Hackin9

InfoSec News


Business Insider

The Navy Gave Us A Personal Tour Of Their Massive Hovercraft
Business Insider
... Events · About BI · Events · BI Intelligence · Military & Defense Home · Troops · Hardware · INFOSEC · The Smoke Pit · After Action Report · Hive · Contributors ...

 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Google announced a consumer media-streaming device it calls the Nexus Q at its I/O conference, taking the fight to Apple, which has largely dominated the landscape of music- and video-friendly consumer devices with items including the iPad and Apple TV.
 
It's hard to one-up skydivers flying into a tech conference while being live-streamed through Google's computerized glasses. But Google's Vic Gundotra might have done that when he told developers that they would be leaving Google I/O with the just-announced Nexus 7 tablet and Nexus Q home streaming device, as well as a Galaxy Nexus smartphone.
 
Afew days ago I wrote about a few arrests in Belgium in relation to online banking fraud. In the mean time more has surfaced around the globe and the scope of the attacks seem to be much broader than what we knew at the time.
The media are confusing the technically inclined among us, so going back to the source is quite useful: McAfee and Guardian Analytics have published a white paper on these attacks.
--

Swa Frantzen -- Section 66 (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
 
With its new Google Now smart assistant, Google hopes to take search to another level -- and take on Apple's Siri.
 

Wyndham Worldwide Corp. Sued Over Credit Card Breaches
Huffington Post
Like. 1k. Get Alerts. Loading... TOP LINKS ON THIS TOPIC. 1 of 3. InfoSec FTC Sues Wyndham Against Credit Card Data Breach - RTT News #CyberSecurity ...

 
Google announced a consumer media-streaming device it calls the Nexus Q at its I/O conference, taking the fight to Apple, which has largely dominated the landscape of music- and video-friendly consumer devices with items including the iPad and Apple TV.
 
Google's new Nexus 7 tablet may be aimed more at Amazon and its Kindle Fire than Apple and its iPad, but Apple will not be able to ignore the low-end of the tablet market dominated by 7-in. devices, analysts said today.
 
Apple QuickTime Prior To 7.7.2 Text Tracks Heap Overflow Vulnerability
 
Cisco Security Advisory: Buffer Overflow Vulnerabilities in the Cisco WebEx Player
 

I’ve covered a lot on online bank fraud in the past – there seems to be no end to the increasingly sneaky techniques cybercriminals develop to siphon money out of victims’ bank accounts. This week, McAfee Inc. and Guardian Analytics Inc. released the findings of their investigation into a global fraud ring that takes the old techniques up a notch.

In their report, “Dissecting Operation High Roller” (.pdf), the companies report cybercriminals — building on older Zeus and SpyEye tactics – are targeting high-balance bank accounts belonging to businesses and individuals. Unlike past online bank fraud attacks using Zeus and SpyEye, though, these new attacks use server-side components and heavy automation. According to the report, the attacks have been mostly in Europe, but are now spreading to the U.S.

Criminals have tried to steal more than $78 million in fraudulent transfers from at least 60 financial institutions, including large global banks, credit unions and regional banks, the report said.

In a blog post, Dave Marcus, director of advanced research and threat intelligence at McAfee, noted that by shifting from traditional man-in-the-browser attacks on a victim’s PC to server-side automation attacks, criminals have moved from multipurpose botnet servers to cloud-based servers that are purpose-built and dedicated to processing fraudulent transactions. The strategy, he said, helps criminals move faster and avoid detection.

The report describes attacks in the U.S. and The Netherlands as using a server located with an ISP with “crime-friendly usage policies” and moved frequently to avoid discovery.

All pretty unsettling stuff, suffice to say. And, according to the report, financial institutions can expect even more automated and creative forms of fraud in the future.



Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Red Hat is planning to roll out a number of product sets for building hybrid clouds over the next few months, the company announced Wednesday at the Red Hat Summit conference in Boston.
 
ZDI-12-105 : Apple Quicktime Text Track Descriptor Parsing Remote Code Execution
 
ZDI-12-104 : SAP Netweaver ABAP msg_server.exe Parameter Value Remote Code Execution Vulnerability
 
ZDI-12-103 : Apple Quicktime Dataref URI Buffer Remote Code Execution
 
ZDI-12-102 : Novell iPrint Client nipplib.dll GetDriverSettings realm Remote Code Execution Vulnerability
 
Google's $199 Nexus 7 tablet is more than a competitor to Amazon's Kindle Fire, but it isn't on the same scale as the iPad, analysts said.
 
TechNet, an industry lobbying group, Wednesday released a letter signed by nearly 350 companies that calls on Congress to eliminate the per-country cap on green cards just as details of the latest U.S. Senate proposal came to light.
 
After teasing people with bits of images and information about the development of its computerized glasses, Google made a splash today showing off Google Glass at Google I/O.
 
Apple Mac OS X CVE-2011-3459 Remote Code Execution Vulnerability
 
ZDI-12-101 : IBM Cognos tm1admsd.exe Multiple Operations Remote Code Execution Vulnerabilities
 
[security bulletin] HPSBMU02786 SSRT100877 rev.1 - HP System Management Homepage (SMH) Running on Linux and Windows, Remote Unauthorized Access, Disclosure of Information, Data Modification, Denial of Service (DoS), Execution of Arbitrary Code
 
The Office of U.S. Trade Representative has elevated a trade complaint by asking for the World Trade Organization to establish a dispute settlement panel to rule on U.S. claims that China is unfairly restraining exports of rare earth materials used in electronics and other products.
 
