[security bulletin] HPSBGN03610 rev.1 - HPE IceWall Products using OpenSSL, Remote Denial of Service (DoS), Arbitrary Code Execution
[security bulletin] HPSBMU03611 rev.1 - HPE Matrix Operating Environment on Windows and Linux, Multiple Remote Vulnerabilities
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Infosecurity Magazine

PCI Standard's Multi-factor Authentication Mandate Delayed 'Til 2018
Infosecurity Magazine
And whilst I, like many other infosec professionals, would like to see early SSL/TLS eradicated and MFA deployed everywhere, we have to face the harsh reality of our environment, and I can't blame the SSC for that.” Others agreed. “In my opinion, this ...

[security bulletin] HPSBMU03601 rev.1 - HPE Insight Control server deployment using OpenSSL, Multiple Vulnerabilities
[security bulletin] HPSBUX03606 rev.1 - HPE HP-UX running Apache Tomcat 7, Multiple Remote Vulnerabilities
[security bulletin] HPSBMU03600 rev.1 - HPE Insight Control server provisioning using OpenSSL, Remote Denial of Service (DoS)
VMware has released the following new and updated security advisories:
VMware VCenter Server -VMSA-2016-0006:http://www.vmware.com/security/advisories/VMSA-2016-0006.html

VMware vCenter and ESXi -VMSA-2015-0007.5:http://www.vmware.com/security/advisories/VMSA-2015-0007.html

MWare Products -VMSA-2016-0005.1http://www.vmware.com/security/advisories/VMSA-2016-0005.html

er MSISE - rwanner at isc dot sans dot edu - http://namedeplume.blogspot.com/ - Twitter:namedeplume (Protected)

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.


Here's how to make your own infrared camera cheaply
With 1080p cameras available at extremely affordable prices, it is extremely simple to produce your very own infrared camera. If you a look at the video given below, you will know that all cameras are capable of 'seeing' infrared light, but for ...

VMWare vSphere Web Client Flash XSS
Cisco Security Advisory: Cisco Products IPv6 Neighbor Discovery Crafted Packet Denial of Service Vulnerability

Cyber security isn't only about technology
IT World Canada
Most experts maintain security involves a combination of people, processes and technology. However, too often infosec leaders focus on technology because it's the most tangible thing — plug this hole with this solution and things are better. A report ...

and more »

(credit: Jürgen Telkmann)

Unknown attackers have been directing an ever-changing army of bots in a distributed denial of service (DDoS) attack against NS1, a major DNS and traffic management provider, for over a week. While the company has essentially shunted off much of the attack traffic, NS1 experienced some interruptions in service early last week. And the attackers have also gone after partners of NS1, interrupting service to the company's website and other services not tied to the DNS and traffic-management platform. While it's clear that the attack is targeting NS1 in particular and not one of the company's customers, there's no indication of who is behind the attacks or why they are being carried out.

NS1 CEO Kris Beevers told Ars that the attacks were yet another escalation of a trend that has been plaguing DNS and content delivery network providers since February of this year. "This varies from the painful-but-boring DDoS attacks we've seen," he said in a phone interview. "We'd seen reflection attacks [also known as DNS amplification attacks] increasing in volumes, as had a few content delivery networks we've talked to, some of whom are our customers."

In February and March, Beevers said, "we saw an alarming rise in the scale and frequency of these attacks—the norm was to get them in the sub-10 gigabit-per-second range, but we started to see five to six per week in the 20 gigabit range. We also started to see in our network—and other friends in the CDN space saw as well—a lot of probing activity," attacks testing for weak spots in NS1's infrastructure in different regions.

Read 7 remaining paragraphs | Comments

Open-Xchange Security Advisory 2016-05-25


Meet Jon Callas, The Security Czar Who Rejoins Apple
Meet Jon Callas, The Security Czar Who Rejoins Apple. by CXOtoday News Desk May 25, 2016 ... Callas is a member of the Infosec think tank The Shmoo Group. At Apple, he worked for Gursharan Sidhu, the inventor of AppleTalk. Callas “shipped the very ...

and more »
[slackware-security] libarchive (SSA:2016-145-01)

iT News

Hackers build alternative to 'flawed' CVE bug ID system
iT News
Security researchers are urging the infosec community to abandon the MITRE-run CVE scheme for naming flaws in favour of a system that distributes the responsibility for assigning identifiers away from a single, government-run organisation. The common ...

and more »
[security bulletin] HPSBGN03605 rev.1 - HPE Service Manager, Remote Disclosure of Information
Internet Storm Center Infocon Status