InfoSec News

A Malaysian Mazda dealer who is part of the main mazda motor group has been hacked and left defaced.

Facebook has reportedly acquired patents from IBM, a move that could help it shore up defenses against new patent infringement lawsuits ahead of its IPO.
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
AT&T said the HTC Vivid update to Android 4.0 is now available via Wi-Fi or a PC connected to the smartphone.
Ranking Democrats Henry Waxman and G.K. Butterfield of the U.S. House Energy and Commerce Committee sent letters on Thursday to developers of iOS apps, asking for information on how the programs collect and store user data.
Raptor XML External Entity Information Disclosure Vulnerability
Facebook now automatically displays shared photos at their highest possible resolution for users on a desktop and offers a full-screen viewing option, the company announced Thursday.
When recently pondering the nature of the Apple TV, I suggested that Apple has brought about nearly miraculous changes that we now take for granted. I experienced another such miracle last night.
Google has beefed up the security of its cloud hosted services for developers by making several of them able to authenticate interactions with applications using certificate-based Service Accounts.
The right approach to governance -- using real-time metrics -- can enable more reliable applications, more agile IT, more satisfied business owners and, ultimately, happier customers. Insider (registration required)
Dave Cullinane, chief information security officer at eBay, will be honored on March 28 in Boston with the SecureWorld Lifetime Achievement Award "for his outstanding contributions to the advancement of the information security community."
Despite rising concern that cyberattacks are becoming increasingly sophisticated, hackers used relatively simple methods in more than 95% of data breaches in 2011, according to a report compiled by Verizon.
IBM WebSphere Portal Search Center Unspecified Cross Site Scripting Vulnerability
Eucalyptus has become far more attractive to enterprises wishing to build private clouds, now that the number-one cloud provider -- Amazon Web Services -- has thrown its weight behind the software company.
A group of U.S. Internet service providers, including the four largest, have committed to taking new steps to combat three major cybersecurity threats, based on recommendations from a U.S. Federal Communications Commission advisory committee.
Acer on Thursday announced the Iconia Tab A510 tablet with Android 4.0, joining the growing market of device makers releasing quad-core tablets.

Want To Buy Tokens? Pretend It's A Marketing Program
Info-sec projects typically are sold on the “risk avoidance” platform, which is not the best political platform to be campaigning on. When it comes to difficult business cases, sometimes you need to package your projects differently—like, say, ...

Amazon Web Services, which offers a series of public cloud compute services, has signed an agreement with open-source private cloud vendor Eucalyptus Systems as a way to help customers ease hybrid cloud deployments.
Despite rising concern that cyberattacks are becoming increasingly sophisticated, hackers used relatively simple methods in more than 95% of data breaches in 2011, according to a report compiled by Verizon.
As Twitter celebrates its sixth birthday this week, observers note that the microblogging site has evolved from a social network for blogging about what you ate for breakfast to a tool for promoting social and political change.
RETIRED: Joomla! 'index.php' SQL Injection Vulnerability
phpMoneyBooks 'index.php' Multiple Local File Include Vulnerabilities
Cisco Linksys WVC200 Wireless-G PTZ Internet Video Camera PlayerPT ActiveX Control PlayerPT.ocx sprintf Buffer Overflow Vulnerability
Google yesterday patched nine vulnerabilities in Chrome in the sixth security update to Chrome 17, the edition that launched Feb. 8.
Most owners of compromised websites don't know how their sites got hacked into and only 6 percent detect the malicious activity on their own, according to a report released by StopBadware and Commtouch on Thursday.
Acer on Thursday announced the Iconia Tab A510 tablet with Android 4.0, joining the growing market of device makers releasing quad-core tablets.
Despite vendor pledges to support existing or developing industry standards, users are expected to deploy single-vendor data center and cloud switching fabrics from their primary suppliers.
Shaw reviews MIMO MagicTouch 10-inch touchscreen USB monitor, 150Mbps Wireless N Nano Router, GameCom 780 USB headset.
Apple's new iPad will prove to be as fragile to drops and other accidents as its predecessor, the iPad 2, an after-sales warranty firm said today.
SugarSync today introduced a completely redesigned app re-written from the ground up to be optimized for the iPad.
Indian outsourcers employed 107,000 staff in the U.S. in the Indian fiscal year ended March 31, 2011, in addition to providing indirect employment to 175,000 people, according to a study to be released in the U.S. by the National Association of Software and Services Companies on Wednesday.
Use your common sense before buying into the hype of location-based apps.
CA20120320-01: Security Notice for CA ARCserve Backup
More than half of data stolen from companies in 2011 was a result of hacktivist actions, even though the majority of data breaches were still caused by financially motivated cybercriminals, Verizon said.
A new Google patent could enable the search giant to base advertising on background noise during phone conversations, although the scope of the patent is much broader.
First look: 12-gen, 2U Dell PowerEdge R720xd pairs hardware heft with first-rate remote management tools
Adobe's Photoshop CS6 will be available to try for the next few months as Adobe readies its Creative Suite of applications for launch alongside the brand new Creative Cloud online hub, targeted to creative pros.
Nvidia hopes to bring console-style gaming to ultrabooks with its latest GeForce GT 640M graphics processing unit (GPU) for laptops, which was officially announced by the company on Thursday.
The Verizon DBIR says cybercrime groups automate attacks against SMBs with lax controls on remote access services and point-of-sale systems.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
The Verizon DBIR says hacktivists conduct opportunistic attacks targeting mainly large businesses using tactics akin to a smash-and-grab burglary, stealing any data they can access.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
The 2012 DBIR highlights prevalent problems with simple, relatively inexpensive recommendations.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
Ricoh Company DC Software DL-10 'USER' Command Remote Buffer Overflow Vulnerability

aurionPro Attains the Highest Level of International Validation for an ...
MarketWatch (press release)
"This is the highest level of international compliance for an InfoSec program and is a very important milestone in terms of client assurance of the security of our operations," said Robert Levine, President of aurionPro Solutions, North America.

