In a testament to the issues surrounding the appropriate use of social media during a tragedy, Reddit is publicly apologizing for the role that it played last week in fueling an online witch hunt that led to identifying an innocent Brown University student as a suspect in the Boston Marathon bombings.
Verizon's 2013 breach report shows most breaches are caused by a select few attack types, and the majority of breaches aren't detected for months.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
Verizon's annual breach report indicates outsiders still cause most breaches, and despite no one-size-fits-all defense, better risk awareness can help.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
The U.S. International Trade Commission has found no evidence that Apple infringed on a Motorola Mobility patent covering a touchscreen function.
Google's Eric Schmidt said the company's wearable computer, Glass, is about a year from reaching the market.
The U.S. Senate has voted 74-20 to close debate and move to a final vote on a bill allowing states to collect sales tax from out-of-state Internet and catalog retailers.
Animated GIFs, journal entries, cat photos, and now, more ads. Tumblr, in an effort to further boost its revenue, is rolling out ads into users' mobile feeds.
CA Technologies is acquiring Layer 7 Technologies, a purveyor of tools for managing and securing application programming interfaces (APIs).
RETIRED: Poppler Multiple Denial of Service and Memory Corruption Vulnerabilities
Poppler CVE-2013-1788 Multiple Memory Corruption Vulnerabilities
The CIO of Boston's Beth Israel Deaconess Medical Center learned a few things last week. Insider (registration required)
AV-TEST today stood by the results of its search engine investigation that claimed Microsoft's Bing shows five times the number of malware-hosting websites than Google in its results

The family of Android malware that slipped past security defenses and infiltrated Google Play is more widespread than previously thought. New evidence shows it was folded into three additional apps and has been operating for at least 10 months, according to security researchers.

BadNews, as the malicious ad network library is called, has been included in at least 35 different apps that were available on Google servers for download, researchers from antivirus provider Bitdefender said Monday. As Ars reported last week, figures provided by Google showed they had been downloaded anywhere from two million to nine million times. Although Google had removed 32 apps as of Friday, company security personnel didn't remove the additional three apps until they were flagged this weekend by Bitdefender. Apps that contain the BadNews code upload phone numbers, unique device identifiers, and other data from infected phones and then present end users with prompts to download and install fake updates for legitimate applications such as Skype.

The Bitdefender report came as researchers from security firm Fortinet reported the deactivation of a Google Play developer account that was also pushing a suspicious app.

Read 7 remaining paragraphs | Comments

To help the National Cybersecurity Center of Excellence (NCCoE) address industrys needs most efficiently, the National Institute of Standards and Technology (NIST) today announced its intention to sponsor its first Federally Funded ...
Enterprise social networking software, which offers social media capabilities adapted for workplace collaboration like employee profiles, activity streams, microblogging and document sharing, has evolved from a "nice to have" to a "should have" status in enterprises.
Moxie Software will now provide its full enterprise social networking software for free because the company is convinced that standalone, general-purpose ESN capabilities are a commodity.
Ask any cyber security specialist what their biggest challenge is, and you will get a variety of answers -- ranging from strengthening network security, to managing internal threats, to protecting against cyber espionage.
When Yahoo CEO Marissa Mayer announced she was sacking the company's telecommuting program, her office deferred questions about the decision to a corporate spokesperson with a typical nonresponsive response about the matter: the company does not discuss internal matters.
Sensing a need among its customers for faster software development, IBM has acquired UrbanCode, a provider of tools suited for the emerging practice of rapid software development called devops.
In the 10 days that Facebook Home has been available, it has had more than 500,000 downloads.
A growing interest in big data, analytics and cloud computing helped propel a weak software enterprise market last year, according to research from IDC. SAP and Oracle fared the best among the large software vendors.
GNU Tar and GNU Cpio Remote Buffer Overflow Vulnerability
[SQLi] vBilling for FreeSWITCH


