Hackin9
WebKit CVE-2013-0993 Unspecified Memory Corruption Vulnerability
 
Apple iPhone/iPad/iPod touch Prior to iOS 7 CVE-2013-5142 Information Disclosure Vulnerabilities
 

(ISC)2 Congress Addresses Security's
Dark Reading
Meetings of security professional organizations such as (ISC)2, ISSA, and ISACA represent the "everyman" infosec pro, who may not always be up on the most current products or attacks because he or she is fighting the everyday fires of the enterprise.

and more »
 
WebKit CVE-2013-1038 Unspecified Memory Corruption Vulnerability
 
Google Chrome and Mozilla Firefox Browser Cookie Verification Security Weakness
 
WebKit CVE-2013-1011 Unspecified Memory Corruption Vulnerability
 
WebKit CVE-2013-5126 Unspecified Memory Corruption Vulnerability
 

(ISC)2 Congress Addresses Security's "People" Problems
Dark Reading
Meetings of security professional organizations such as (ISC)2, ISSA, and ISACA represent the "everyman" infosec pro, who may not always be up on the most current products or attacks because he or she is fighting the everyday fires of the enterprise.

 
[security bulletin] HPSBST02919 rev.1 - HP XP P9000 Command View Advanced Edition Suite Software, Remote Cross Site Scripting (XSS)
 
Moodle CVE-2013-4341 Multiple Cross Site Scripting Vulnerabilities
 
Moodle CVE-2013-4313 SQL Injection Vulnerability
 
Moodle Amazon S3 Repository CVE-2012-6087 Security Bypass Vulnerability
 
Linux Kernel CVE-2013-4343 Local Denial of Service Vulnerability
 
APPLE-SA-2013-09-20-1 Apple TV 6.0
 
Monstra CMS v1.2.0 - Blind SQL Injection Vulnerability
 
It's been two months since Steve Ballmer unfurled his plan to restructure Microsoft's operations, and inquiring minds would like to know what stage the process is at.
 
BlackBerry lost close to $1 billion in the July to September quarter as users abandoned its once-dominant platform.
 
Columnist Michael deAgonia has reviewed every iPhone released for Computerworld, which means he's ordered online, waited for the FedEx truck and stood in long lines just like other eager iPhone buyers. Here's how his day went today.
 
A U.S. lawmaker wants to know whether the Touch ID fingerprint reader in Apple's iPhone 5S has adequate controls to protect the personal data of users.
 

RSA, the security firm that confirmed two of its products by default use a crucial cryptography component reportedly weakened by the National Security Agency, said such design choices are made independently.

"RSA always acts in the best interest of its customers and under no circumstances does RSA design or enable any backdoors in our products," the security division of EMC said in a brief statement published Friday. "Decisions about the features and functionality of RSA products are our own."

The post came a day after RSA advised customers of the BSAFE toolkit and the Data Protection Manager to stop using something called Dual_EC_DRBG, which is the default random number generator (RNG) for creating cryptographic keys for both applications. The New York Times recently reported that the technology contained backdoor weaknesses inserted by the NSA before the National Institute of Standards and Technology formally adopted it as a standard in 2006.

Read 8 remaining paragraphs | Comments


    






 
Torque CVE-2013-4319 Remote Arbitrary Code Execution Vulnerability
 

The Internet Storm Center is beginning to see increased evidence of exploits in the wild regarding Microsoft Security Advisory 2887505.  Accordingly, we're moving the InfoCon up to Yellow.

Per the advisory:
Microsoft is investigating public reports of a vulnerability in all supported versions of Internet Explorer. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability in Internet Explorer 8 and Internet Explorer 9. Applying the Microsoft Fix it solution, CVE-2013-3893 Fix It Workaround, prevents the exploitation of this issue. This FixIt solution also includes EMET 4.0 guidance. Certainly consider use of EMET 4.0 where you can.  Please note, the Fix It seems to only help 32-bit versions of browsers. That said the vulnerability affects all versions of Internet Explorer except in instances of Windows Server 2008 and 2012 Core installations.
 
It appears that an exploit has been in the wild since August 29th, 2013 when it was first seen by one of the online security scanners.  There is some indication that a weaponized exploit may be in broader circulation now, so expect this to ramp up quickly.
 
