Hackin9

Cyber-Security SANS Frontières: An Interview with Lance Spitzner
Infosecurity Magazine
Unsurprisingly, he had plenty to say on the infosec skills shortage. “The unemployment rate in cyber-security is around 0%. Within the last couple of years organizations have started hiring for cyber-security because everyone is getting hacked and ...

and more »
 

A number of online services were impacted by what has been referred to by multiple sources as a redirection attack by Syrian Electronic Army (SEA) emanating from the Gigya CDN. The issue was described as follows: Gigya explained that earlier today at 06:45 EST, it noticed sporadic failures with access to our service. The organization than found a breach at its domain registrar, with the hackers modifying DNS entries and pointing them away from Gigyas CDN domain, instead redirecting to their own server, which distributed a socialize.js file, namely the pop-up seen by everyone. Affected sites included Verizon, The Telegraph, The Independent, Forbes, Time Out, PC World, The Evening Standard, CNBC, and others.

The resulting pop-up simply stated Youve been hacked by the Syrian Electronic Army.">| font-family: ">@holisticinfosec

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
WordPress Password Check Denial of Service Vulnerability
 
WordPress Multiple Unspecified Cross Site Scripting Vulnerabilities
 
Raritan PowerIQ Multiple SQL Injection Vulnerabilities
 
[ MDVSA-2014:233 ] wordpress
 
Libksba 'ksba_oid_to_str() Function Buffer Overflow Vulnerability
 
Squid 'src/icmp/Icmp4.cc' Remote Denial of Service Vulnerability
 
D-Bus CVE-2014-7824 Incomplete Fix Denial of Service Vulnerability
 
[SECURITY] [DSA 3078-1] libksba security update
 
MantisBT Captcha System Security Weakness
 
[KIS-2014-13] Tuleap <= 7.6-4 (register.php) PHP Object Injection Vulnerability
 
WordPress wpDataTables Plugin 'wpdatatables.php' SQL Injection Vulnerability
 
GNU glibc CVE-2014-7817 Arbitrary Command Execution Vulnerability
 
Icecast CVE-2014-9018 Information Disclosure Vulnerability
 
WordPress wpDataTables Plugin Multiple Arbitrary File Upload Vulnerabilities
 
Ruby CVE-2014-8090 Incomplete Fix XML External Entity Denial of Service Vulnerability
 
[ MDVSA-2014:232 ] glibc
 
[ MDVSA-2014:231 ] icecast
 
[ MDVSA-2014:230 ] kernel
 
FortiManager and FortiAnalyzer CVE-2014-2334 Multiple Cross Site Scripting Vulnerabilities
 
FreeBSD CVE-2014-8475 Remote Denial of Service Vulnerability
 
Linux Kernel cpio 'list_file()' Function Heap Based Buffer Overflow Vulnerability
 

Infosec Fail: 94% of ICO Notices are Result of Poor Security
Infosecurity Magazine
UK privacy watchdog the Information Commissioner's Office (ICO) has handed out £2.17 million in fines over the past 22 months, with a staggering 94% of notices issued as a result of organizations' poor information security, according to a new report.

and more »
 
Internet Storm Center Infocon Status