Hackin9

InfoSec News

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
As a nine-person jury begins deliberations in the closely watched patent trial between Apple and Samsung, the companies and their lawyers are left waiting and wondering what the jury made of the three weeks of arguments.
 
Rambus on Wednesday said it would lay off around 15 percent of staff as part of a restructuring effort in which the company is trying to curb expenses to improve profitability.
 
AT&T Wireless has partially disabled service at 16 cellphone towers in Oakland after the California city said they were interfering with its emergency communications system.
 
Hewlett-Packard on Wednesday announced a US$8.9 billion loss for its third quarter ended July 31 due to writedowns and weak hardware sales and also said full-year results would be at the low end of its previous guidance.
 
Adobe has released updates for six critical vulnerabilities, following a patch just one week ago that addressed other critical flaws.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Siemens is working to fix a remotely exploitable vulnerability in network routers and switches from subsidiary RuggedCom that are widely deployed in refineries, power substations and other critical infrastructure networks in the U.S.
 
Hewlett-Packard on Wednesday announced a US$8.9 billion loss for its third quarter ended July 31 due to writedowns and weak hardware sales and also said full-year results would be at the low end of its previous guidance.
 
NASA's Mars rover Curiosity took its first drive on the Martian surface today, as scientists prepare for more extensive research to come.
 
Microsoft Data Access Components CVE-2012-1891 Buffer Overflow Vulnerability
 
Microsoft Excel CVE-2012-1847 Remote Code Execution Vulnerability
 
Industrial Ethernet switches and other devices produced by industrial networking equipment manufacturer RuggedCom contain a vulnerability that could be exploited to compromise SSL-based communications between them and their users, according to a security researcher from security startup Cylance.
 
IBM Lotus Notes CVE-2012-2174 URL Handler Remote Code Execution Vulnerability
 
Oracle Database Server CVE-2012-0526 Remote HTTP Response Splitting Vulnerability
 
Zoho Web-hosted collaboration, communication, business and office productivity applications suffered performance problems and service disruptions on Wednesday for about three hours.
 
Apache 'mod-rpaf' Module Denial of Service Vulnerability
 
Oracle Database Server CVE-2012-0527 Remote HTTP Response Splitting Vulnerability
 
NetApp announced a new management layer for arrays using its Data ONTAP OS, which allows admins to control flash storage in servers as well as on arrays. The company will be using Fusion-io's PCIe flash cards in its arrays.
 
Researchers hope they can sharply reduce the number of car accidents by enabling vehicles to communicate with each other -- and they're putting the theory to the test in Ann Arbor, Mich.
 
Rackspace has released Cloud Monitoring, which includes an API designed to give users flexibility in monitoring websites and Web applications that run on a variety of platforms, the company said on Wednesday.
 
GE Proficy Real-Time Information Portal 'rifsrvd.exe' Directory Traversal Vulnerability
 
E-Mail Security Virtual Appliance Multiple Remote Code Execution Vulnerabilities
 
Symantec Web Gateway Password Change Security Bypass Vulnerability
 
XSS and SQL Injection Vulnerabilities in Jara
 
XSS Vulnerabilities in LabWiki
 
XSS and SQL Injection Vulnerabilities in OrderSys
 
A coalition of 17 advocacy groups filed complaints on Wednesday with the U.S. Federal Trade Commission against five prominent companies, including McDonald's, claiming that certain of their online marketing practices violate child privacy laws.
 
Jim Whitehurst says it's not just Red Hat's products, but its philosophy that place it at the forefront of cloud computing
 
PayPal and Discover said 7 million merchants accepting Discover credit cards will begin accepting payments for in-store purchases from PayPal's 50 million users starting in the second quarter of 2013.
 
HEVC (High Efficiency Video Coding) will revolutionize delivery of TV services to all types of devices including smartphones and tablets, according to Ericsson, which will launch what it says will be the first live TV encoder compatible with the technology at the IBC trade show next month.
 
XSS and Blind SQL Injection Vulnerabilities in Banana Dance CMS
 
[ MDVSA-2012:142 ] gimp
 
apache struts2 remote code execute
 
Apple supplier Foxconn has steadily improved the working conditions at three of its Chinese factories following a February audit by reducing employee overtime work, and updating maintenance policies and safety procedures, a labor group said Tuesday.
 
The AV giant says the Windows version of the Crisis Trojan may be the first malware that can spread to so many different platforms.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Perfect RSS Reader--a Google Reader client for iPad from Connect Technology--doesn't quite live up to its name: It's not perfect. But it is quite good.
 
