.
With an update to its Foglight for Virtualization software package, Dell can now help organizations rid their systems of resource-sucking zombie virtual machines.
A team of researchers from Georgia Tech has demonstrated how hackers can slip a malicious app past Apple's reviewers so that it's published to the App Store and ready for unsuspecting victims to download.
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
FUDforum 'index.php' HTML Injection Vulnerability
LibTIFF CVE-2013-4231 Multiple Buffer Overflow Vulnerabilities
After the terrorist strikes of Sept. 11, 2001, the New York Stock Exchange learned some valuable lessons in keeping a time-sensitive financial trading network alive during a time of crisis.
The IT job market has slowly and steadily been growing overall, but these 10 states have shown the most growth within the tech jobs sector. We talk to industry experts to find out what's driving the trends in these thriving markets.
Technology legal news website Groklaw is shutting down due to concerns over the continued availability of secure email in the wake of revelations about U.S. government surveillance.
PHP SSL Certificate Validation CVE-2013-4248 Security Bypass Vulnerability
Python SSL Module CVE-2013-4238 Security Bypass Vulnerability
Tablets are still perceived as devices better suited to consuming content than to creating it. In reality, they empower a new kind of content creation -- one that is distinct from that of PCs and smartphones.
Heading into the heart of hurricane season 10 months after Sandy slammed the New York metropolitan area, Wall Street has had time to reassess and revamp backup plans.
LinuxSecurity.com: The system could be made to expose sensitive information.
LinuxSecurity.com: Several security issues were fixed in the kernel.
LinuxSecurity.com: Several security issues were fixed in the kernel.
LinuxSecurity.com: Several security issues were fixed in the kernel.
LinuxSecurity.com: Several security issues were fixed in the kernel.
LinuxSecurity.com: Several security issues were fixed in the kernel.
LinuxSecurity.com: Several security issues were fixed in the kernel.
Part 2 of our three-part how-to series on Google+ teaches you how to find your crowd, create a following and make your content pop.
Public website owners have the right to selectively block users from their sites and anyone who circumvents those blocks may be violating the Computer Fraud and Abuse Act, a federal judge ruled.
The market share of Apple's iPad fell dramatically in China during the second quarter as a result of competition from Android tablets made by little-known "white box" vendors.
Microsoft is updating the recently launched beta of Windows Phone App Studio to improve performance and scalability after the new app development tool crossed 55,000 active projects.
A McAfee vice president and seasoned technology executive will head the Department of Homeland Security's cybersecurity office, the agency announced Monday.
[PSA-2013-0819-1] Oracle Java BytePackedRaster.verify() SignedInteger Overflow
RETIRED: IBM InfoSphere BigInsights Multiple Security Vulnerabilities
[security bulletin] HPSBMU02902 rev.2 - HP Integrated Lights-Out iLO3, iLO4, and iLO CM IPMI, Cipher Suite 0 Authentication Bypass Vulnerability
Download Monitor 'p' Parameter Cross Site Scripting Vulnerability
Serendipity 'serendipity_admin_image_selector.php' Cross Site Scripting Vulnerability

Posted by InfoSec News on Aug 20


By Ellen Messmer
Network World
August 19, 2013

A number of IT security skills certifications requiring candidates to pass
exams have sharply gained in terms of demand and pay value, according to a
new Foote Partners report.

The "2013 IT Skills Demand and Pay Trends Report" is based on the tracking
of the demand for a wide range of IT skills at...
phpVID Multiple Cross Site Scripting and SQL Injection Vulnerabilities

Posted by InfoSec News on Aug 20


By David Geer
CSO Online
August 19, 2013

A large number of end-user computers are mobile devices and the lion's
share of those are smartphones. APTs are increasingly targeting the mobile

"Mobile malware increased more than 1,000-percent in 2012 alone," said
Catalin Cosoi, Chief Security Researcher, BitDefender. BitDefender bases
this data on...

Posted by InfoSec News on Aug 20


By Michael Lee
ZDNet News
August 19, 2013

Despite CISOs having the words "information security" in their title,
their role should not be that of the company's defender against hackers
and online attacks, according to Gartner vice president and security and
risk management chief of research Paul Proctor.

Speaking at the Gartner Security and...

Posted by InfoSec News on Aug 20


By Warwick Ashford
19 August 2013

Cyber attack or disruption could cause the next systemic shock to the UK
banking industry rather than a liquidity crunch, according to the latest
report from business consultancy firm KPMG.

While the banking industry has addressed many of the problems that had led
to the financial crisis...

Posted by InfoSec News on Aug 20


By Kim Zetter
Threat Level

Now that Facebook has refused to pay a Palestinian security researcher the
bug bounty he hoped to earn for reporting a problem with its service, a
top security researcher has launched a campaign to pay him the money
Facebook denied him.

The campaign, launched by security pro Marc Maiffret, has raised $6,030
for Khalil...
Internet Storm Center Infocon Status