Hackin9
Graphite 'pickle.loads()' Multiple Remote Code Execution Vulnerabilities
 
Several recent IPOs and eBay's $800 million cash offer for payments startup BrainTree this week highlight what looks like a burgeoning market for tech initial public offerings and mergers and acquisitions.
 
Judges and police investigators are on track to submit about the same number of requests to Microsoft for end user data this year as they did in 2012, according to figures released Friday.
 
Hackers backed by Iran have penetrated an unclassified U.S. Navy network in one of the most serious incidents of cybercrime yet by the Middle East nation, according to a report Friday.
 
A looming U.S. government shutdown could mean smaller paychecks for some government IT workers and contractors, as well as renegotiated contracts for some IT vendors.
 
Google is still tussling with a scary and disconcerting glitch that caused its IM apps to route messages to the incorrect recipients.
 
Google faces financial sanctions in France after failing to comply with an order to alter how it stores and shares user data to conform to the nation's privacy laws.
 
About 100 public advocacy and other groups plan to stage what they hope will be a big rally in Washington D.C. to protest the the controversial National Security Agency surveillance programs disclosed by document-leaker Edward Snowden in June.
 
It was 30 years ago today -- which is to say Sept. 27, 1983 -- that the seeds were planted for both Linux and the open source software movement, though neither is called that name by the man who help set both of them into motion, the irascible Richard Stallman.
 
Shares of solid-state storage vendor Violin Memory plunged more than 17 percent on the company's first day of trading Friday, but analysts said the market for flash storage remains hot.
 
Facebook wants to make its ads less annoying to users by only showing them what they want to see, even if it means a dip in ad exposure for some marketers.
 
Linux Kernel CONFIG_HID Local Memory Corruption Vulnerability
 
On its 15th anniversary, Google has grown from its early days as a search engine company to a powerhouse not only in the high-tech world but in the mainstream world as well.
 
