InfoSec News

One of New Zealand's intelligence agencies spied on Megaupload founder Kim Dotcom after it was given erroneous information on his immigration status, believing he was a foreign national.
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Residents of Estonia have the most freedom to do what they want on the Internet, with the U.S. ranking second among 47 countries examined by a group that pushes for democratic freedoms worldwide.
Facebook's stock price took a quick tumble today, dropping by about 10% just after noon ET, triggering a short-sale circuit breaker on the Nasdaq exchange.
When a relationship has run its course, the end must be handled professionally.
Facebook denied news reports of a major privacy breach involving users who saw their private messages from 2009 and before suddenly appearing on their viewable timelines as messages posted by their friends.
APPLE-SA-2012-09-24-1 Apple TV 5.1
LTE data speeds with the new LTE-ready iPhone 5 are many times faster than speeds over older 3G networks, according to delighted users, who praised the data speeds on Monday.
Yahoo's new CEO, Marissa Mayer, is expected to unveil her plan to turn around the ailing Internet company on Tuesday.
Consumers ranked Google Maps better than Apple's new homegrown mapping technology by more than 2 to 1 on Twitter, a social media analytics company said today.
Adobe Systems has launched PhoneGap Build, a service that aims to make it easier to develop cross-platform mobile applications by allowing them to be compiled in the cloud, the company said on Monday.
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1974 Use-After-Free Memory Corruption Vulnerability
Toshiba released what it said is its smallest external hard drive, the Canvio Slim, which comes with only USB 3.0 and not Thunderbolt.
Microsoft has announced price increases for its Windows Office suite of as much as 17%, but its plans for Office on the Mac remain a mystery.
SAP on Monday announced a new family of products that marry its Business Objects BI (business intelligence) software with the Sybase IQ analytic database and include specialized business content for use by various industries.
CVE-2012-4415: guacamole local root vulnerability
DDIVRT-2012-42 Novell GroupWise Agents Arbitrary File Retrieval (CVE-2012-0419)
The System Center 2012 modules that we previously tested -- Orchestrator and Configuration Manager -- require forklift upgrades. But the modules we tested this time around - App Controller, Virtual Machine Manager and Data Protection Manager -- are more graceful and, in some cases, more powerful.
Apple today said it had sold more than 5 million iPhone 5 smartphones during the opening three-day weekend of sales, a 25% increase over last year's launch of the iPhone 4S.
Microsoft will lay out the reasons it believes enterprises need to adopt the new version of its Exchange email server at a conference this week devoted to the product.
There are a number of emerging and proposed standard protocols focused on optimizing the support that data center Ethernet LANs provide for server virtualization. Several of these protocols are aimed at network virtualization via the creation of multiple virtual Ethernet networks that can share a common physical infrastructure in a manner that is somewhat analogous to multiple virtual machines sharing a common physical server.
Toshiba ConfigFree CF7 File Stack Buffer Overflow (Comment Field
Toshiba ConfigFree CF7 File Remote Command Execution
Toshiba ConfigFree CF7 File Stack Buffer Overflow (ProfileName)
Tor Multiple Denial of Service Vulnerabilities
Using an app they created for NFC-equipped Android smartphones, two security researchers were able to reset a contactless travel card and effectively get unlimited travel on two US public transport systems; other systems are also likely to be vulnerable

[CVE-ID REQUEST] Atlassian Confluence - Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities
GreHack 2012 - 19th Oct. Grenoble, France - Conference + CTF - Call For [ Participation, Student Grants Application, Music Bands/Artists/DJ ]
[SECURITY] [DSA 2551-1] isc-dhcp security update
[security bulletin] HPSBMU02815 SSRT100715 rev.3 - HP SiteScope SOAP Security Issues, Remote Disclosure of Information, Remote Code Execution
In an effort to expand programmer awareness, Oracle has released a free version of its Oracle Application Development Framework (ADF).
Sony will launch a new line of small, flat, external batteries to provide extra juice for tablets and smartphones, the first such products to use its thin "laminate" technology, it said Monday.
The Iranian government appears to have blocked access to Google's search engine and Gmail webmail service from inside Iran, according to Internet users there.
What to do if you have data on your iPhone or other iOS device that you want to protect.
U.S. ISPs are reporting a significant rise in IPv6 traffic during the last three months, even though the overall numbers remain tiny -- less than 1% of Internet traffic.
If a milestone on the path of a language becoming popular is when it is found being used to develop malware, then Google's Go has just passed that milestone. Symantec says it has found some Go-based malware in a trojan

