Hackin9
LinuxSecurity.com: A vulnerability in DenyHosts could allow a remote attacker to create a Denial of Service condition.
 
LinuxSecurity.com: Multiple vulnerabilities have been found in Network Audio System, the worst of which allows remote attackers to execute arbitrary code.
 
LinuxSecurity.com: An improvement was made for PHP FPM environments.
 
LinuxSecurity.com: Updated dovecot packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. The Red Hat Security Response Team has rated this update as having Moderate [More...]
 
LinuxSecurity.com: Security Report Summary
 
LinuxSecurity.com: New seamonkey packages are available for Slackware 14.0, 14.1, and -current to fix security issues. [More Info...]
 
LinuxSecurity.com: New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. [More Info...]
 
LinuxSecurity.com: New samba packages are available for Slackware 14.0, 14.1, and -current to fix security issues. [More Info...]
 
LinuxSecurity.com: Multiple vulnerabilities have been discovered in Asterisk, the worst of which could allow privileged users to execute arbitrary system shell commands.
 
LinuxSecurity.com: A vulnerability in Dnsmasq can lead to a Denial of Service condition.
 
LinuxSecurity.com: Swift did not properly perform input validation of certain HTTP headers.
 
LinuxSecurity.com: Several security issues were fixed in OpenStack Neutron.
 
Of all the things Google officials talked about during the annual developers conference keynote, the things that had a lot of people buzzing were those the company didn't mention.
 
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Google has unveiled the first three smartwatches that will run Android Wear, a cut-down version of Android for wearable devices, and we got our hands on one of them: the Samsung Gear Live.
 
After focusing on Android during much of today's lengthy keynote, Google officials turned their attention to the enterprise.
 
Google gave about 6,000 developers attending its I/O conference on Wednesday two Android Wear smartwatches -- one for now and one for later -- as a not-so-subtle invitation to get developers to build more apps for those devices and their connected smartphones.
 
Facebook has followed Google and Yahoo in revealing just how diverse its workforce is, and just like the other two tech giants, it's a whole lot white and a whole lot male.
 
Google is set to release an SDK aimed at making fitness-based apps more effective by pulling in data from multiple devices.
 
Google today answered Microsoft's boost of cloud storage space by announcing it would give Google Apps for Business customers an unlimited amount of storage for an additional $5 a month per user.
 
Google will provide enterprise-focused security and management features to its entire Android showcase of mobile devices, including features reserved only for Samsung devices running Samsung security software called Knox, a Google executive announced during the Google I/O keynote address Wednesday.
 
ownCloud Multiple Cross Site Scripting Vulnerabilities
 
Privacy and civil rights groups lauded Wednesday's unanimous U.S. Supreme Court ruling that police must obtain a search warrant before searching through the contents of an arrested person's cellphone.
 
A10 Networks ACOS Remote Buffer Overflow Vulnerability
 
FrontAccounting CVE-2014-3973 Multiple SQL Injection Vulnerabilities
 
Oracle Endeca Server CVE-2014-2400 Cross Site Scripting Vulnerability
 
Oracle Endeca Server CVE-2014-2399 Cross Site Request Forgery Vulnerability
 
If the key to winning cloud business is to earn the approval of developers, as pundits say, then Google is busy wooing programmers with a new set of tools for its cloud platform.
 
Taking what many see as the next step in big data analysis, Google is previewing a service called Google Cloud Dataflow that analyzes live data, potentially giving users the ability to view trends and be alerted to events as they happen.
 
Under pressure from Microsoft's Office 365, Google has launched a premium edition of Apps with unlimited cloud storage and extra IT controls, and has also improved the Docs office productivity suite.
 
The clock is ticking on support for Office for the Mac 2011, and there's still no sign from Microsoft of a replacement.
 
Privacy and civil rights groups lauded Wednesday's unanimous U.S. Supreme Court ruling that police must obtain a search warrant before searching through the contents of an arrested person's cellphone.
 
Chromebooks will soon be able to receive notifications and run applications from Android smartphones and tablets.
 
Android TV is Google's latest effort to make inroads into the smart TV market, with a software system that can be embedded into televisions and other devices to stream content.
 
[SECURITY] [DSA 2967-1] gnupg security update
 
CVE-2014-2385 - Multiple Cross Site Scripting in Sophos Antivirus Configuration Console (Linux)
 
CVE-2014-3752 - Arbitrary Code Execution in G Data TotalProtection 2014
 
[RT-SA-2013-003] Endeca Latitude Cross-Site Scripting
 
Catbird Networks Director of Product Management, Malcolm Reike, talks about how virtualization changes the security game with Network World Editor in Chief John Dix.
 
