InfoSec News

Oracle has launched its new Sparc T4 processor, along with new hardware that it hopes will turn up the heat on server rivals Hewlett-Packard and IBM.
 
Intel on Monday started shipping new low-power Atom chips built on the platform code-named Cedar Trail, with numerous improvements to boost graphics and application performance over their predecessor.
 
APC PowerChute Network Shutdown HTTP Response Splitting and Cross Site Scripting Vulnerabilities
 

Infosec Technologies leads the way in Cloud-based IT Security Services
Online PR News (press release)
Online PR News – 26-September-2011 –Infosec Technologies, a leading information security solutions and services reseller, has taken the lead in identifying the IT security services best suited to a cloud-based delivery model. ...

 
MySQL.com have been compromised and spreading malware. This was first spotted by the folks over at Amorize. Looks like there is a piece of Javascript on mysql.com containing some obfuscated iframe link which in turn link the user to the malicious content - Blackhole exploit kit. A torrent of exploits then hit the user's browser, PDFcomponent, Java..
The issues had now been cleaned up on mysql.com but no further words on the scope of the compromise. It also appears to be the second time this year. In the last incident, SQLinjection was used to gain access to the information on the site.
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Thunderbolt ports on Apple's current line of Macintosh computers will be compatible with upcoming fiber optic cables, which should be ready by next year, an Intel spokesman said.
 
T-Mobile USA unveiled its fastest 4G smartphones, both running dual-core 1.5GHz processors and going on sale Oct. 12.
 
Apple's iPhone lost share among U.S. consumers who bought a mobile phone in the last three months, while the share for devices running Google's Android climbed, Nielsen said Monday.
 
Recently, Facebook announced a new music service that incorporates streaming music services with such partners as Spotify, Rhapsody, Mog, Rdio, iHeartRadio, and Slacker. The idea is that when Facebook members listen to music from one of these services, they can elect to share a constantly updating playlist of tracks they're playing. Those "friends" who have access to the same music service can then also play this music simply by clicking on a link to the track.
 
Rite Aid said today that it's installed kiosks in Detroit-area stores that allow customers to engage in online chats with physicians.
 
House Republican leaders and President Barack Obama were each holding town hall style meetings today in Silicon Valley to talk about the economy.
 
Google Calendar rocks--except when it doesn't. For example, the managers of my daughter's soccer team use the free service to share a practice, game, and event schedule with all the parents--a much more practical solution than sending out endless e-mails or making photocopies of a paper schedule.
 
The website for the open-source MySQL database was hacked and used to serve malware to visitors Monday.
 
From a new twist on tech support to playing the odds with a large number of desperate job seekers, today's social engineers are getting very specific in their plans to manipulate their marks.
 
UPEK Protector Suite QL '.vtp' File Buffer Overflow Vulnerability
 
Google and one of its resellers have asked a federal court to dismiss their case against the U.S. Department of the Interior over Microsoft-only bids for cloud-based services.
 
Cisco IOS Data-Link Switching CVE-2011-1625 Remote Denial of Service Vulnerability
 
Vulnerability found in Flynax Classifieds products
 
Two U.S. government agencies have begun to return $55 million in forfeited funds from a Web-based operation accused by investigators of being a massive Ponzi scheme, the U.S. Department of Justice and U.S. Secret Service announced Monday.
 
Qt 'gray-scale' Image File Buffer Overflow Vulnerability
 
[SECURITY] CVE-2011-1184 Apache Tomcat - Multiple weaknesses in HTTP DIGEST authentication
 
BoxTone, an enterprise mobility management software provider, today announced new enhancements to its Enterprise Mobility Management (EMM) platform that are designed to help CIOs, CISOs and other IT managers meet security and compliance regulations while managing large numbers of employee- and corporate-owned mobile devices.
 
One of Canada's largest political parties is using cloud-based Salesforce.com in the U.S. to store information about voters and interact with them, but worries that U.S. government snoops could peek at sensitive information under U.S. law prompted the Canadian party to use a strong encryption approach.
 
foomatic Insecure Temporary File Creation Vulnerability
 
Linux Kernel 'CIFSFindNext()' Function Denial of Service Vulnerability
 
[CVE-2011-3645] Multiple vulnerability in Newgen's Omnidocs
 
AdaptCMS 2.0.1 Multiple security vulnerabilities
 
Advanced Electron Forums (AEF) 1.0.9 <= Cross Site Request Forgery (CSRF) Vulnerability
 
Serendipity freetag plugin 'serendipity[tagview]' Cross-Site Scripting vulnerability
 
Although Mozilla will urge users to stick with Firefox's rapid release schedule, there's nothing to prevent them from adopting a much slower tempo that's been proposed for enterprises.
 
After 19 consecutive losing seasons, the Pittsburgh Pirates need a little extra help finding fans to buy tickets for seats at PNC Park.
 
The legal battle between Apple and Samsung continued on Monday in a district court hearing in The Hague, Netherlands, during which the two companies argued the merits of four Samsung patents.
 
Hackito Ergo Sum 2012 dates
 
TWSL2011-013: Multiple Vulnerabilities in IceWarp Mail Server
 
TWSL2011-014: Vulnerability in Pantech Web Browser SSL Implementation
 
Apache Tomcat HTTP DIGEST Authentication CVE-2011-1184 Multiple Security Weaknesses
 
Oracle and Google will engage in another attempt to settle their lawsuit over alleged Java patent and copyright violations in the Android mobile OS.
 
GMER '0x7201c008' IOCTL Call Local Privilege Escalation Vulnerability
 
Toshiba today announced a new cloud service interface on its Canvio 3.0 line of external portable hard drives, which automatically discovers files and recommends which should be backed up to the cloud.
 