Today's Tech: Poor reviews for Facebook Home, the importance of Infosec 2013 ...
A little over a week after its release, Facebook's Home Android launcher has served up more than half a million downloads on the Google Play store. Facebook has yet to reveal an official number of downloads, but the app has moved into Google Play's ...

and more »
Over the past few weeks I've had the opportunity to test-drive a couple Windows 8 laptops, and even though I've used the OS intermittently for months now, I still find it jarring every time the Metro interface (a.k.a. Start screen) appears.
Infor is hoping a new social collaboration tool, updated middleware and user interfaces, as well as options for cloud-based deployments, will help cement its place as one of the industry's largest ERP (enterprise resource planning) vendors after SAP and Oracle.
The European Commission announced on Monday that it has launched an investigation into a group of chip suppliers who are suspected breaking the European Union's antitrust laws by operating a cartel.
Belkin, D-Link, Linksys, Netgear, Sitecom, TP-Link – there are hardly any manufacturers who haven't had any firmware development glitches. A shocking range of sometimes hair-raising vulnerabilities continues to lie dormant in popular router models

Microsoft Windows CVE-2013-1291 OpenType Font Parsing Remote Denial of Service Vulnerability
Xen CVE-2013-1917 Remote Denial of Service Vulnerability
44Café 23rd April details
[SE-2012-01] Yet another Reflection API flaw affecting Oracle's Java SE
[SECURITY] [DSA 2660-1] curl security update
[ MDVSA-2013:147 ] libarchive


Infosec 2013: Why this year's event is more important than ever
When an event as large and established on the IT calendar as Infosec comes around, it's always likely to take up some healthy column inches in the tech press, but the state of Internet security at the moment throws more significance than usual on this ...

Connecting remotely to network servers is a fact of life for millions of end users. Whether working from a PC or a mobile device, users rely on secure, reliable remote connections to maintain their productivity.
From December to March, Apple's iPhone lost ground to smartphones from rival Samsung in a survey to assess consumers' future purchase plans, a market research firm said last week.
With 24 different vendors supplying the software on an average PC, there's a lot of checking that needs to be done to keep a PC up to date, and in many cases, as Secunia's latest report shows, it just isn't being done

Multiple Cisco TelePresence Products Denial of Service Vulnerability
Cisco Network Admission Control Manager CVE-2013-1177 SQL Injection Vulnerability
RETIRED: Google Chrome Multiple Security Vulnerabilities
Available since Windows Server 2008 R2, Microsofts DirectAccess server role became fully integrated with the OS in Windows Server 2012. DirectAccess is designed to connect a VPN-type session automatically as soon as a compatible Windows client is connected to the Internet.
LinuxSecurity.com: Yamada Yasuharu discovered that cURL, an URL transfer library, is vulnerable to expose potentially sensitive information when doing requests across domains with matching tails. Due to a bug in the tailmatch function when matching domain names, it was possible that [More...]
LinuxSecurity.com: New xorg-server packages are available for Slackware 13.37, 14.0, and -current to fix a security issue. [More Info...]
LinuxSecurity.com: A vulnerability has been found and corrected in libarchive: Fabian Yamaguchi reported a read buffer overflow flaw in libarchive on 64-bit systems where sizeof(size_t) is equal to 8. In the archive_write_zip_data() function in libarchive/ [More...]
LinuxSecurity.com: Multiple vulnerabilities has been discovered and corrected in icedtea-web: It was discovered that the IcedTea-Web plug-in incorrectly used the same class loader instance for applets with the same value of [More...]
LinuxSecurity.com: Multiple security issues were identified and fixed in OpenJDK (icedtea6): Multiple flaws were discovered in the font layout engine in the 2D component. An untrusted Java application or applet could possibly [More...]
The debate about the bring-your-own-device movement (BYOD) has quieted down, mostly because, it seems, while IT has been over in the corner arguing the pros and cons, employees have been streaming into office with their shiny new toys and using them to get work done.
Google must pay a $190,000 fine in Germany for gathering and storing emails, photos, passwords and chat protocols from unprotected Wi-Fi networks with Google Street View cars, Hamburg's Commissioner for Data Protection and Freedom of Information said on Monday.
Most of the products tested (except Windows Server 2012), use Oracle's Java in one form or another, at least for client access and also in some cases within the management interface. With numerous vulnerabilities recently discovered in Java, leading to guidance from Department of Homeland Security and others to disable it entirely, this raised some questions about usability and possibly even security of the devices tested.
Lulzsec hacker Cody Andrew Kretsinger, who is also known as "recursion", has been convicted by a Los Angeles court to a year in prison, 1000 hours of community service and house arrest