The problem with Security Awareness programs is that it is hard to prove their successes. As with all security countermeasures, success is usually that nothing happens. Ideally, success also means that there is a report of the attempted attack, however that is rarely the case. With technical countermeasures however, logs are usually maintained that allow people to point to all of the prevented attacks.
 
Canadian airline company WestJet is one of the earliest customers of VMware's NSX network virtualization tools, which initially reached for the tech to address a security issue. Network World Editor in Chief John Dix recently sat down with WestJet technologist Richard Sillito to learn what the company is learning about network virtualization and its broader NSX plans.
 
Google is bringing its Android mobile operating system to one more thing that you use every day -- your car.
 
Google is launching a new version of its Android operating system for use in cars, seeking to integrate itself into a place in which Americans spend hours every week.
 
Google entered the hot smartwatch market Wednesday, unveiling two devices, the LG G and Samsung Gear Live.
 
Openfiler Multiple Security Vulnerabilities
 
Videos Tube â??urlâ?? Parameter Multiple SQL Injection Vulnerabilities
 
OpenNMS Unspecified Multiple Cross Site Scripting Vulnerabilities
 
Reflected Cross-Site Scripting (XSS) Vulnerability in Storesprite
 
Google gave several thousand developers and a global Internet audience a preview of the next version of its Android operating system Wednesday as it opened its I/O conference in San Francisco.
 
Google wants to cut prices on Android smartphones to under US$100 and is providing a reference design so handset makers can reach that price.
 
Police cannot generally search cellphones without a warrant when they are arresting someone, the U.S. Supreme Court ruled in a unanimous decision Wednesday that weighs heavily in favor of Fourth Amendment and privacy rights.
 
A new 3D webcam for mobile devices from Intel that can assess facial expressions is slated to appear in some tablets early next year.
 

Developers in China have published what appears to be a reliable and malware-free jailbreak for most iPhones and iPads running the latest version of Apple's iOS. The release underscores how hard it is to keep such jailbreak exploits out of the public domain, since the code vulnerability that makes it possible appears to come from a highly secretive training class on iOS exploit development.

Jailbreaks allow iOS users to bypass Apple's iron-clad technical restrictions and install unauthorized third-party software that is not included in the App Store. The technique appeals to many users, but it also comes with significant risks. One is that the process could temporarily or possibly damage the device. Another is that jailbreak developers may bundle keyloggers or other types of malware inside the software that performs the operation, leaving users with a device that steals passwords, tracks geographic whereabouts, or performs other nefarious deeds. Neither of those risks appears to accompany the release this week of the PanGu jailbreak, but Ars hasn't verified its safety, security, or reliability. Readers who choose to run the program do so at their own risk.

The jailbreak, according to security researchers at Lacoon Mobile Security, uses a digital certificate Apple provides to enterprise customers to bypass restrictions on unauthorized apps. Apple makes them available so that customers can establish their own in-house source of apps instead of relying on the App Store. PanGu uses the certificate associated with "iPhone Distribution: Hefei Bo Fang communication technology co., LTD." At the moment, users must physically connect their iPhones or iDevices to a computer, but it's possible that PanGu could be refashioned to work remotely.

Read 4 remaining paragraphs | Comments

 
The U.S. Supreme Court has ruled that Web-based video streaming service Aereo, which rebroadcasts over-the-air television through antenna farms, violates the copyrights of TV networks.
 
The U.S. Supreme Court has ruled that Web-based video streaming service Aereo, which rebroadcasts over-the-air television through antenna farms, violates the copyright of TV networks.
 
Expect more wearables, robots and even electric cars to come from manufacturing giant Foxconn Technology Group, as the Taiwanese company tries to reinvent itself as a broader technology service provider.
 
Four years after a string of suicides brought unwanted attention to his company, Foxconn Technology Group's CEO said none of the deaths had to do with poor working conditions at its factories.
 
The leading social media companies are outraged over NSA surveillance, but would that spying even be possible if Facebook, Google and Twitter weren't collecting data and selling it to online marketers? Social media companies unintentionally opened new windows for spies to creep into our lives, and their claims of innocence are insincere.
 
Police must obtain warrants to search cellphones and smartphones when they are making arrests, the U.S. Supreme Court has ruled in a unanimous decision.
 
Mozilla Firefox/Thunderbird CVE-2014-1534 Multiple Memory Corruption Vulnerabilities
 
Just because your CRM project involves software, infrastructure and the cloud doesn't mean it's just an engineering project. There's some design work involved, too -- and, as any homeowner can tell you, sometimes the window dressing costs more than the window.
 