Novell iPrint Client Multiple Remote Code Execution Vulnerabilities
 
Philipp Humm has resigned as CEO of T-Mobile US, the fourth-largest U.S. mobile operator, and will be replaced by Chief Operating Officer Jim Alling on an interim basis.
 
IBM this year won't be awarding pay raises to its executives as well as some of its workers.
 
Google announced the Nexus Q streaming device, which will streaming movies and music from the cloud and will compete with direct Apple TV.
 
As expected, Google on Wednesday announced a $199, 7-in. tablet called Nexus 7 that will run on Android 4.1, a.k.a. Jelly Bean.
 
Google has taken the wraps off the next version of its Android operating system, known as Jelly Bean, which adds improvements to search, voice typing and notifications.
 
Take control of the virtual machines in your data center with these 5 simple rules. Insider (registration required)
 
Microsoft will launch on Wednesday a version of its Office 365 cloud collaboration and communication suite that is specifically aimed at K-12 schools and universities.
 
Customer relationship management (CRM) software is generally hard to get excited about, but Jeff Strachan a founder of Footprints Recruiting[1], an English as a second language (ESL) placement agency, verges on evangelical. And little wonder: Being burdened with a legacy system built using forms in Microsoft Outlook and being burnt by the lock-in of proprietary software would be enough to make an open source evangelist out of most people.
 
SugarCRM Community Edition 'unserialize()' Multiple PHP Code Execution Vulnerabilities
 
Zend Framework 'Zend_XmlRpc' Class Information Disclosure Vulnerability
 
IBM is joining hands with the Lawrence Livermore National Laboratory to develop new technology, products and processes critical to the U.S. infrastructure in an effort to boost the global competitiveness of the country.
 
The General Court of the European Union has rejected Microsoft's appeal of a 2008 European Commission antitrust ruling, but has reduced the fine Microsoft must pay to $1.1 billion.
 

Network World

Federal tech outlook: Cloudy with a chance of information assurance
Network World
As this comparison of DIACAP and DIARMF from the Infosec Institute shows, a series of unified standards are now going to be applied across the entire ...

 

Anonymous declares war on Japan
GlobalPost (blog)
#anonymous #anonfamily #infosec #media #mp3 #bittorrent #rt,” read a tweet posted Wednesday morning. More from GlobalPost: LulzSec hacker indicted by ...

and more »
 
Patent litigation caused by "non-practicing entities" (NPEs), better known as "patent trolls," cost U.S. software and hardware companies $29 billion in 2011, according to a study from the Boston University School of Law.
 
Armed men drove a stolen van loaded with gas canisters into the Microsoft Greece headquarters in Athens on Wednesday and set it on fire, causing damage to the building.
 
As Google prepares to unveil a highly-anticipated 7-in. tablet for $199 at Google I/O today, a big question lingers: Is the new Nexus 7 intended to take on the $199 Kindle Fire, or the highly popular $499 iPad?
 

GovInfoSecurity.com

Bargain Hunting Raises Infosec Awareness
GovInfoSecurity.com
Local and state governments improving their cyberthreat awareness could be the main benefit from a new program designed to help them save money in ...

 
Slow and steady can be positive virtues for games that deliver a constant drip of fun, but Mole Kingdom's botched pacing is so sluggish that you spend most of your time simply waiting for something to happen. Gradually expanding your subterranean domain just isn't that interesting to begin with, which further weights heavily on this dull time-waster from InfiGames.
 

ISC reader Yew Chuan reports that he is seeing a steady increase in probes to tcp/79 (finger). Our own DShield sensors confirm this observation, as is visible on the image below. It's been a while since we last had exploit attempts on tcp/79, and hardly anybody is using/running finger anymore these days. So .. what's up? Anyone got packets?
Update 1330 UTC: Scanning for tcp/79 has been seen by many ISCreaders, and most say the IPblocks it originated from are in China and Taiwan. No packets yet - looks like everyone has tcp/79 blocked, and only recorded the initial SYN.




(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
The General Court of the European Union has rejected Microsoft's appeal of a 2008 European Commission antitrust ruling, but has reduced the fine Microsoft must pay from a!899 million (US$1.1 billion) to a!860 million.
 
Hewlett-Packard has released an open source version of webOS that can be used on legacy TouchPad tablets, the Open webOS project team announced on Tuesday. The "Community Edition" enables users to learn how the TouchPad works and how to modify the device.
 
A federal court in California has blocked the sale of Samsung's Galaxy Tab 10.1 tablet in the U.S. in a patent dispute between Apple and Samsung. Samsung intends to appeal.
 
Chip maker MediaTek hopes to enable sub-$200 smartphones running the Android 4.0 operating system with its latest MT6577 dual-core processor, which the company announced on Wednesday.
 
From network services and storage to virtualization and private cloud, the beefy new Windows Server leaves no server role unturned
 
As top-tier infrastructure vendors bundle their hardware, the customer often comes out with less. Insider (registration required)
 
Predictive analytics involves both art and science, but getting started isn't for high rollers only. Here's how to ensure a successful outcome.
 
The General Court of the European Union has rejected Microsoft's appeal of a 2008 European Commission antitrust ruling, but has reduced the fine Microsoft must pay by 4% to $1.1 billion.
 
Twenty-four people arrested across eight countries in international cybercrime takedown.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
A federal court in California has blocked the sale of Samsung's Galaxy Tab 10.1 tablet in the U.S. in a patent dispute between Apple and Samsung.
 

Business Insider

A Huge Cyber War Is Being Waged Upon Britain
Business Insider
Please follow Military & Defense on Twitter and Facebook. Follow Walter Hickey on Twitter. Tags: INFOSEC, Military, Defense | Get Alerts for these topics » ...

 
Internet Storm Center Infocon Status