Groupon's COO has quit after just five months and decided to return to her former employer, Google, Groupon said on Friday.
 
Samsung has launched the Omnia W, its first smartphone based on Windows Phone 7.5, also known as Mango.
 
The smartphone war this year has been won definitively by Android, which is expected to maintain a wide lead through 2015, according IDC data.
 
Cisco support will make Microsoft's Hyper-V environment more attractive to corporate customers, but it remains to be seen whether that's enough for Hyper-V to give VMware's ESXi a run for its money.
 
The three faces of Windows 8 herald tough choices and significant changes ahead for corporate IT
 
Apple held talks with Chinese environmental groups earlier this month after the U.S. tech giant was criticized for using manufacturers accused of polluting the environment in China.
 
Developers have faith in its longevity, but they wish Microsoft would lay out a clear commitment
 
Chinese mobile phone manufacturer Huawei announced a new Android smartphone that the company says has a battery life of up to three days on a single charge.
 
Intel's forthcoming MIC processor will be used by the Texas Advanced Computing Center to build a supercomputer with a peak performance of 10 petaflops that will eventually be upgraded "to at least" 15 petaflops.
 
IT professionals seeking jobs in healthcare should know that CIOs in that field look for applicants with a history of upgrading their tech and management skills. Insider (registration required)
 
Data Centers have always been secure, tightly controlled facilities, but the terrorist attacks of Sept. 11, 2001, brought about changes that have pushed physical and IT security to significantly higher levels. Insider (registration required)
 
Gibbs marvels at how theories about alternate universes abound.
 
SonicWALL Viewpoint Multiple Cross Site Scripting and HTML Injection Vulnerabilities
 
Sterling Trader Remote Integer Overflow Vulnerability
 
WordPress AdRotate Plugin 'track' Parameter SQL Injection Vulnerability
 
WordPress Link Library Plugin 'searchll' Parameter SQL Injection Vulnerability
 

Posted by InfoSec News on Sep 26

Hacker Halted USA, October 21-27 in Miami, is the EC-Council’s flagship
IT security event for both technical experts and C-Level executives.
It hosts lots of technical training courses and a two-day conference
with exhibits. The conference track themes include cloud security,
SCADA, and timely topics chosen by peer review and input from 450
training companies worldwide. Partner subscribers can receive a $100
discount on the three-day...
 

Posted by InfoSec News on Sep 26

http://www.dailymail.co.uk/news/article-2041560/Sex-message-female-MP-s-voicemail-greeting-hacker-disabled-Commons-telephone-system.html

By Simon Walters and Glen Owen
Mail Online
25th September 2011

Police are searching for a hacker who disabled the House of Commons
telephone system, penetrated an MP’s voicemail and left a sexually
offensive message as his calling card.

The incident prompted an urgent review of Westminster’s protection...
 

Posted by InfoSec News on Sep 26

http://news.cnet.com/8301-1009_3-20111422-83/usa-todays-twitter-account-falls-victim-to-hackers/

By Edward Moyer
Security
CNet News
September 25, 2011

The same group that hacked NBC News' Twitter account on September 9 and
sent tweets about a bogus attack on Ground Zero apparently grabbed hold
of USA Today's Twitter feed today and fired off a clutch of messages.

The taunting tweets from someone claiming to be The Script Kiddies...
 

Posted by InfoSec News on Sep 26

http://www.thestar.com/news/canada/politics/article/1059412--hackers-may-have-had-head-start-in-ottawa-cyberattack-documents

By Stephanie Levitz and Jim Bronskill
The Canadian Press
Sept. 25, 2011

OTTAWA -- Hackers may have had a four-day head start when they broke
into government systems in January in an attack that continues to leave
many employees without full Internet access and revealed flaws in the
security of federal computers....
 

Posted by InfoSec News on Sep 26

http://www.haftofthespear.com/?p=1913

By Mike
Haft of the Spear
August 7, 2011

Hundreds if not thousands of cyber security practitioners converged on
Las Vegas this past week. They came to see and be seen, to occasionally
share some newfound insight, but largely for the same reason everyone
goes to Vegas . . . do I really need to elaborate?

The media love these conferences because it’s easy to get quotes from
"experts" since,...
 
VSphere 5.0, the latest iteration of VMware's "Cloud Operating System," boasts a wealth of updates, including new tools to manage fleets of VMs, and vast tiers of virtualized, vMotion-enabled storage links.
 
LightSquared said late Sunday that it planned to run the next day in major newspapers in the U.S. an open letter explaining its position over the controversy surrounding its LTE (long-term evolution) network, particularly concerns about its interference with GPS (global positioning system).
 
Seemingly every day, the Google+ "suggestions" feature would implore me to "circle" (read: follow) the Google+ activities of Google CEO Larry Page, as more than 300,000 users had done already.
 
We did a fresh install and mostly upgrades to existing VMware vSphere 4.1 (patched) resources in our lab, which contains several Dell Servers and a DLink GB switch. It's connected in turn to our NOC at nFrame in Carmel Indiana, 78 miles away via Comcast Business Broadband. In the NOC are several servers including three primary test servers, an HP 585 (4 AMD CPUs with 4 cores each), HP 580 (four Intel CPUs with 4 cores each), and Dell 1950 (two Intel CPUs, four cores each). The servers are connected via two VLANs on an Extreme 10GB switch. Also connected is a Dell Compellent 15TB SAN. In turn, we used a Dell 1950 (8 cores) to host and control our infrastructure.
 
Internet Storm Center Infocon Status