Hackin9

InfoSec News

Instagram can drive data to its computing systems on Amazon.com's EC2 service 20 times as fast with solid-state drives, a co-founder of the photo-sharing service said on Thursday at the GigaOm Mobilize conference in San Francisco.
 
The global launch of Apple's iPhone 5 began early Friday morning in Australia when stores in the country opened their doors at 8 a.m. The phone has attracted massive attention from consumers, and some analysts expect it to be Apple's biggest phone launch ever.
 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
The global launch of Apple's iPhone 5 began early Friday morning in Australia when stores in the country opened their doors at 8 a.m. The phone has attracted massive attention from consumers, and some analysts expect it to be Apple's biggest phone launch ever.
 
Microsoft and Hewlett-Packard are using "loopholes and gimmicks" to avoid paying millions of dollars in U.S. taxes, the chairman of a U.S. Senate subcommittee said Thursday.
 
A Republican-led effort to issue up to 55,000 STEM visas a year to students who earn advanced degrees at U.S. universities was defeated Thursday in a House vote.
 
The Financial Services Information Sharing and Analysis Center has put U.S. banks on high alert against cyberattackers seeking to steal employee network login credentials to conduct extensive wire transfer fraud.
 
An Italian startup backed by the Vatican Thursday launched a global portal for Catholic websites intended to provide reliable information for people seeking the truth about the Christian religion.
 
Oracle on Thursday reported that net income rose 11% to $2 billion while revenue fell 2% to $8.2 billion in the first quarter ended Aug. 31, with the period marked by some strength in software but falling hardware revenues.
 
Apple yesterday quietly released a security update for OS X 10.6, aka Snow Leopard, effectively extending support for the three-year-old OS beyond the normal lifecycle.
 
Nokia might not be the favored vendor du jour of a Windows Phone 8 smartphone, but the Finnish cell-phone maker nonetheless issued a diplomatically worded statement in response to Microsoft CEO Steve Ballmer's praise for HTC's 8X and 8S devices announced Wednesday.
 
Attackers are increasingly exploiting a combination of connected systems, poor policy enforcement and human error to cause data breaches, but there have been some information security successes: Spam and phishing attacks are down, reported SQL injection vulnerabilities are on the decline and sandboxing technology is making it safer to open documents like PDFs again.
 
Oracle has filed suit against Texas company Advanced Dynamic Interfaces, seeking to have an intellectual-property action it filed against 20 users of Oracle software tossed out of court.
 
The race to manufacture the most power-efficient and fastest chips is gaining momentum, with contract chip manufacturer GlobalFoundries on Thursday announcing technology advances that analysts said could allow the company to catch up with Intel's chip-making capabilities by 2014.
 
Drupal Read More Link Module HTML Injection Vulnerability
 
Drupal Data Module Cross Site Scripting Vulnerability
 
Drupal Node Recommendation Module Cross Site Scripting Vulnerability
 
Apple's iPhone 5 arrives Friday, and buyers lined up to purchase the smartphone before stores opened. Here's a real-time look at what's happening worldwide by IDG News Service reporters in Australia, Japan, Singapore, Hong Kong, France, Germany, the U.K. and the U.S.
 
If you're jonesing for an iPhone 5 and you didn't order in the middle of the night last week, here's a look at how you might still get on when they go on sale Friday.
 
Census Bureau data show a 2.8% increase in the median earnings for computer and math jobs, with women earning 85% of what men do in the field.
 
Microcart CVE-2012-4241 Multiple Cross Site Scripting Vulnerabilities
 
libdbus 'DBUS_SYSTEM_BUS_ADDRESS' Variable Local Privilege Escalation Vulnerability
 
A temporary automated fix plugging the dangerous flaw is available until an official patch is released.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Indonesia, a country composed of more than 70,000 islands that has infrastructure issues in electricity and limited bandwidth, is rolling out the world's most ambitious biometrics-based national identity card project for its citizens.
 
