InfoSec News

Apple and Samsung Electronics won't be able to keep certain pieces of information from the public during their high-profile jury trial that begins on Monday, a judge in California said Friday. But what will be public and what won't still isn't known.
While earnings from marquee-name tech companies such as Apple and Facebook disappointed this week, sales of mobile devices and enterprise software showed signs of growth.
Facebook CEO Mark Zuckerberg said his company does not plan to create a Facebook-branded smartphone during a conference call with financial analysts and reporters this week.
How you feel about National Parks by National Geographic will largely hinge on whether you run the app on your iPhone or your iPad. And your appraisal of the National Geographic Society's app will further be influenced by whether you download the park guides available through the app.
Google disclosed in an email to the U.K. Information Commissioner's Office that it had not yet deleted all user data collected by its Street View vehicles, as it had agreed to more than 18 months ago.
Facebook has taken delivery of the first set of innovative server racks it helped design, technology that the company hopes other organizations with large data centers will adopt.

#BlackHat: Confessions of an #infosec fanboy
CSO (blog)
I got home from Las Vegas and reached into my suitcase, eagerly pulling out a collection of T-shirts I acquired at Black Hat and BSidesLV. I immediately put on my favorite -- an Akamai shirt with a honey badger large and in charge across the chest. I ...

In addition to fingerprint technology, AuthenTec provides mobile security software licenses. One of its customers is Samsung, a main rival of Apple's.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
SearchSecurity.com Black Hat 2012 contributor Jennifer Minella says security visibility was the underlying theme of this year's event.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
Apple's OS X Mountain Lion is off to a solid start in its first 48 hours and now powers more than 3% of all Macs, an online advertising network said today.
[ MDVSA-2012:118 ] apache-mod_security
French security firm Intego discovered a new Mac Trojan horse this week that is being used to target specific individuals.
AuthenTec, a maker of mobile security and fingerprint scanning technology, has been bought by Apple for $356 million. One of AuthenTec's most recent deals was to supply

Security researchers uploaded an Android app to the Google Play store and then gradually equipped it with malicious routines in order to find out how far they could go before Google's anti-malware Bouncer flagged it

[ MDVSA-2012:117 ] python-pycrypto
Security advisory for Bugzilla 4.3.2, 4.2.2, 4.0.7 and 3.6.10
In a deal that should help Apple boost its enterprise security offerings, the iPhone maker is planning to buy mobile security company AuthenTec for $8 per share or a little over $356 million, AuthenTec said on Friday.
In a deal that should help Apple boost its enterprise security offerings, the iPhone maker is planning to buy mobile security company AuthenTec for $8 per share or a little over $356 million, AuthenTec said on Friday.
MobileIron now supports OS X Mountain Lion, a sign of growing adoption of non-Windows devices
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Delays are plaguing Google's Nexus 7 tablet with 16GB of storage as some stores have stopped taking orders or delayed shipments of the product.
Samsung accused Apple of "ambush litigation" on Friday in Federal Court in Sydney by suddenly raising new defenses against the South Korean company's 3G patent infringement allegations.
Nvidia on Thursday said it will bring wireless display to its Tegra chips, which will allow tablets and smartphones based on the chips to beam images and audio directly to high-definition TVs.
One person died, and four were injured in a gas poisoning accident at an Apple supplier in China, which authorities said was caused by "improper operation" at its subsidiary's waste treatment facility.
Global Payments, which back in the spring reported a data breach in which information associated with an estimated 1.4 million payment cards was stolen, has revealed that expenses associated with investigations, fines and remediation has hit $84.4 million.
A researcher scored again against Oracle's database by demonstrating at the Black Hat security conference Thursday an exploit that would allow him to take control as an administrator.
Microsoft yesterday confirmed what most analysts and company watchers had concluded last month when the firm unveiled its own tablet, that it risks alienating the computer makers which account for the bulk of Windows sales.
As Olympic athletes take to a global stage in London this week, participants, coaches and fans are expected to take to their favorite social networks in record numbers.
IT managers in businesses and governments are taking steps to ensure that the Summer Olympics do not bust networks or budgets. The opportunity for problems is there.
The sale of Motorola's Android devices that infringe on a Microsoft patent was banned in Germany on Friday after a ruling of the lower regional Mannheim court, a court spokesman said.
A denial-of-service bug in digest authentication for Rails 3.x applications could allow an attacker to crash Ruby on Rails servers. A fix is now available

Security company FireHost reports that the number of registered SQL injection attacks rose by 69 per cent in the past quarter. This ties in well with the large number of password leak incidents over the past few months

