InfoSec News

The presentation at ekoparty finished a little while ago. No real details are yet available. In the mean time there is a nice write up here:http://www.imperialviolet.org/2011/09/23/chromeandbeast.html
We will keep people posted if more info comes to hand.
Mark (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Linux Kernel Alpha Specific Commands Memory Corruption and Information Disclosure Vulnerabilities
 
Hewlett-Packard customers disconcerted by management shakeups and product strategy shifts are hoping for a stable future with Meg Whitman, who Thursday was appointed the company's new CEO.
 
Having gone through a rash of CEOs in the past 10 to 15 years, Hewlett-Packard may soon find itself looking for yet another new chief, despite just tapping Meg Whitman for that job this week.
 
Linux Kernel 'fs/befs/linuxvfs.c' Local Denial of Service Vulnerability
 
Linux Kernel NFS File Locking Local Denial of Service Vulnerability
 
Linux Kernel Auerswald USB Device Driver Buffer Overflow Vulnerability
 
(ISC)2 Executive Director W. Hord Tipton discusses (ISC)2 training, strategy, new initiatives and how it’s helping women in information security.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Facebook's new Timeline will likely make it easier for crooks to mine the social network for personal information they can use to launch malicious attacks and steal passwords.
 
Amazon.com sent out invitations to a press event in New York City next Wednesday for what could be the unveiling of the online reailer's long-expected tablet computer.
 
Online music sharing service Spotify dropped its invite-only status in the United States, opening the doors of the service to everyone.
 
Samba 'mount.cifs' Utility Local Privilege Escalation Vulnerability
 
Security issue is_a function in PHP 5.3.7+
 
Is Microsoft using a next-generation computing boot-loading technology to lock out the use of Linux and other OSEs on certain computers? While Microsoft has denied malicious intent, one Red Hat developer maintains that this may be the case.
 
Vulnerabilities in Sunway ForceControl 6.1 sp3 (SCADA)
 
[SECURITY] [DSA 2310-1] linux-2.6 security update
 
XSS Vulnerabilities in TWiki < 5.1.0
 
Security firms today warned Mac users of a new Trojan horse that masquerades as a PDF document.
 
Adobe Flash Player CVE-2011-2430 Streaming Media Logic Error Remote Code Execution Vulnerability
 
Adobe Flash Player CVE-2011-2427 AVM Stack Overflow Vulnerability
 
[ MDVSA-2011:135 ] iproute2
 
[security bulletin] HPSBOV02497 SSRT090245 rev.4 - HP TCP/IP Services for OpenVMS Running NTP, Remote Execution of Arbitrary Code, Denial of Service (DoS)
 
Re: NGS00099 Patch Notification: Vulnerable SUID script in (nomachine) NX Server for Linux
 
Samsung Electronics has hit Apple with four patent cases in district court in The Hague, Netherlands, demanding a sales ban and a retail recall of all Apple products that use 3G technology.
 
AT&T is planning to update four Windows Phone 7 smartphones to the Mango release starting as early as Tuesday, according to internal AT&T emails received by a Web site.
 
Attackers used SQL injection against Sony’s website to gain access to its internal server and steal sensitive data.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Apple and Dropbox have joined the Electronic Frontier Foundation (EFF) in taking a stand for user privacy. In other words, they will not hand over your private files to the Feds if asked--they'll only hand them over if presented with a search warrant.
 
ldns 'rr.c' Remote Buffer Overflow Vulnerability
 
Mozy has begun shipping hard drives to users of its MozyPro online backup service in order to speed up the initial full copy of data to be stored off site.
 
The latest espionage-related hacking campaign detailed by security vendor Trend Micro is most notable for the country it does not implicate: China.
 
Samsung's Galaxy S II Epic 4G Touch is one of the best Android-based phones you can buy right now -- but it may not be the right choice for everyone.
 
Microsoft on Thursday wrapped up its civil case against the still-unnamed controllers of the Rustock botnet and handed off the information gleaned during its investigation to the FBI.
 
Meg Whitman has credentials as a leader, but she will be scrutinized in the months ahead on whether she can move from running a consumer business, eBay, to an enterprise-focused business.
 

Posted by InfoSec News on Sep 23

http://www.defensenews.com/story.php?i=7757455

By BEN IANNOTTA
Defense News
22 Sep 2011

Intelligence software that the U.S. would rely on in a war with North
Korea froze up repeatedly during a joint military exercise in South
Korea in August, hampering the ability of U.S. and South Korean
commanders to watch the movements of simulated enemy forces, a senior
intelligence official said.

The Distributed Common Ground System-Army (DCGS-A)...
 

Posted by InfoSec News on Sep 23

http://tucsoncitizen.com/arizona-news/2011/09/22/tempe-college-student-charged-in-sony-pictures-hacking-case-2/

By Jose Zavala and Angela Piazza
Arizona Republic News
Sept. 22, 2011

A Tempe college student has been arrested by FBI agents and accused of
hacking into Sony Pictures Entertainment’s computer systems, federal
officials say.

Cody Kretsinger, 23, a University of Advancing Technology student, was
arrested Thursday without...
 

Posted by InfoSec News on Sep 23

http://www.theregister.co.uk/2011/09/22/microsoft_refers_rustock_to_fbi/

By Dan Goodin in San Francisco
The Register
22nd September 2011

Microsoft lawyers have sealed their victory over the operators of what
was once the world's biggest source of spam after winning a court case
giving them permanent control over the IP addresses and servers used to
host the Rustock botnet.

The seizure was completed earlier this month when a federal...
 

Posted by InfoSec News on Sep 23

http://www.csoonline.com/article/690276/bad-new-world-cyber-risk-and-the-future-of-our-nation

By Michael Assante
CSO
September 22, 2011

In September 2007, in a remote laboratory in Idaho, researchers began to
show that that picture had begun to change, dramatically and
irreversibly. Dubbed "Aurora," the researchers' project demonstrated the
ability of a cyber hacker to destroy physical equipment—in this case a
generator...
 

Posted by InfoSec News on Sep 23

========================================================================

The Secunia Weekly Advisory Summary
2011-09-15 - 2011-09-22

This week: 75 advisories

========================================================================
Table of Contents:

1.....................................................Word From Secunia...
 

Posted by InfoSec News on Sep 23

http://www.darkreading.com/advanced-threats/167901091/security/attacks-breaches/231601981/lurid-apt-type-attacks-target-former-ussr-region.html

By Kelly Jackson Higgins
Dark Reading
Sept 22, 2011

Another day, another targeted attack campaign: This time, however, the
former Soviet Union is in the bull's eye.

At least 50 victim organizations ranging from government ministries and
agencies, diplomatic missions, research institutions, and...
 

Posted by InfoSec News on Sep 23

http://www.kvue.com/news/APD-conductiong-Operation-Warfare-to-keep-internet-users-safe-130218768.html

kvue.com
September 22, 2011

AUSTIN -- Police have postponed "Operation Wardrive" while members of
APD’s Digital Analysis Response Team (DART) work on details of the
operation.

The operation was scheduled to take place on Thursday as an effort to
educate the public about securing their wireless Internet connections.
DART unit...
 
Sunway ForceControl Multiple Security Vulnerabilities
 
Internet Storm Center Infocon Status