InfoSec News

Electronic waste recycling firm Executive Recycling has been convicted of multiple crimes, including environmental violations related to illegal disposal of e-waste overseas, mail and wire fraud, and smuggling and obstruction, the U.S. Department of Justice announced.
After starting amid the smoldering ruins of AT&T and T-Mobile USA's failed merger, 2012 ended as a big year for mobile carrier deals in the U.S., and possibly a final changing of the guard for a long time.
Identity theft is scary business, for sure. But it's a threat that seems a whole lot less likely once you sign up for ProtectMyID, an online identity theft protection service that comes from Experian, a trusted credit-reporting company. ProtectMyID is not cheap though, as it costs $16 per month for regular monitoring.
It was a typically busy year for SAP, with the company making headlines for strong sales of its HANA in-memory database, high-profile acquisitions and aggressive moves into cloud computing.
The NRA today responded to the school shootings in Newtown, Conn. by saying America should place armed guards at all schools. Missing from the group's strategy was any mention of smart gun technology.
Microsoft's free previews of Windows 8 will expire in January, giving users about three weeks to upgrade to a paid copy or face hourly restarts.
Samsung's efforts to seek injunctions against Apple for standards-essential patents in the mobile phone market may be an abuse of its dominant position and a violation of European Union antitrust rules, the European Commission said Friday.
Even though it backed away from a controversial change to its Terms of Use policy, Instagram's once glossy image has taken a big hit.
Eyeing the growing market for big data analysis, Amazon Web Services (AWS) has introduced a storage package, called High Storage, that can offer fast access to large amounts of data.
NetIQ Privileged User Manager Admin Password Change Authentication Bypass Vulnerability
The National Rifle Association broke a week-long silence on Friday to provide its first comments after a mass killing at a Connecticut school and sought to put some of the blame for American gun violence on video games.
A U.S. senator has introduced legislation that limits the ability of broadband providers to impose data caps on customers.
An increasing number of vulnerability researchers will focus their attention on industrial control systems (ICS) in the year to come, but so will cyberattackers, security experts believe.
One great thing that occurred due to Apple removing Google Maps from iOS, and it then returning as a stand-alone app is that we now have not one, but two really great mapping apps that both offer turn-by-turn (or Sat-Nav) functionality.
A keynote speech by the Tor Project's Applebaum has inspired the GNOME Foundation to launch a campaign to enhance the privacy of the desktop environment

Honeywell HMIWeb Browser ActiveX Control Remote Buffer Overflow Vulnerability

Just another quick update informational message for you.

Microsoft has re-released MS12-078 (This is the Open Type and True Type Font vulnerability) here:http://technet.microsoft.com/en-us/security/bulletin/ms12-078

If you are running an affected Windows OS, you may want to take a look.

-- Joel Esler | http://blog.joelesler.net | http://twitter.com/joelesler
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Just in the case the world doesnt come to a grinding halt today (end of Mayan calendar and all that)....

.... VMWare has posted some updates that you might want to pay attention to over at:http://www.vmware.com/security/advisories/VMSA-2012-0018.html

There are as many as 13 different CVEs covered in this update, so make sure, if you are affected, to patch!

-- Joel Esler | http://blog.joelesler.net | http://twitter.com/joelesler
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Over the past year, patent battles have been fought by tech companies in courtrooms all over the world. The litigation is far from over though, however, and will continue throughout 2013. This is what's at stake on the patent battlefield in the near future.
A long list of Web sites went dark for one minute at 9:30 a.m. ET today to mark a moment of silence for the 26 women and children who were murdered at Sandy Hook Elementary School in Newtown, Conn. last Friday.
Security researchers from Symantec have identified an information-stealing Trojan program that was used to infect computer servers belonging to various U.S. financial institutions.
A local police force built a mobile-data system to quickly access the records officers need to make arrests.
For a security mechanism that has existed since mankind traded places with apes to raise to the top of the food chain, passwords have shown a surprising longevity. Passwords act as gatekeepers to our email, banking, social media accounts, and just about anything else that we do, regardless of whether we are online or not.
Microsoft Internet Explorer CVE-2012-1879 'insertAdjacentText()' Method Code Execution Vulnerability
Microsoft Internet Explorer CVE-2012-1880 'insertRow()' Method Remote Code Execution Vulnerability
Microsoft Internet Explorer CVE-2012-1877 Remote Code Execution Vulnerability
Real Networks RealPlayer Atrac Sample Decoding Remote Code Execution Vulnerability
Microsoft Internet Explorer CVE-2012-1878 'OnBeforeDeactivate' Event Code Execution Vulnerability
Nokia has signed a new patent license agreement with Research In Motion, which will end all existing patent litigation between the two companies.
Microsoft has modified its recent security patch for font rendering in Windows which itreleased during last Patch Tuesday. With the new patch, fonts in CorelDRAW, QuarkXpress and PowerPoint are restored to visibility

Squid 'cachemgr.cgi' Remote Denial of Service Vulnerability
Which Internet TV streamer is right for you? From Roku and Apple TV to new Boxee, Google TV and NeoTV, we look at the different mixes of programming, connections and features you get with 13 set-top boxes.
Set-top streaming devices can give your TV access to a world on online programming, but the options can be overwhelming. This chart shows the key features, specs and services offered by 13 Internet TV streamers, from Apple TV and Roku to new Boxee, Google TV and NeoTV boxes.
The patches from the smartphone community so far seem to only partially work. Meanwhile, a kernel developer at Intel analysed the vulnerability and concluded that Samsung acted carelessly

Not finished with your holiday shopping? This easy-to-scan, sortable chart gives you our best tech gift ideas all in one place.

Infosec trends for 2013 (part two)
DaniWeb (blog)
Continuing with our round up of the IT security vendor view of the year to come, here's how PandaLabs, the malware research laboratory arm of Panda Security, sees 2013 stacking up in terms of threats and exploits. panda Perhaps unsurprisingly ...

and more »
Internet Storm Center Infocon Status