Axel Springer subsidiary Gamigo has confirmed that a list of around 11 million password hashes was copied off its servers in March. The data has now been circulated around the internet and seems to contain unsalted hashes

The European Commission is planning further legislative measures to combat cybercrime and has launched a consultation on internet-based attacks and the protection of critical infrastructure from them

The company says it fixed the problems over a year ago in software updates but has only now issued security advisories for the problems

Google has introduced a new feature into the Chrome Development Channel which allows application developers to package their web apps and make them "first class apps" with added privileges and security

Some of the contenders have employed almost unfair craftiness. However, unlike their Hollywood counterpart, the Pwnie Awards also dish out plenty of mockery and ridicule: LinkedIn, the anti-virus industry and Oracle will likely not be too happy about their nominations

This time: memorise passwords like you ride a bike, buy DDoS attacks like you buy bread, expert knowledge in form of a fairy tale, a trojan app store, and a sniffer dog that barks up the wrong tree

In the past week a security hole was found in the Kindle Touch browser, Linux 3.5 is imminent, the Raspberry Pi is everywhere, and Steam for Linux becomes official. Features on phones, Java hiccups and Mandriva, and security alerts for credit cards, Mozilla browsers, Oracle and TeamViewer

The critical problem will not be resolved until the release of version 12 – until then, users will have to make do with a workaround

The popular remote access tool has been updated to address a potential security vulnerability and the developers recommend updating immediately

Mozilla has implemented changes to Firefox 14 after users complained about the "new tab" feature in the previous release. The thumbnail creation function has been changed so it no longer captures certain web sites

The world's third-largest botnet, responsible for 18% of total worldwide spam, has been shut down by security researchers. With Grum's command and control servers disabled, spam output has dramatically decreased

The web application firewall ModSecurity is now available to work with IIS and Nginx web servers; together with the existing Apache support, it is capable of running on 83% of existing web servers

For the sixth time, the "Security Oscars" have been awarded at the Black Hat information security conference in Las Vegas. However, one of the winners might not be too happy about the award

At the Black Hat information security conference in Las Vegas, security specialist Charlie Miller has demonstrated how different manufacturers' smartphones can be infected with malicious code via the Near Field Communication (NFC) standard [--] without the need for any interaction with the smartphone owner

A large number of server applications appear to have been made vulnerable by using Oracle's Outside In file conversion library. This includes products from Cisco, IBM, Novell, McAfee, Symantec and others

IBM has patched several security vulnerabilities in the mail filters of its Lotus Protector for Mail Security and Proventia Network Mail Security products. A security hole in WebSphere MQ has also been closed

A freely accessible API allowed anyone to access the plaintext passwords, email addresses and real names of around 900,000 prospective daters

Security experts have analysed a trojan that was sent to political activists in Bahrain in a targeted attack. Apparently, the trojan is closely related to FinFisher, a commercial spyware tool developed by Gamma International

Version 6.0 of Apple's Safari web browser is now available for OS X 10.7 Lion users - Safari 6 is included with 10.8 Mountain Lion, which was released today. The major update adds several new features and closes more than 120 security holes

One of the security holes that was disclosed by Oracle last week affects Microsoft's server products. The Oracle updates appear to have caught the company by surprise and it has now said that it is investigating the problem

Using an inexpensive Arduino board, a security researcher has managed to read the private cryptographic key from the memory of the Onity HT lock systems – used by a number of hotels around the globe – and unlock it

Versions 1.6.9 and 1.8.1 of the open source network protocol analyser close vulnerabilities that could have been exploited by an attacker to cause a denial of service (DoS). The legacy 1.4.x branch is also said to be affected

The web-based VirusTotal multi scanner has introduced a sandbox that executes uploaded files in a secure environment and informs users of potential irregularities

A reader discovered a hole at ClickandBuy that enabled attackers to steal users' access data. However, contacting the company about the vulnerability turned out to be difficult

Samsung shipped nearly twice the number of smartphones as Apple during the second quarter, as potential buyers of Apple's phones and operators hold off purchases in anticipation of a rumored new iPhone 5 by October, research firm Strategy Analytics said late Thursday.

The Express Tribune

Apple disappoints at first Black Hat briefing
Black Hat 2012 Apple's first Black Hat presentation was one of the most highly anticipated talks at this year's infosec gathering in Las Vegas, but many delegates were left feeling more than a little short-changed. The conference space for the ...
CORE Security to Showcase Deep Domain Expertise at Black Hat 2012MarketWatch (press release)

all 167 news articles »
Internet Storm Center Infocon Status