Microsoft's decision to boost free storage space to one terabyte for Office 365 subscribers is less a game changer for the rent-not-own concept than additional evidence that storage is transforming from a separate service to a feature, analysts argued today.
 
NEW VMSA-2014-0007 - VMware product updates address security vulnerabilities in Apache Struts library
 
[slackware-security] seamonkey (SSA:2014-175-05)
 
[slackware-security] samba (SSA:2014-175-04)
 
[slackware-security] gnupg2 (SSA:2014-175-03)
 
RXVT-Unicode CVE-2014-3121 Remote Command Execution Vulnerability
 
FreeBSD Security Advisory FreeBSD-SA-14:16.file
 
FreeBSD Security Advisory FreeBSD-SA-14:15.iconv
 
[security bulletin] HPSBMU03053 rev.1 - HP Software Database and Middleware Automation, OpenSSL Vulnerability, Remote Unauthorized Access or Disclosure of Information
 
[HITB-Announce] #HITB2014KUL round 1 CFP submission deadline in < 1 week
 
Governments are increasingly using spyware for mobile devices to monitor targets, raising questions over the possible misuse of such tools, a new study suggests.
 
Up to 1.3 million records, including health care and bank account information, may have been exposed after a server at Montana's public health department was hacked in May, the state said Tuesday.
 
Google will soon ship an upgraded version of Google Glass with 2GB of RAM, angering early members of its Glass Explorer Program stuck with the older model.
 
OpenAFS Remote Denial Of Service Vulnerability
 
WordPress JW Player for Flash & HTML5 Video Plugin Cross Site Request Forgery Vulnerability
 
Samba Uninitialized Memory Information Disclosure Vulnerability
 
Samba 'nmbd' NetBIOS Name Serives Daemon Denial of Service Vulnerability
 
If you've ever been sick with a cold or the flu while traveling, Verizon's new videoconferencing technology could help you reach a doctor for a quick consult from a smartphone or tablet.
 

Posted by InfoSec News on Jun 25

http://www.cnet.com/news/new-uk-cybersecurity-training-scheme-prepares-for-hackers/

By Rich Trenholm
@rich_trenholm
CNet News
June 24, 2014

With hackers attacking almost every government body, institution and
business, organisations have to do more than hide behind technology --
they have to invest in people too, from the server room to the boardroom.
That's the message from cybX, a new cybersecurity training scheme in North
Yorkshire....
 
Wireshark Frame Metadissector CVE-2014-4020 Denial of Service Vulnerability
 
Cogent Real-Time Systems DataHub 'GetPermissions.asp' Remote Code Execution Vulnerability
 

Posted by InfoSec News on Jun 25

http://www.washingtontimes.com/news/2014/jun/24/state-to-notify-13-million-of-computer-hacking/

By Lisa Baumann
Associated Press
June 24, 2014

HELENA, Mont. -- Montana officials said Tuesday they are notifying 1.3
million people that their personal information could have been accessed by
hackers who broke into a state health department computer server.

The letters are going to people whose information and records were on the
server....
 

Posted by InfoSec News on Jun 25

http://www.informationweek.com/government/cybersecurity/sensitive-data-protection-bedevils-it-security-pros/d/d-id/1278796

By William Welsh
InformationWeek.com
6/24/2014

Most organizations don't know where their sensitive structured or
unstructured data resides, says new Ponemon study.

Knowing where sensitive data is located on an organization's computer
systems would seem a prerequisite for sound IT security, but the vast...
 

Posted by InfoSec News on Jun 25

http://www.smh.com.au/it-pro/security-it/cupid-media-exposed-254000-australian-lonely-hearts-20140625-zskua.html

By Ben Grubb
SMH.com.au
June 25, 2014

Australian online dating company Cupid Media breached the Privacy Act by
failing to take reasonable steps to secure the personal information of
254,000 Australians held on its dating websites, the privacy commissioner
has found.

Cupid, run out of Southport on the Gold Coast, operates more...
 

Posted by InfoSec News on Jun 25

http://arstechnica.com/security/2014/06/attackers-poison-legitimate-apps-to-infect-sensitive-industrial-control-systems/

By Dan Goodin
Ars Technica
June 24 2014

Corporate spies have found an effective way to plant their malware on the
networks of energy companies and other industrial heavyweights—by hacking
the websites of software companies and waiting for the targets to install
trojanized versions of legitimate apps.

That's what...
 

InfoSec World 2015: Announces Date and Call for Papers
The Providence Journal
The 2015 InfoSec World conference will return to Disney's Contemporary Resort in Orlando, FL from March 23-25, 2015. We are putting together a dynamic lineup of practitioners and experienced speakers that will cover sessions and workshops dedicated to ...

and more »
 
Internet Storm Center Infocon Status