InfoSec News

A phishing attack and stolen credentials gave an attacker access to the systems of the South Carolina Department of Revenue for two months.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
Satellite service provider Dish Network has slammed the FCC's plan to let it use some of its spectrum for LTE, saying the proposal is so restrictive it could delay a network buildout for years.
While it continues to wrestle with an accounting scandal at its Autonomy business unit, Hewlett-Packard has revealed it may use some of the company's technology to offer a free online analytics service.
Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
libssh Multiple Buffer Overflow and Denial of Service Vulnerabilities
As supercomputers grow more powerful, they'll also grow more vulnerable to failure, thanks to the increased amount of built-in componentry. A few researchers at the recent SC12 conference, held last week in Salt Lake City, offered possible solutions to this growing problem.
Hewlett-Packard CEO Meg Whitman has moved to reassure customers that the future of its Autonomy product line is safe, a day after HP disclosed an alleged accounting scandal at the company it acquired last year.
Reader Will Dawes would like to have a foot in two worlds. He writes:
Some laptops will be on sale for under US$200 from U.S. retailers like Best Buy and Wal-Mart this week. But what do you get in such inexpensive machines?
Enterprises must empower their legal teams to ask the right questions and write contracts based on risk management, explains Tom Kellermann of Trend Micro.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
The new RFC 6797 describes the HTTP Strict Transport Security (HSTS) security mechanism for HTTPS that makes attacking encrypted HTTP connections more difficult. However, some of the attacks described in the RFC will require further measures in addition to HSTS

libunity-webapps Use-After-Free Memory Corruption Vulnerability
Narcissus Remote Command Execution Vulnerability
iPhone 5 supplies continued to improve this week as Apple reduced the wait time for delivery to "2 weeks" on its online store.
Users running pirated copies of Windows 8 Pro can reportedly upgrade to a fully licensed and permanently activated version of the OS by simply installing a free Windows 8 Media Center upgrade offered by Microsoft.
NASA's rover Curiosity will be spending the next several days using the camera on its mast in a search for the next route to travel on Mars.
[ MDVSA-2012:173 ] firefox
In what appears to be a re-purposing of previous malware, criminals have set their sights on larger account balances and using SEPA transactions to ship money to mules in other parts of Europe


Posted by InfoSec News on Nov 21


By Julian Pecquet
The Hill

The United States used U.S.-Israeli spy software to hack into the French
presidential office earlier this year, the French cyberwarfare agency
has concluded, according to the newsmagazine l'Express.

The magazine reported late Tuesday that the computers of several close
advisers to...

Posted by InfoSec News on Nov 21


By Kelly Jackson Higgins
Dark Reading
Nov 20, 2012

It's that time of year again, when employees carve out a little time
post-Turkey Day to shop for deals online while at the office on the
Monday after Thanksgiving. And Cyber Monday once again comes fraught
with security...

Posted by InfoSec News on Nov 21


The New York Times
November 20, 2012

ATLANTA -- Gov. Nikki R. Haley said on Tuesday that South Carolina
officials had not done enough to stop computer hackers who recently
stole millions of personal financial records.

A new report shows that outdated computers and security flaws at the
state’s Department of Revenue allowed...

Posted by InfoSec News on Nov 21


By Lucian Constantin
IDG News Service
November 20, 2012

Malta-based security start-up firm ReVuln claims to be sitting on a
stockpile of vulnerabilities in industrial control software, but prefers
to sell the information to governments and other paying customers
instead of disclosing it to the affected software vendors.

In a video released...

Posted by InfoSec News on Nov 21


By Kim Zetter
Threat Level

A hacker charged with federal crimes for obtaining the personal data of
more than 100,000 iPad owners from AT&T’s website was found guilty on

Andrew Auernheimer, 26, of Fayetteville, Arkansas, was found guilty in
federal court in New Jersey of one count of identity fraud and one count
of conspiracy to access a...
Multiple vulnerabilities in dotProject
ManageEngine ServiceDesk 8.0 - Multiple Vulnerabilities
Breaking into the smartphone market with a new platform may seem to be a tall order, but Finnish company Jolla think it can be done and has demonstrated the user interface of its upcoming operating system Sailfish.
Sixteen advisories accompany the release of Firefox 17 and Thunderbird 17, with most of the flaws affecting all of Mozilla's browsing and email applications. Users are advised to update as soon as possible

Ruby CVE-2012-5371 Hash Collision Denial of Service Vulnerability
Lenovo, already China's top PC seller, is expected to take the title for the country's top smartphone vendor in 2013, Gartner said.
The National Transportation Safety Board in the U.S. plans to drop the BlackBerry smartphone from Research In Motion for Apple's iPhone, citing performance issues.
South Carolina's governor faulted an outdated Internal Revenue Service standard as a contributing factor to a massive data breach that exposed Social Security numbers of 3.8 million taxpayers plus credit card and bank account data.
Joyent's very smart SmartOS proves that some cloud servers are better than others
Malta-based security start-up firm ReVuln claims to be sitting on a stockpile of vulnerabilities in industrial control software, but prefers to sell the information to governments and other paying customers instead of disclosing it to the affected software vendors.
Nationwide Insurance talked up its enterprise collaboration systems at last week's SharePoint Conference, offering a glimpse into a best-of-breed strategy that is becoming more popular.
Mozilla Tuesday released Firefox 17, which debuts technology that lets developers integrate social networks -- for now, Facebook -- with the browser.
The rootkit injects malicious code into every web page served by an infected server – even error pages

Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2012-91 through -106 Multiple Vulnerabilities
Internet Storm Center Infocon Status