Share |

InfoSec News

Apple on Tuesday promised an update for Mac OS X that will find and delete the MacDefender fake security software, and warn still-unaffected users when they download the bogus program.
 
With its new AppUp offering, Intel hopes to facilitate a new kind of cloud service for small businesses that have security concerns but want to take advantage of the cost benefits of moving to the cloud.
 
Oracle logged a small milestone in its Sun acquisition during the first quarter, expanding sales of Sun's server hardware for the first time in three-and-a-half years, IDC reported Tuesday.
 
Criminals recently spent more than a week siphoning e-mail messages from Hotmail users' accounts, thanks to a programming bug in Microsoft's website.
 


Looks like Apple noticed that MacDefender, a fake anti-virus tool that we covered earlier, is indeed starting to make inroads on the Mac user community. They have published an advisory today that describes how to avoid or remove the threat.
The advisory also states In the coming days, Apple will deliver a Mac OS X software update that will automatically find and remove Mac Defender malware which might turn out to be the first glimpse of an acknowledgment that yes, Macs can also have malware, and yes, Macs might even need a tool to remove malware.
No matter which OS you are using, remember Krebs's Rule #1: If you didn't go looking for it, don't install it.
(c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Lost and stolen devices are seen as the greatest security concern for IT professionals, according to a new report by McAfee and Carnegie Mellon University.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Keeping your children safe on social networks like Facebook is a challenge, especially if you want them to have any semblance of privacy. But Check Point's new ZoneAlarm SocialGuard ($20, seven-day free trial) can help: It offers an easy way to guard against potential threats while still allowing your children the freedom to explore Facebook's offerings.
 
The problems keep coming for Sony. On Tuesday the company confirmed that someone had hacked into its website and stolen about 2,000 customer names and e-mail addresses.
 
Apple's iOS has become the dominant platform for mobile video viewing, according to a new report from video monetization startup FreeWheel.
 
QEMU PIIX4 Hotplug Use After Free Remote Code Execution Vulnerability
 
Webmin 'useradmin/index.cgi' Local Privilege Escalation Vulnerability
 
NASA announced plans to build a spacecraft that will fly astronauts into deep space -- as far as near asteroids and even Mars.
 
An In-Stat survey of small to midsize firms shows that while they're adopting cloud services, they're still buying onsite NAS storage systems.
 
Building high-performance gaming components into a 15-inch laptop chassis is an exercise in compromise. What you get is a little less bulk than a 17-inch desktop replacement and equivalent performance. But those high-performance components require robust cooling and a greater amount of internal volume, which translates into more size and weight.
 
Hackers continue to look to exploit holes in online networks run by Sony and found two more.
 
Google and Sprint on Thursday will reportedly announce plans to launch an NFC-based mobile payment system.
 
Fujitsu is launching its infrastructure-as-a-service offering in North America in a few months, and will start offering interested customers a free trial next week.
 
Regardless of which computer publication you are reading, or which family members you're rubbing shoulders with, the chances are you've come across the Stubborn Windows XP User. Now there's nothing wrong with being a devotee of anything. You name it, you can find a club for it. There's a club for Canadian Tire Money, for Pete's sake.
 
Microsoft is backing away from comments by CEO Steve Ballmer, who had told Japanese software developers that the next version of Windows would be dubbed Windows 8 and launch in 2012.
 
Microsoft investigators uncovered a cache of more than 400,000 email addresses on one hard drive it seized in March when it led an organized takedown of the Rustock botnet, according to court documents.
 
A one-day sale offering Lady Gaga's new album for 99 cents overwhelmed Amazon.com yesterday.
 
The Cray Xk6 system will be the first to use Nvidia GPUs as co-processors.
 
Mojolicious CVE-2010-4802 'Commands.pm' Unspecified Vulnerability
 
The Hacker News reports that hackers continue to look to exploit holes in online networks run by Sony.
 
Even though Microsoft announced that the Windows Phone update called Mango will have 500 improvements, some analysts are concerned that the company didn't show any new smartphones to ship with Mango installed in the fall.
 
Tech startup Square announced Monday that it's working to turn the iPad, iPhone and Android devices into portable payment systems.
 
[SECURITY] [DSA 2239-1] libmojolicious-perl security update
 
E-mail address spoofing with RLO
 
VUPEN Security Research - 7T Interactive Graphical SCADA System (IGSS) Remote Memory Corruption
 
Security professionals need to get hands-on with the software that runs on mobile devices and engage with the developers who put all those apps in users' hands.
 
Microsoft on Tuesday unveiled many new features to its Windows Phone software but it left out a few that some people had hoped to see.
 