Contactless fare cards in the New Jersey and San Francisco transit systems can be manipulated using an Android application, enabling travelers to reset their card balance and travel for free, researchers demonstrated at the EUSecWest security conference in Amsterdam.
 
Apple Mac OS X Security Update 2012-004 Multiple Security Vulnerabilities
 
The U.S. Department of Commerceamp's National Institute of Standards and Technology (NIST) today announced more than $9 million in grant awards to support the National Strategy for Trusted Identities in Cyberspace (NSTIC). Five U.S. ...
 
A judge in California refused on Thursday to order YouTube to pull down a controversial anti-Islam movie trailer that has sparked violent protests at U.S. diplomatic missions in many Middle East countries, according a spokeswoman for the plaintiff's attorneys The Armenta Law Firm.
 
Google-owned Motorola Mobility is infringing a Microsoft patent related to text input, a lower regional court in Munich decided on Thursday. The verdict will result in a sales ban on some phones and Motorola will also be liable for damages if an expected appeal is unsuccessful, the court said.
 
WebKit Multiple Unspecified Memory Corruption Vulnerabilities
 
Samsung Electronics intends to drag the iPhone 5 into an ongoing patent lawsuit with Apple, according to documents filed with a U.S. court on Wednesday. Apple, for its part, expects to extend its suit to include the Samsung Galaxy Note 10.1 and the latest version of Android, Jelly Bean.
 
Two participants in a hacking competition managed to tease out pictures, videos and browsing history from an iPhone 4S. The vulnerability they used seems still to exist in iOS 6


 
A faulty signature update is leading Sophos' AV engine to believe that programs with bundled update mechanisms - including its own updater - are viruses


 

Wednesday (19 SEP) proved to be a day of hand-wringing and concern for the financial sector as the online presences of both Chase and Bank of America suffered outages and performance impact, allegedly due to distributed denial of service (DDoS) attacks.
Financial Services Information Sharing and Analysis Center (FS-ISAC) has raised its Cyber Threat Level from 'Elevated' to 'High' on the basis of credible intelligence regarding the potential for DDoS and other cyber-attacks against financial institutions.
According to Reuters, FS-ISACs advisory comes right on the heels of a fraud alert that the FBI published advising financial services firms that cyber criminals may be disrupting service to their websites in a bid to keep banks from noticing a recent surge in fraudulent large-sized wire transfers.
These attacks also follow a statement posted to the Internet in which the claimant stated attacks would continue until the film that had stirred up anti-U.S. protests across the Middle East was erased from the Internet.

Source article: http://news.yahoo.com/jpmorgan-chase-consumer-website-intermittently-down-182802693--sector.html

If ISC learns of any consistencies in data that can be correlated, well be sure to keep you informed and stand ready to assist.
Meanwhile, per FS-ISAC, particularly for those of you defending resources in the financial sector, maintain a heightened level of awareness, apply all appropriate updates and update AV and IDS/IPS signatures, ensure constant diligence in monitoring and quick response to any malicious events.

Russ McRee | @holisticinfosec

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

Sans heads to Dubai with Gulf 2012 event
AME Info
Sans Gulf Region 2012, one of the region's largest infosec training events will be held at the Hilton Dubai Jumeirah from October 13th to 25th with a roster of courses covering virtualisation, cloud security, hacker techniques and Incident Handling ...

 
Hewlett-Packard on Thursday announced new Pavilion Sleekbooks, which the company is pitching as laptops that are cheaper than ultrabooks but competitive in weight and thickness.
 
T-Mobile USA will officially start a new chapter when a new CEO, John Legere, takes over later this week.
 
Microsoft released a stopgap defense that protects Internet Explorer against attacks until the company issues a patch on Friday.
 
As companies embrace big data, they're in the market for high-level strategists and communicators. Do you have the chops to snag a big data job?
 