RETIRED: Oracle Java SE Critical Patch Update April 2013 Advance Notification
RETIRED: Oracle April 2013 Critical Patch Update Multiple Vulnerabilities
Users of consumer technology and social media reacted quickly after explosions ripped through crowds near the finish line of the Boston Marathon last week, sending out updates, snapping photos and recording videos that officials said could turn out to be critical pieces of evidence.
Five warning signs can warn you that your project team has turned toxic.
Our manager finds the time and opportunity to cross a few nagging items off of his to-do list.
The unemployment rate for people at the heart of many tech innovations -- electrical engineers -- rose sharply in the first quarter of this year for reasons that aren't clear.
The easy upgrades from Windows XP are done, migration experts said, predicting that a sizeable number of large enterprises will still be running the aged OS even after Microsoft stops supporting it.
At universities today, Cobol is often taught as an elective, if it's included in the curriculum at all.
Microsoft's Business division, which manages the company's Office cash cow, recorded a 5% revenue bump in the first quarter over the same period in 2012, an increase driven by a surge in enterprises signing long-term licensing agreements.
Legislation, stealth technologies, and emerging data privacy markets are proving that the battle for our Internet privacy has only just begun
Enrollment shot up nearly 30% last year.
Miami Children's Hospital recently launched a free iPhone app that uses Wi-Fi triangulation to help patients and their families find their way around the medical center.
X.Org X11 CVE-2013-1940 Local Information Disclosure Vulnerability
MinaliC Remote Buffer Overflow Vulnerability
NetGear DGN2200B Wireless Router Multiple Security Vulnerabilities

Posted by InfoSec News on Apr 22


By Aliya Sternstein
April 19, 2013

The Pentagon has for the first time detailed $30 million in spending on Air
Force cyberattack operations and significant new Army funding and staff needs
for exploiting opponent computers.

Since 2011, top military brass have acknowledged the United States has the
capability to hack back if...

Posted by InfoSec News on Apr 22


21 April 2013

The information spread at the websites about alleged stealing of the
Azerbaijani Communications and IT Ministry's confidential information is wrong.

The primary data investigation of the incident revealed that the letters and
documents made public, are fakes and are biased.

Earlier, representatives of Anonymous hacker group spread the information in...

Posted by InfoSec News on Apr 22


By Edward Moyer
Security & Privacy
April 20, 2013

The Twitter accounts for CBS News programs "60 Minutes" and "48 Hours" were
used by hackers earlier today to send out messages accusing the U.S. of aiding
terrorists, the network confirmed.

"We have experienced problems on Twitter accounts of #60Minutes &...

Posted by InfoSec News on Apr 22


By Ms. Smith

Did you hear about the big game last week? Perhaps not, since as "this annual
battle might not yet have achieved the same mythic status as, say, the
Army-Navy football game," but there was a simulated cyberwar being waged from
April 16 - 18. During the NSA's 13th annual Cyber Defense Exercise (CDX),
sponsored by the NSA's Information...

Posted by InfoSec News on Apr 22


By Phil Muncaster
The Register
22nd April 2013

Japan’s technology-illiterate police have put themselves in the firing line
once again after recommending what amounts to a blanket ban on the use of the
Tor anonymiser network in the country.

The FBI-like National Police Agency is set to request ISPs to voluntarily block
communications if the customer is found to have “abused”...
Internet Storm Center Infocon Status