Information Security News
VMware has released an new and updated security advisory today. The two security advisories, listed below, address numerous vulnerabilities in the VMware platform. For information regarding the impacted versions, affected components, and related CVE">">Updated Advisory: ">">">tony d0t carothers --gmail(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
InfoSec Community Get Ready to Arm Yourself with New Cyber Defence Tactics ...
The Independent Singapore News (blog)
The SANS Technology Institute, a regionally accredited independent subsidiary, offers master's degrees in cyber security. SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters ...
Qualys discovered a criticalbuffer overflow in the gethostbyname() and gethostbyname2() functions in glibc. According to the announcement by Qualys, they were able to create an in-house exploit that will execute arbitrary code via the Exim">glibcbefore version 2.18 (released August ) is vulnerable. You can quickly check your glibc version by using ldd --version">These glibc">What should you do: Apply this update as soon as you see patched offered by your Linux/Unix distribution. Some Windows software (and of course OS X) uses glibcas well and may be vulnerable. Use thegetaddrinfo() function, not">">You shouldn">Highly critical Ghost">GHOST glibc Remote Code Execution Vulnerability Affects All Linux Systems - Michael Mimoso, Threatpost"https://www.us-cert.gov/ncas/current-activity/2015/01/27/Linux-Ghost-Remote-Code-Execution-Vulnerability" target="_blank">LinuxGhostRemoteCode">---
Graham Cluley Security News
Extrasignum complexitus! My infosec superpower
Graham Cluley Security News
The guys at the Tripwire State of Security blogger recently asked a bunch of infosec luminaries (and me) what our infosecurity superpower would be if Grace Hopper waved her magic wand and granted us a wish. Graham Cluley infosec superpower.
Business Wire (press release)
Insider Threat Summit Boasts Monterey as InfoSec Hub
Business Wire (press release)
MONTEREY, Calif.--(BUSINESS WIRE)--Significant progress is being made to enhance the technology industry on the Monterey Peninsula in California. The Insider Threat Summit, hosted by Advanced Onion and Tech Regiment, will be an integral part of ...
An extremely critical vulnerability affecting most Linux distributions gives attackers the ability to execute malicious code on servers used to deliver e-mail, host webpages, and carry out other vital functions.
The vulnerability in the GNU C Library (glibc) represents a major Internet threat, in some ways comparable to the Heartbleed and Shellshock bugs that came to light last year. The bug, which is being dubbed "Ghost" by some researchers, has the common vulnerability and exposures designation of CVE-2015-0235. While a patch was issued two years ago, most Linux versions used in production systems remain unprotected at the moment. What's more, patching systems requires core functions or the entire affected server to be rebooted, a requirement that may cause some systems to remain vulnerable for some time to come.
The buffer overflow flaw resides in __nss_hostname_digits_dots(), a glibc function that's invoked by the gethostbyname() and gethostbyname2() function calls. A remote attacker able to call either of these functions could exploit the flaw to execute arbitrary code with the permissions of the user running the application. In a blog post published Tuesday, researchers from security firm Qualys said they were able to write proof-of-concept exploit code that carried out a full-fledged remote code execution attack against the Exim mail server. The exploit bypassed all existing exploit protections available on both 32-bit and 64-bit systems, including address space layout randomization, position independent executions, and no execute protections. Qualys has not yet published the exploit code but eventually plans to make it available as a Metasploit module.
by Andrew Cunningham
Apple has just released the final build of OS X 10.10.2, the second major update for OS X Yosemite since its release. Version 10.10.1, published just a month after Yosemite's release, focused mostly on quick fixes for the new OS' most noticeable problems. Apple has been issuing betas for 10.10.2 since November, though, and a longer testing period usually implies that there are more extensive fixes.
First up, the new release is supposed to fix more of the Wi-Fi problems that some users have been experiencing since Yosemite's launch. 10.10.1 also included Wi-Fi fixes, though it apparently didn't resolve the problems for all. The new update will also address "an issue that may cause webpages to load slowly" and improve general stability in Safari, all of which should go a long way toward improving Yosemite's network and Internet performance.
Several privacy and security problems that we've reported on have been resolved in 10.10.2, as well. Though Apple will still share limited search and location information with Microsoft to enable Spotlight's Bing-powered Web searching feature, the company has fixed a bug that caused Spotlight to "load remote e-mail content" even when the setting was disabled in Mail.app itself. Our original report describes why this is a problem:
SC Magazine UK
Infosec teams unprepared for new EU data protection laws
SC Magazine UK
More than a third of IT security teams are unprepared for the EU's two incoming data protection laws, according to a new study from FireEye. Infosec teams unprepared for new EU data protection laws. In its latest survey entitled “Mixed State of ...
The National Football League's official app for both iOS and Android puts users at risk by leaking their usernames, passwords, and e-mail addresses in plaintext to anyone who may be monitoring the traffic, according to a report published just five days before Superbowl XLIX, traditionally one of the world's most popular sporting events.
Update: About seven hours after Ars published this post, a spokesman for the NFL said the vulnerability has been "addressed." The spokesman said the fix involved only changes to the servers the app connects to. Users aren't required to update their apps in order to be protected.
As Ars has chronicled in the past, large numbers of people use the same password and e-mail address to log into multiple accounts. That means that people who have used the NFL app on public Wi-Fi hotspots or other insecure networks are at risk of account hijackings. The threat doesn't stop there: the exposed credentials allow snoops to log in to users' accounts on http://www.nfl.com, where still more personal data can be accessed, researchers from mobile data gateway Wandera warned. Profile pages, for instance, prompt users to enter their first and last names, full postal address, phone number, occupation, TV provider, date of birth, favorite team, greatest NFL Memory, sex, and links to Facebook, Twitter, and other social networks. Combined with "about me" data, the personal information could prove invaluable to spear phishers, who send e-mails purporting to come from friends or employers in hopes of tricking targets into clicking on malicious links or turning over financial data. Adding to the risk, profile pages are transmitted in unencrypted HTTP, making the data susceptible to still more monitoring over unsecured networks, the researchers reported.
Brits need chutzpah to copy Israeli cyberspies' tech creche – ex-spooks
Yoni Heilbronn, VP Marketing at Argus Cyber Security, which specialises in the emerging field of infosec for automobiles, is another Unit 8200 alumnus. "Experience with technology gained in [military] service is applied in private firms," Heilbronn ...
Posted by InfoSec News on Jan 27http://www.newsobserver.com/2015/01/26/4502592_cybersecurity-proves-to-be-a-necessity.html
Posted by InfoSec News on Jan 27http://arstechnica.com/security/2015/01/those-teeth-gnashings-you-hear-are-flash-users-installing-a-new-0day-patch/
Posted by InfoSec News on Jan 27http://krebsonsecurity.com/2015/01/spreading-the-disease-and-selling-the-cure/
Posted by InfoSec News on Jan 27http://www.networkworld.com/article/2875517/security0/startup-finds-malware-intrusions-by-keeping-an-eye-on-processor-radio-frequencies.html
Posted by InfoSec News on Jan 27http://www.healthcareitnews.com/news/ehr-audit-catches-snooping-employee
Posted by InfoSec News on Jan 27http://3vildata.tumblr.com/post/109188919632/about-the-infosec-skills-shortage
Posted by InfoSec News on Jan 27http://www.bbc.com/news/uk-30977267