The security researcher who last week voluntarily canceled a talk on critical vulnerabilities in Siemens' industrial control systems took the German giant to task for downplaying the problem
 
Twitter has reportedly finalized a deal to buy TweetDeck for $40 million.
 
When Brigham Young University high-definition video production team ran into bandwidth issues, the school installed NAND flash cards in a MacBook Pro computer and achieved a 16X performance improvement.
 
Gadu-Gadu 0-Day Remote Code Execution
 
[ MDVSA-2011:100 ] cyrus-imapd
 
[ MDVSA-2011:099 ] libzip
 

PRLog.Org (press release)

Cloud Expo 2011 New York: Cyber Security and Cloud Computing
PRLog.Org (press release)
He has 25 years of experience in software and systems development, operations, and information security, with organizations in the defense, telecommunications, infosec and semiconductor industries. At Dell SecureWorks, he is responsible for managed ...

and more »
 
NGS00054 Patch Notification: Lumension Device Control (formerly Sanctuary) remote memory corruption
 
NNT Change Tracker - Hard-Coded Encryption Key
 
PR10-11: Multiple XSS injection vulnerabilities and a offsite redirection flaw within HP System Management Homepage (Insight Manager)
 
[ MDVSA-2011:098 ] ruby
 
You want the best performance possible from your computer, but you can't afford any hardware upgrades. No problem--we'll show you how to safely overclock your existing desktop PC's CPU, GPU, and RAM and give it an extra shot in the arm.
 
Large numbers of companies using Cisco network equipment are still vulnerable to a single security vulnerability flaw nearly two years after a patch was issued, an analysis of network scans by Dimension Data has found.
 
Japan's public broadcaster, NHK, is making progress on the development of thin, flexible screens that might one day make a roll-up TV possible.
 
Oracle's database is now available for deployment on Amazon Web Services, the companies announced Tuesday, but with some key limitations.
 
Data Dynamics ActiveBar ActiveX Control Insecure Method Vulnerability
 
Supporters of the MeeGo open-source platform put tablets, in-car systems and TV in the spotlight at a conference in San Francisco on Monday, saying the technology had broad potential while downplaying its role in smartphones.
 
Windows 7 contains a number of features to help you work more efficiently and increase productivity, but first you have to learn how to use them.
 
Citrix Systems has acquired Kaviza, a company whose preconfigured Virtual Desktop Infrastructure-in-a-box makes it easier for small and medium-size businesses to start using desktop virtualization.
 
Opinion is divided on whether a blast on Friday at a Foxconn factory in Chengdu, China will affect the production of Apple’s iPads
 
Intel is bringing one of its top executives to China, in a move that is meant to bolster the company's strategy in a country set to become the world's largest PC market.
 
Yahoo is rolling out the newest version of its e-mail service and inviting all of its 284 million users to upgrade.
 
Jive Software has acquired OffiSync, whose technology links Microsoft desktop applications with cloud-based enterprise social collaboration suites.
 
The continuing attacks on Sony-owned networks suggest that the company must move quickly to secure porous systems, analysts say.
 
phpMyAdmin 'url' Parameter URI Redirection Vulnerability
 
phpMyAdmin Tracking Page HTML Injection Vulnerability
 
AvayaWinPDM Multiple Buffer Overflow Vulnerabilities
 
InfoSec News: Researcher Challenges Siemens' Public Reaction To New SCADA Flaws: http://www.darkreading.com/advanced-threats/167901091/security/vulnerabilities/229625393/researcher-challenges-siemens-public-reaction-to-new-scada-flaws.html
By Kelly Jackson Higgins Dark Reading May 23, 2011
A researcher who late last week pulled his planned public presentation [...]
 
InfoSec News: Financial services firms to increase IT spending: survey: http://www.networkworld.com/news/2011/052311-bloomberg-survey.html
By Ann Bednarz Network World May 23, 2011
IT execs in the financial services industry say they plan to increase tech spending and use more managed services as they struggle to process [...]
 
InfoSec News: Tight defense budgets could yield better cybersecurity, information sharing: http://fcw.com/articles/2011/05/23/dod-budget-problems-cybersecurity-information-sharing.aspx
By Amber Corrin FCW.com May 23, 2011
The Defense Department’s ongoing budget struggles could lead to streamlined cybersecurity efforts and better shared capabilities across [...]
 
InfoSec News: [Dataloss Weekly Summary] Week of Sunday, May 15, 2011: ========================================================================
Open Security Foundation - DataLossDB Weekly Summary Week of Sunday, May 15, 2011
53 Incidents Added.
======================================================================== [...]
 