Emerging Threats does have Snort signatures available for this issue: http://www.emergingthreats.net/2013/09/19/daily-ruleset-update-summary-09192013/. Expect Rapid 7 to likely release Metasploit bits in the near term. We'll update here as we see more on this vulnerability emerge.
 
Russ McRee | @holisticinfosec
 
 
 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Forty-eight hours after its release, Apple's iOS 7 accounted for nearly a third of all North American iPhone and iPad traffic, an online advertising network said Friday.
 

Hacker Halted 2013: A Call for Infosec Professionals to Become Whistleblowers
Infosecurity Magazine
At Hacker Halted 2013 in Atlanta Georgia, on September 19, General Ronald Burgess addressed the audience and declared that “one fifteenth of the country's wealth is going out of the door annually”, due to the cost of cybercrime. Hacker Halted ...

and more »
 
The high-profile Google Glass and Samsung Galaxy Gear are grabbing headlines in wearable technology news. However, the reality is that rather than products for the elite, wearables will be more practical, more affordable, more power-efficient -- and not fashion statements.
 
Do you interested in cheap shoes? Here we show you some great Cheap shoes. we offer various cheap shoes. It highest quality, if you buy our shoes you will definitely love those shoes.We are driven by customer service. We believe that because of each and every one of our customers,we are in the position to offer this service for years to come. Our goal is to present the best selection of brand shoes available for purchase using a secured payment system. demy phone;0086 15060 386878 UGG Boots Ultra Tall
 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Thousands of people waited in line to buy the new iPhone 5S or 5C at stores in cities around the globe on Friday. Even in Harrisonburg, Va., a college town of about 60,000, there were lines to buy the new iPhones outside the AT&T and Verizon Wireless stores.
 
WebKit CVE-2013-1039 Unspecified Memory Corruption Vulnerability
 
WebKit CVE-2013-1042 Unspecified Memory Corruption Vulnerability
 
WebKit CVE-2013-1041 Unspecified Memory Corruption Vulnerability
 
WebKit CVE-2013-1040 Unspecified Memory Corruption Vulnerability
 
[iBliss Security Advisory] Blind SQL injection vulnerability in NOSpamPTI wordpress plugin
 
Sure, the government may know everything about you, but those tidbits of information sit in disconnected, proprietary databases. Unfortunately, that means it's harder than it should be to identify someone who's likely to be behind a mass shooting or terrorist attack.
 
LinuxSecurity.com: Several vulnerabilities were discovered in puppet, a centralized configuration management system. The Common Vulnerabilities and Exposures project identifies the following problems: [More...]
 
LinuxSecurity.com: Updated hplip packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having [More...]
 
LinuxSecurity.com: Updated spice-gtk packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having [More...]
 
LinuxSecurity.com: Updated polkit packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having [More...]
 
LinuxSecurity.com: Updated libvirt packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having [More...]
 
LinuxSecurity.com: Updated wordpress and php-phpmailer packages fix security vulnerabilities: wp-includes/functions.php in WordPress before 3.6.1 does not properly determine whether data has been serialized, which allows remote [More...]
 
LinuxSecurity.com: Multiple vulnerabilities was found and corrected in Wireshark: The dissect_nbap_T_dCH_ID function in epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 does not restrict the dch_id value, which allows [More...]
 
LinuxSecurity.com: usb-creator could be tricked into bypassing polkit authorizations.
 
LinuxSecurity.com: Several security issues were fixed in Thunderbird.
 
Linux Kernel 'sctp_v6_xmit()' Function CVE-2013-4350 Information Disclosure Vulnerability
 
That was quick. Within minutes of its sales debut early today, Apple's iPhone 5S was already in short supply, with shipping dates 7-10 business days from ordering in the U.S.
 
Adobe Flash Player and AIR CVE-2013-3361 Remote Memory Corruption Vulnerability
 

GovInfoSecurity.com

DHS's Huge Cybersecurity Skills Shortage
GovInfoSecurity.com
More than one in five mission-critical cybersecurity-related jobs at a key Department of Homeland Security unit are vacant, the Government Accountability Office says. That's a finding buried in a GAO report on how DHS could improve how it tracks ...

and more »
 
Pinterest already makes nice with outside businesses to better connect them with its site, but the social network is now thinking about consummating that relationship with promotional content.
 
