Hackin9
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

Moscow, Beijing poised to sign deal on joint cyber security ops
Register
Moscow and Beijing will next month sign a deal to commence joint information security projects and operations, and to increase cooperation in the space, according to a popular Russian newspaper with ties to President Vladimir Putin. Kommersant owned by ...

and more »
 

ZDNet

FTDI admits to bricking innocent users' chips in silent update
ZDNet
Hardware hackers and security researchers are furious at chip maker FTDI for issuing a silent update that bricks cloned FTDI FT232 [USB to UART] chips. The chip is extremely common on a wide variety of devices and there is no way of knowing at this ...

and more »
 

Authentic8 Enhances Its Secure Browser Session Cloud Service
eWeek
"These enhancements for infosec researchers are a direct response to the needs of our users," said Scott Petry, founder and CEO of Mountain View, Calif.-based Authentic8. "Silo is a platform, and we will continue to enhance and extend its capabilities.
Authentic8 Enhances Silo for Enterprise Information Security ResearchersSYS-CON Media (press release)

all 5 news articles »
 
 

A number of items for your consideration today, readers. Thanks as always to our own Rob VandenBrink for pointing out a number of these.

In case you missed it, Whats New in Windows PowerShell.

A new Snort release is available: Snort 2.97.

VMWare has released a security advisory: VMSA-2014-0011 - VMware vSphere Data Protection product update addresses a critical information disclosure vulnerability.

There">| font-family: ">@holisticinfosec

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

VICE

The Surveillance State and You
VICE
In the words of that wise Twitter account, Infosec Taylor Swift, “Mass surveillance is the elegant oppression, a panopticon without bars. Its cage is... behind the eyes—in the mind.” Under authority's gaze, many people become smaller, more obedient ...

and more »
 

Bank of Tokyo-Mitsubishi's Vice President of Enterprise Information Security ...
PR Newswire (press release)
He served as Assistant VP at BNP Paribas, led Time Warner's Network Services team and headed a global InfoSec team for a top 10 Big Data startup. He also worked in the US Navy as an Information Assurance Manager (IAM) Level 2. Mr. Nero has done ...

and more »
 

So You Think You Know Risk Management
Dark Reading
Infosec officers are coming around to the idea that their job is more about managing risk than putting the entire organization on permanent lockdown. But do security pros understand risk management as well as they think they do? Comment |. Email This |.

and more »
 
LinuxSecurity.com: A vulnerability has been discovered and corrected in php: A heap corruption issue was reported in PHP's exif_thumbnail() function. A specially-crafted JPEG image could cause the PHP interpreter to crash or, potentially, execute arbitrary code [More...]
 
LinuxSecurity.com: Several security issues were fixed in OpenJDK 7.
 
LinuxSecurity.com: The certificate bundled with pollinate has been refreshed.
 
LinuxSecurity.com: An updated python-backports-ssl_match_hostname package that fixes one security issue is now available for Red Hat Enterprise Linux OpenStack Platform 4.0. [More...]
 
LinuxSecurity.com: Updated openstack-packstack packages that fix one security issue, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. [More...]
 
LinuxSecurity.com: Updated openstack-nova packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. [More...]
 
LinuxSecurity.com: Updated openstack-keystone packages that fix two security issues and multiple bugs are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. [More...]
 
LinuxSecurity.com: Updated openstack-neutron packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. Red Hat Product Security has rated this update as having Moderate security [More...]
 
LinuxSecurity.com: Updated openstack-glance packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. Red Hat Product Security has rated this update as having Moderate security [More...]
 
LinuxSecurity.com: Updated openstack-heat packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. [More...]
 

So You Think You Know Risk Management
Dark Reading
Infosec officers are coming around to the idea that their job is more about managing risk than putting the entire organization on permanent lockdown. But do security pros understand risk management as well as they think they do? Comment |. Email This |.

and more »
 

Cyber Threats: Information vs. Intelligence
Dark Reading
Cyber threat intelligence or CTI is touted to be the next big thing in InfoSec. But does it narrow the security problem or compound it? Cyber threat intelligence (CTI) is one of the hottest topics in our industry right now and the noise surrounding it ...

 

Posted by InfoSec News on Oct 23

http://adtmag.com/articles/2014/10/21/java-security-patches.aspx

By John K. Waters
adtmag.com
10/21/2014

Oracle's recently released quarterly Critical Patch Update (CPU) contained
155 new security vulnerability fixes across Oracle's product lines,
including 25 for new Java SE vulnerabilities and 9 affecting the Java
Virtual Machine (JVM) in the Oracle Database.

The list of Java vulnerabilities addressed with this CPU includes 20...
 

Authentic8 Enhances Silo for Enterprise Information Security Researchers
SYS-CON Media (press release)
... co-founder and CEO of Authentic8. "These enhancements for infosec researchers are a direct response to the needs of our users. Silo is a platform and we will continue to enhance and extend its capabilities." "Our team has been using Toolbox for a ...

and more »
 

Posted by InfoSec News on Oct 23

http://www.eweek.com/security/many-americans-say-they-will-avoid-breached-retailers-study-shows.html

By Robert Lemos
eWEEK.com
2014-10-22

Following security breaches, more retail stores may feel a slump from lack
of customer confidence, a new study suggests.

Retail stores hit by cyber-criminals have to worry about consumer
backlash, as customers are more likely to avoid compromised retailers,
according to a study released this week by...
 

Posted by InfoSec News on Oct 23

http://fas.org/blogs/secrecy/2014/10/offensive-cyber/

By Steven Aftergood
Federation of American Scientists
Oct. 22, 2014

A newly disclosed Department of Defense doctrinal publication acknowledges
the reality of offensive cyberspace operations, and provides a military
perspective on their utility and their hazards.

Attacks in cyberspace can be used “to degrade, disrupt, or destroy access
to, operation of, or availability of a target by a...
 

BRS Labs to Bring Ground Breaking Artificial Intelligence Analytics to AAPA's ...
Broadway World
The AISight Everywhere platform is a centralized system with modules for big data, intelligent video analytics, SCADA, InfoSec, and other core business functions. BRS Labs is headquartered in Houston, with offices in Washington DC, London, Sao Paulo ...

and more »
 

Posted by InfoSec News on Oct 23

http://www.detroitnews.com/story/business/autos/2014/10/22/automakers-working-prevent-vehicle-cyber-terrorism/17710785/

By Michael Wayland
The Detroit News
October 22, 2014

Right now is the time for automakers and federal regulators to address
potential “acts of terrorism” using connected vehicles, according to
former administrator of the government’s vehicle safety watchdog.

David Strickland, ex-head of the National Highway Traffic...
 

Posted by InfoSec News on Oct 23

http://www.qianhuaweb.com/content/2014-10/22/content_5280999.htm

[Google translation]

By Jiang Tao and Guo Junyu
China news agency
October 22, 2014

Chinese Foreign Ministry spokeswoman Hua Chunying the 22nd at a regular press
conference in Beijing, said the network security affairs consultation mechanism
between Japan and South Korea for the first time the meeting discussed the
fight against cybercrime and cyber-terrorism, emergency...
 
Internet Storm Center Infocon Status