ISC BIND 9 TCP Query Remote Denial of Service Vulnerability
IT is moving to the cloud -- and so are the jobs. Here's how to cash in on the hot trend in tech hiring
Hack like Bobby Tables' mother, hacking lessons, another fancy attack map, a PIN glitch, and the former potentially most secure PIN number in the world

Do Not Track in Internet Explorer 10 won't kill online advertising. Microsoft, as much as anyone else, has its eye on that multibillion-dollar prize.
GM plans to hire 10,000 IT professionals as it discontinues outsourcing arrangements and pulls most of its IT work back in-house.
Analysts have lowered their tech spending forecasts, blaming Europe, a slowdown in China and a stronger U.S. dollar. But they say the stage could be set for future growth -- if the politicians don't blow it.
The Ohio Department of Public Safety successfully moved its mainframe applications to a Windows-based system, and all the work was done in-house over five years.
The help desk at the Tennessee Valley Authority, once a career graveyard, has changed its image -- and its success rate.
It's a dysfunctional industry reliant on a triad of supporting companies with their own priorities. Insider (registration required)
Orlando Health VP and CIO Rick Schooler talks about how analytics is transforming healthcare. Insider (registration required)
With the iPhone 5, Apple has again delivered something worthy of the iconic iPhone name and legacy, says columnist Michael deAgonia.
If the iPhone 5 sells as well as expected, it could create challenges for IT shops wrestling with bring-your-own-device policies.
Netflix no longer wants to run a data center to support its in-house IT services. So it's shifting internal applications to Amazon's cloud and turning to software-as-a-service providers for other business systems.

Posted by InfoSec News on Sep 24


By William Jackson
Sep 21, 2012

The National Institute of Standards and Technology has released revised
guidelines for risk assessment, outlining updated steps for establishing
risk-based security in federal information systems.

Risk assessment is identifying, estimating and prioritizing the risks to
an organization’s operations and assets so that they can be...

Posted by InfoSec News on Sep 24


By Nick Pisa
Mail Online
23 September 2012

A man who posed as a pilot and joined cabin crew in a plane cockpit has
been arrested, Italian police said today.

The unemployed 32-year-old man, whose real identity was not released,
created a fake profile for himself on Facebook and called himself Andrea
Sirlo, even...

Posted by InfoSec News on Sep 24


By Jaikumar Vijayan
September 21, 2012

Hackers using a Remote Access Trojan (RAT) named Mirage have been
engaged in a systematic cyber espionage campaign against a Canadian
energy company, a large oil firm in the Philippines and several other
entities since at least this April, Dell's SecureWorks Counter Threat
Unit says.


Posted by InfoSec News on Sep 24


BBC News
21 September 2012

A former Lloyds bank worker in charge of online security has been jailed
for five years over a £2.4m fraud.

Jessica Harper, 50, submitted false invoices to claim payments between
2007 and 2011.

At the time, she was working as head of fraud and security for digital
banking at the company.

Harper, of South Croydon, south London, admitted fraud by abuse of...

Posted by InfoSec News on Sep 24


By Dawn Lim
September 21, 2012

The Air Force's chief of staff expressed concerns that the Pentagon is
moving on cybersecurity spending without a coordinated plan on how
defense agencies should deal with threats to sensitive networks, Foreign
Policy reports.

Gen. Mark Welsh spotlighted the Air Force’s lack of...

Zawya (registration) (press release)

Zawya (registration) (press release)
INFOSEC UPS System solutions protect your sensitive equipment from potentially irreversible damage caused by voltage dips, overvoltage, power cuts and interference to the electrical network. At GITEX, INFOSEC will present among other products two ...

Apple supplier Foxconn said an "incident" involving 2,000 workers erupted late Sunday night near a company manufacturing facility in China, as photos posted online showed cars turned over and store windows broken in what appeared to be a mass riot.
New Zealand's prime minister called on Monday for an inquiry into illegal spying on individuals connected with the now defunct file-sharing site Megaupload by one of the country's intelligence services.
ZEN Load Balancer Multiple Security Vulnerabilities
NTR ActiveX control Buffer Overflow and Remote Code Execution Vulnerabilities

Hacktivism skews security trend analysis
SC Magazine Australia
The re-emergence of the hacktivist movement appears to have thrown a spanner in the works for those in the InfoSec industry charged with data breach trend analysis. There has been a series of massive data breaches over the last 16 months - each of ...

and more »
Internet Storm Center Infocon Status