In a new twist over the controversy surrounding an anti-Islam movie trailer on YouTube, an actress shown in the trailer has filed a lawsuit demanding that YouTube and its owner Google take down the video.
 
Users can now protect their systems against the critical vulnerability in Internet Explorer using a temporary Fix-it tool from Microsoft. A cumulative update to address the problem is expected to be available soon


 
Ken Knezek, who owns a business that sells footwear, understands the importance of a sales tax. His business is in Texas, which doesnt have an income tax.
 
With iOS 6, Apple has addresed almost 200 individual CVE items. One vulnerability in particular had allowed attackers to change critical system settings on devices through faked system updates


 
Apache Qpid (qpidd) Denial of Service Vulnerability
 
Germany has indicted one HP employee and some former ones following a bribery investigation into a a!35 million (US$45.7 million) deal to supply Russia's General Prosecutor's Office with IT equipment.
 
Linux Kernel 'request_module() OOM' Local Denial Of Service Vulnerability
 

Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client
The Cisco AnyConnect Secure Mobility Client is affected by multiple vulnerabilities.
Advisory ID: cisco-sa-20120620-ac

Apple security updates:
APPLE-SA-2012-09-19-1 iOS 6
APPLE-SA-2012-09-19-2 OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and

Security Update 2012-004
APPLE-SA-2012-09-19-3 Safari 6.0.1
Russ McRee | @holisticinfosec (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

Posted by InfoSec News on Sep 19

http://www.businessweek.com/news/2012-09-19/ex-cme-group-software-engineer-admits-secrets-theft-u-dot-s-dot-says

By Andrew Harris
Bloomberg News
September 19, 2012

A former CME Group Inc. (CME) software engineer confessed to stealing
trade secrets from his ex- employer, the operator of the world’s largest
futures exchange.

Chunlai Yang, 49, who was indicted last year, pleaded guilty to two
counts of trade-secrets theft today before U.S....
 

Posted by InfoSec News on Sep 19

http://www.japantimes.co.jp/text/nn20120920b7.html

The Japan Times Online
Sep. 20, 2012

The websites of at least 19 Japanese banks, universities and other
institutions have come under cyber-attack since Japan nationalized the
Senkaku Islands on Sept. 11 despite objections from China and Taiwan,
the National Police Agency said Wednesday.

The electronic attacks made accessing the sites temporarily impossible.
Some of the attackers also...
 

Posted by InfoSec News on Sep 19

http://bits.blogs.nytimes.com/2012/09/19/an-alert-system-for-security-breaches/

By NICOLE PERLROTH
The New York Times
September 19, 2012

It was, no doubt, the year of the security breach.

Hackers breached LinkedIn, LastFM.com, eHarmony, Yahoo and other sites,
then posted customers’ usernames, passwords, e-mail addresses and device
IDs to the Internet for all to see. In most cases, the consumers had to
dig through hackers’ data dumps to...
 

Posted by InfoSec News on Sep 19

http://www.informationweek.com/government/security/cyber-warfares-legal-questions/240007560

By J. Nicholas Hoover
InformationWeek
September 19, 2012

Legal norms are emerging in cybersecurity, but many questions about what
is legal and what is not in cyber warfare remain unanswered, both in the
U.S. and on the international stage, diplomatic and national security
officials said Tuesday at an event hosted by U.S. Cyber Command at Fort
Meade,...
 

Posted by InfoSec News on Sep 19

http://www.computerworld.com/s/article/9231448/Galaxy_S3_hacked_via_NFC_at_Mobile_Pwn2Own_competition

By Loek Essers
IDG News Service
September 19, 2012

The Samsung Galaxy S3 can be hacked via NFC, allowing attackers to
download all data from the Android smartphone, security researchers
demonstrated during the Mobile Pwn2Own contest in Amsterdam on
Wednesday.

Researchers from security company MWR Labs showed the audience at the
Mobile...
 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Internet Storm Center Infocon Status