InfoSec News: Seven security incidents in two months - Sony’s nightmare grows (Update): http://www.thetechherald.com/article.php/201121/7185/Seven-security-incidents-in-two-months-Sony-s-nightmare-grows
By Steve Ragan The Tech Herald May 23 2011
It seems that Sony has had to deal with one embarrassing incident after another recently. [...]
 
InfoSec News: 4th Summer School on Network and Information Security (NIS'11) - CALL FOR PARTICIPATION: Forwarded from: Ioannis Askoxylakis <asko (at) ics.forth.gr>
===========================================================================
OUR SINCERE APOLOGIES IF YOU RECEIVE MULTIPLE COPIES OF THIS ANNOUNCEMENT ===========================================================================
[...]
 
InfoSec News: Man Gets Past Willis Tower Security, All the Way Up to 102nd Floor: http://www.myfoxchicago.com/dpp/news/metro/willis-sears-tower-man-security-threat-elevator-chicago-terrorism-20110523
By Craig Wall FOX Chicago News 23 May 2011
Chicago - Willis Tower security is investigating how a disheveled man wandered into an elevator and made it all the way up to the 102nd floor before anyone stopped him.
The camera in the Franklin Street lobby of the Willis Tower shows a security officer directing people where to go on Monday, May 16, as they usually do. But, when the long haired, 42-year-old psychiatric patient wandered in, security missed him.
After meandering down several hallways, the man follows an employee with a key pass into a freight elevator and makes his way up the Tower.
A spokesman for the Willis Tower says it was while the man was in the elevator that he was spotted by security. He was in the building for 16 minutes, making it all the way up to the 102nd floor. On his way down he was arrested on the 32nd floor and charged with misdemeanor trespassing.
[...]
 

Posted by InfoSec News on May 23

http://www.networkworld.com/news/2011/052311-bloomberg-survey.html

By Ann Bednarz
Network World
May 23, 2011

IT execs in the financial services industry say they plan to increase
tech spending and use more managed services as they struggle to process
data faster, less expensively and more reliably.

That's the consensus among more than 100 CIOs and technology executives
polled by Bloomberg. The survey respondents were attendees at...
 

Posted by InfoSec News on May 23

http://fcw.com/articles/2011/05/23/dod-budget-problems-cybersecurity-information-sharing.aspx

By Amber Corrin
FCW.com
May 23, 2011

The Defense Department’s ongoing budget struggles could lead to
streamlined cybersecurity efforts and better shared capabilities across
the military services, defense officials said.

The hundreds of billions of dollars slated to be shaved from defense
spending will push DOD toward creating a joint...
 

Posted by InfoSec News on May 23

========================================================================

Open Security Foundation - DataLossDB Weekly Summary
Week of Sunday, May 15, 2011

53 Incidents Added.

========================================================================

DataLossDB is a research project aimed at documenting known and reported
data loss incidents world-wide. The Open Security Foundation asks for
contributions of new incidents and new data for...
 

Posted by InfoSec News on May 23

http://www.thetechherald.com/article.php/201121/7185/Seven-security-incidents-in-two-months-Sony-s-nightmare-grows

By Steve Ragan
The Tech Herald
May 23 2011

It seems that Sony has had to deal with one embarrassing incident after
another recently. Like piranha swarming someone injured in a river, it
looks like everyone is testing Sony’s security defenses. What does this
mean for Sony? Assuming it’s hurt at all by these incidents, can...
 

Posted by InfoSec News on May 23

Forwarded from: Ioannis Askoxylakis <asko (at) ics.forth.gr>

===========================================================================

OUR SINCERE APOLOGIES IF YOU RECEIVE MULTIPLE COPIES OF THIS ANNOUNCEMENT
===========================================================================

***************************************************************************
CALL FOR PARTICIPATION
4th Summer School on Network and Information Security...
 

Posted by InfoSec News on May 23

http://www.myfoxchicago.com/dpp/news/metro/willis-sears-tower-man-security-threat-elevator-chicago-terrorism-20110523

By Craig Wall
FOX Chicago News
23 May 2011

Chicago - Willis Tower security is investigating how a disheveled man
wandered into an elevator and made it all the way up to the 102nd floor
before anyone stopped him.

The camera in the Franklin Street lobby of the Willis Tower shows a
security officer directing people where to go...
 

Posted by InfoSec News on May 23

http://www.darkreading.com/advanced-threats/167901091/security/vulnerabilities/229625393/researcher-challenges-siemens-public-reaction-to-new-scada-flaws.html

By Kelly Jackson Higgins
Dark Reading
May 23, 2011

A researcher who late last week pulled his planned public presentation
on some newly discovered and deadly SCADA bugs contends that Siemens is
unfairly attempting to publicly downplay the flaws and the nature of
their exploitability....
 


Internet Storm Center Infocon Status