How to maximize the return on your investments in disruptive trends like big data, cloud computing and mobility.
 
Apple supplier Foxconn has steadily improved the working conditions at three of its Chinese factories following a February audit by reducing employee overtime work, and updating maintenance policies and safety procedures, a labor group said Tuesday.
 
Adobe Systems released fixes on Tuesday for six critical vulnerabilities affecting its Flash multimedia application and AIR runtime, five of which could allow for remote code execution on a system.
 
With Firefox 17, Mozilla is introducing enhanced separation of add-on content from scripts running in web sites. The current beta version of Firefox 15 will already warn developers if their code does run afoul of the new restrictions


 
T-Mobile USA is offering from Sept. 5 what it has dubbed as its Unlimited Nationwide 4G data plan, which features no data caps or speed limits, the operator said on Tuesday.
 
U.S. law enforcement officials said on Tuesday that three websites that were allegedly distributing illegal copies of copyrighted Android cell phone apps had been seized in what is described as the first such operation against cellphone apps marketplaces.
 
The U.S. International Trade Commission said it had instituted an investigation into wireless consumer electronics devices and components from 13 top technology companies and their subsidiaries, including Samsung, Acer, and Nintendo, for alleged infringement of a patent.
 
Mozilla will drop support for Apple's OS X 10.5, or Leopard, after it ships Firefox 16 in October, according to company developers.
 
Google's new compute cloud offers a crisp and clean way to spin up Linux instances and easily tap other Google APIs
 
In a somewhat ironic turn of events, a telecom company based in China, a country famous for Internet censorship, has become the primary means of Internet access for people looking to get information out of war torn Syria.
 
Adobe has released an update for its Flash Player software that closes six critical vulnerabilities spread over a variety of platforms. Users should install the patches as soon as possible; Google's Chrome browser will update itself


 

Posted by InfoSec News on Aug 22

http://www.thestate.com/2012/08/22/2408388/hacker-breach-might-affect-34000.html

By ANDREW SHAIN
thestate.com
Aug. 22, 2012

The University of South Carolina has started notifying 34,000 people
with ties to its College of Education that their personal information
might have been accessed in a computer intrusion discovered nearly three
months ago.

The data-security breach is the largest of six that USC has reported
since 2006. Almost 81,000...
 

Posted by InfoSec News on Aug 22

http://www.informationweek.com/security/management/security-skills-shortage-or-training-fai/240005917

By Mathew J. Schwartz
InformationWeek
August 21, 2012

Almost two-thirds of businesses say their information security
departments are understaffed, and 51% say they can't find people with
the required security skills.

Those findings come from a new Forrester Consulting report, "Security
Intelligence Can Deliver Value Beyond...
 

Posted by InfoSec News on Aug 22

http://www.computerworld.com/s/article/9230448/Microsoft_warns_of_man_in_the_middle_VPN_password_hack

By Gregg Keizer
Computerworld
August 21, 2012

Microsoft yesterday warned Windows users of possible "man-in-the-middle"
attacks able to steal passwords for some wireless networks and VPNs, or
virtual private networks.

It won't issue a security update for the problem, however.

The security advisory was Microsoft's reaction...
 

Posted by InfoSec News on Aug 22

http://www.examiner.com/article/secretive-group-expands-role-cybermonitoring

By Mark Albertson
Examiner.com
August 21, 2012

Two years ago, this column published what became the first comprehensive
stories ever written about a then secret group of computer professionals
who volunteered their time to monitor domestic and international
cybercrime. The group – Project Vigilant – subsequently received a great
deal of publicity in the...
 

Posted by InfoSec News on Aug 22

http://www.wired.com/threatlevel/2012/08/sabu-delay/

By Ryan Singel
Threat Level
Wired.com
08.21.12

Sabu, the hacker who turned informant on the rampaging Anonymous
offshoots Antisec and LulzSec, is getting a six-month reprieve from
being sentenced on 12 counts of violating federal law, due to his
continued cooperation with the feds, prosecutors told a court Tuesday.

Hector Xavier Monsegur, a 28-year-old New Yorker who used the online
name...
 
In response to the cloud service that cracks the PPTP authentication for $200, Microsoft has recommended that its customers switch to more secure VPN technologies


 
The Crisis malware can infect Windows, Mac OS X and virtual machines. It is also able to install modules on Windows Mobile devices. Its low distribution in the wild suggests it is being used for targeted attacks


 
OpenStack Nova CVE-2012-3447 Memory Corruption Vulnerability
 
Internet Storm Center Infocon Status