Google on Thursday released new Android and iOS versions of its Quickoffice app, a mobile-only alternative to Microsoft's Office suite, and announced they are now free for the taking.
 
The Pentagon's decision to move its thousands of networks under a single security architecture is the right strategy to bolster defenses against hackers and malicious insiders, experts say.
 
When the former head of Nokia returns to Microsoft sometime next year he will have pulled down $31.7 million from Nokia just for coming and going, according to regulatory filings.
 
The Department of Energy today awarded $30 million to a 11 security vendors to develop technology the agency says will better protect nation's electric grid, oil and gas infrastructure from cyber-attack.
 
Cisco AnyConnect Secure Mobility Client CVE-2013-1130 Local Privilege Escalation Vulnerability
 
Cisco IPS Software Authentication Manager CVE-2013-5497 Denial of Service Vulnerability
 
Cisco Unified Computing System CVE-2012-4083 Remote Denial of Service Vulnerability
 
Cisco Unified Computing System CVE-2012-4082 Local Command Injection Vulnerability
 

Posted by InfoSec News on Sep 20

http://www.wired.com/threatlevel/2013/09/rsa-advisory-nsa-algorithm/

By Kim Zetter
Threat Level
Wired.com
09.19.13

Amidst all of the confusion and concern over an encryption algorithm that
may contain an NSA backdoor, RSA Security released an advisory to
developer customers today noting that the algorithm is the default in one
of its toolkits and strongly advising them to stop using the algorithm.

The advisory provides developers with...
 

Posted by InfoSec News on Sep 20

http://www.cio.com/article/739977/Healthcare_IT_Security_Is_Difficult_But_Not_Impossible?taxonomyId=3089

By Brian Eastwood
CIO.com
September 19, 2013

As healthcare prepares for the Sept. 23 compliance deadline for the HIPAA

Omnibus Rule, the industry finds itself at a crossroads. On one the hand, the
rule -- published in January 2013 and effective March 26 -- effectively brings
HIPAA (enacted in 1996) into the 21st century and finalizes the...
 

Posted by InfoSec News on Sep 20

http://www.computerweekly.com/news/2240205710/NSA-reveals-how-Snowden-accessed-secret-Prism-files

By Warwick Ashford
ComputerWeekly.com
19 September 2013

Prism internet surveillance whistleblower Edward Snowden accessed the
secret documents in a file-sharing location, US National Security Agency
(NSA) officials have revealed.

The file-sharing location had been set up on the NSA’s intranet to enable
NSA analysts and officials to read and...
 

Posted by InfoSec News on Sep 20

http://www.forbes.com/sites/andygreenberg/2013/09/19/ios-7-bug-lets-anyone-bypass-iphones-lockscreen-to-hijack-photos-email-or-twitter/

By Andy Greenberg
Forbes Staff
9/19/2013

Forget the debate around the security or insecurity of the iPhone 5s’s
fingerprint reader. The latest version of the iPhone’s operating system
currently offers a gaping hole in its old-fashioned passcode lockscreen.

Jose Rodriguez, a 36-year-old soldier living in...
 

Posted by InfoSec News on Sep 20

http://www.csoonline.com/article/739986/survey-results-reveal-both-it-pros-greatest-fears-and-apparent-needs

By Grant Hatchimonji
Senior Editor
CSO.com
September 18, 2013

IT professionals have plenty to worry about, according to recent survey
results published by eIQNetworks. The survey, which asked 272 IT decision
makers what keeps them up at night, shed some light on how much room some
security teams have for improvement and why...
 

Linux creator admits NSA demanded backdoor
Salon
... who created the open-source Linux operating system 22 years ago, revealed that the government had approached him about installing a backdoor into system's structure. Linux is the preferred operating system for the privacy conscious infosec community.

 
Puppet CVE-2013-4761 Arbitrary Code Execution Vulnerability
 
Puppet CVE-2013-4956 Security Bypass Vulnerability
 
Paypal Inc Bug Bounty #99 - Filter Bypass & Persistent Web Vulnerability
 
Internet Storm Center Infocon Status