and more »
The Retina display on the new iPad is one of the tablet's defining features, and it makes the device ideally suited for multimedia work, including image editing. Apple's new iPhoto app and Adobe's Photoshop Touch are taking advantage of that opportunity by bringing powerful photo editing and sharing tools to the iPad.
Meg Whitman has spent her first six months at Hewlett-Packard talking to customers and employees and learning how the business works, but apparently she didn't get much of a history lesson.
So, your business has grown large enough that you need your first server. Congratulations! Acquiring a server is a big decision, so some trepidation is understandable. This guide will explain the basic principles of the technology, help you decide which class of server will best fit your needs, and give you some ballpark pricing, so you don't overspend or acquire a product that's insufficient for your needs.

Last week I blogged about security practitioners and other IT pros working together across companies and industries to stem security threats. A new report this week is a positive example of even broader international cooperation to stop IT attacks across national borders.

The number of countries contributing to Verizon’s 2012 Data Breach Investigations Report (DBIR), released today, increased as government agencies and law enforcement officials from three more nations added information about breaches in their countries.

The DBIR started out eight years ago as a report of breaches Verizon had investigated. Eventually, the U.S. Secret Service contributed findings from their breach investigations. Later, the Dutch National High Tech Crime Unit joined in. Now, the Verizon data breach report 2012 edition counts the Australian Federal Police, the Irish Reporting & Information Security Service, and England’s Police Central e-Crime Unit among the partners helping to track and analyze data breaches.

This is good news for the security industry. It demonstrates the synergies that can be achieved when key industry stakeholders move past their reticence and (sometimes justified) mistrust to pool their brain power to stop attackers. Let’s pause for a moment to celebrate that progress.

Next year I hope we see even more countries contributing to the DBIR or other global initiatives to work together against security threats. It’s not too late for others to get involved.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
Since being hired last August, Rory Read, Advanced Micro Devices CEO, has been reshaping the company.
Samsung Electronics will upgrade its Galaxy Note to Android 4.0 or Ice Cream Sandwich starting during the second quarter. The upgrade will also include new applications that take advantage of the device's digital pen, the company said Thursday.
NEC will acquire the information management business of Convergys for about $449 million, to strengthen its telecommunications software products targeted at large carriers.
Dell Webcam Center 'CrazyTalk4Native.dll' ActiveX Multiple Buffer Overflow Vulnerabilities

Posted by InfoSec News on Mar 22


By Andy Greenberg
Forbes Staff

This story appears in the April 9th issue of Forbes magazine.

At a Google-run competition in ­Vancouver last month, the search giant’s
famously secure Chrome Web browser fell to hackers twice. Both of the
new methods used a rigged ­website to bypass...

Posted by InfoSec News on Mar 22


By Aliya Sternstein

The Pentagon can vie with industry for cybersecurity researchers by
letting the scientists return to the private sector after a few years in
government, the Defense Advanced Research Projects Agency chief said in
a novel suggestion for retaining talent from a narrow pool.

Contractors and agencies are seemingly desperate for reformed hackers,...

Posted by InfoSec News on Mar 22


By Mathew J. Schwartz
March 21, 2012

They're back: The hacktivist group formerly known as LulzSec--whose
members announced that they were calling it quits after a 50-day hacking
spree and then continued their efforts with Anonymous and AntiSec--has
announced that it will resume its attacks.

In characteristic Anonymous fashion, the group announced its...
Microsoft Internet Explorer Cloned DOM Object Remote Code Execution Vulnerability
A social network website that is based in peru has been hit by hackers who have dumped the complete database online and left the site ruined after it.


Posted by InfoSec News on Mar 22


By Kim Zetter
Threat Level
March 22, 2012

Just two years ago, cybercriminal gangs were behind record-breaking data
breaches that resulted in the theft of millions of customer records. But
the year 2011 will be remembered as the year hacktivists out-stole
cybercriminals to take the top data breach award, according to a new
report released by Verizon on...

Posted by InfoSec News on Mar 22


By Ericka Chickowski
Dark Reading
Contributing Writer
March 21, 2012

Enforcement actions from the U.S. Department of Health and Human
Services (HHS) Office for Civil Rights (OCR) just reached a new level of
reality last week when the department announced a $1.5 million
settlement with BlueCross BlueShield of...
Cisco Wireless-G PTZ Internet Video Camera WVC200 'PlayerPT.ocx' Buffer Overflow Vulnerability
Google Talk '/gaiaserver' Parameter Information Disclosure Vulnerability
Google faces consumer complaints in federal courts in New York and California which claim that its new privacy policy violates the company's earlier policies which promised that information provided by a user for one service would not be used by another service without the consumer's consent.
The hosting provider for the defunct file-sharing site Megaupload wants to delete the data now that investigators have collected most of what they need for the criminal case against the company's operators.
Internet Storm Center Infocon Status