efficiency within the computer product. With all the boosting rivals involving system products and services, it happens to be getting complex in order to p at the summit that are available that�s exactly why they may be working with quite a few ways of attraction mobile or portable buyers. Boosting insanity among the families allows cell production items, that will create high-tech mobile phone. Easy form of long term contract person in many cases can satisfy the expenditure connected with state-of-the-art together with really expensive phones. By making usage of on-line wireless websites, buyer may well comfortably discover perfect business deals without the need of throwing away occasion and additionally cash. Inside promote variety of legal contracts can be purchased however , just about all cellular legal agreements aren't bargain several of the plans secure extravagant with all the growing add-on bills. To find typically the capability involving long term contracts, buyer should hint typically the suitable piece of content within the apprehensive interact service providers. There are lots of plan deals are offered for example �?calendar year / 1 year or so / 1 plus �?years of age / 2 years of age not to mention 3 years of age. Soon after putting their signature to all the plan, visitor meet the requirements in order to use gives similar to totally free link, free of cost cell phone products, cost-free talktime moments, zero cost any number of text, absolutely free saving, free of cost access to the internet, complimentary telephone coverage, free of charge mind, immediate cash again, cost-free solar battery and others. Many gift ideas plus online games are readily available aided by the arrangement that include FM Transmitter, Nintendo wii console Furthermore Instrument, home entertainment structure, camera, Sony Apply r / c, Lexmark lazer printer, Developers game titles, Van Product, GHD Straightner, ipod devices Shuffle, mp3 Nano/touch from 8/16/32/64 GB, De Dre Headphone, and so forth. Getting low-priced mobile phone has turned out to be straightforward when wide selection of cellphones offers will there be which have been displaying completely unique together with unique features. Above and beyond a lot of trinkets and will be offering, client will be able to like luxury uses that include much better stereo system which will will be able to have fun numerous document forms, training video poker player is as well built-in; end user might visited nevertheless and also transferring shots comfortably by means of the improved upon stereo system that can come using geo-tagging, autofocus, DIRECTED Show, Happy and even facial area sensors; An individual may readily accessibility web-based and additionally up-date the profile through incorporated modern advances prefer WLAN, SIDES, HSCSD not to mention GPRS. Inexpensive Phone - Applied Cellular phone PhonesWhen you are interested in bargain devices thus you happen to be in a position to afford to pay for a very costed approach, look at buying applied cellphone. Most people stress which will inexpensive phone will not be just like unique Website page Moreover handsets, although they normally are competitive with completely new. At any phone you happen to be checking out by Web page And is going to be to some degree employed, all of which own minimal utilize. Guarantee that his phone you acquire will be from the organization of which inspects all the phone in order that you determine what you might be covering not to mention acquiring only just what you are looking. Whenever you secure Website page In addition affordable cell phones on the web by a stash the fact that primarily advertises some sort of applied telephone, one allow environmental surroundings by means of attempting to keep low-cost handsets due to crap breakup with. AN IMPORTANT implemented mobile phone isn't biodegradable because plastic materials that happen to be generated for the telephone don't break-up within the potting soil after awhile. This is unhealthy with the conditions. Therefore don't forget to invest in a put to use Webpage Also telephone, , nor discard your current classic telephones. Other cellular phones is recycled possibly intended for sections. This may continue to keep most of cellular phones outside landfills and additionally in any appropriate put alternatively. Mobiles ought not to be kept around acreage floods. One of many serious things you have to know prior to you obtain a Site In addition to put to use cell is without a doubt who you simply must make sure the internet site you choose isn't really the swindle. There are numerous internet websites along these lines that can under no circumstances phone that you' mobile, or maybe will certainly market a cracked telephone. Just about every single smartphone could be set not to mention scrutinized. The top web-sites should discover the actual telephone for yourself. This suggests you are willing to develop made use of cellular telephone through no matter service you need for the top rate. You shall not often be tied to exactly what insurance company you receive. You should utilize such low-cost mobile handsets by using whichever transporter you choose. Simply because you have an important made use of phone without having a deal. Internet page In addition to is exhilarating for that since you payg. Gaining a particular jailbroke cellular phone will help you to make use of Document Also relating to whatever cellular. Splendid affordable cell phone that's user-friendly and uncomplicated, you'll want to find a implemented mobile. It is possible to lower your costs using this method simply by without the need to get yourself a system with a costly cellular telephone enterprise which may basically mean you can make use of ones own transporter. In general, having a made use of mobile would be the most commodious method to uncover low cost mobile handsets. You could have no matter what cellphone you're looking for because of when and additionally utilize it by using Webpage Furthermore. This particular is fun for environmental surroundings and you simply need to verify acquire it all along at the best site just for choosing a new oven chosen phone. Make big savings and perhaps make cash in the event you advertise your own previous cellphone. A quality time frame, you will not are interested a brand new cellphone again. Economical Searching Opportunities designed for Artist ClothesAre that you simply type mate? Do you really think of by yourself using up to date design in addition to trendy dress accents? Will searching for recognized garments use the majority of your financial budget also, you are frequently forgotten using an unload jean pocket? Therefore it�s moments to alter a task retail outlet to be able to expend a lot less and even keep additional. Currently, every thing is now digitalized in accordance with only a click solo mouse click, it is easy to. christian louboutin outlet
 
Respected analyst firm Gartner is set to recommend that all BlackBerry enterprise customers find alternatives to the struggling vendor's smartphones and enterprise management software over the next six months.
 
Ford announced it will acquire Livio, a startup that makes smartphone-to-car connectivity software. Ford plans to use the IP to standardize its vehicles' link to mobile devices.
 
With new DDR4 memory, computers will be faster next year but users will likely pay a premium on the price of the technology.
 
A recently announced and yet-to-be-patched vulnerability that affects all versions of Microsoft Internet Explorer (IE) has been exploited in targeted attacks against organizations in Taiwan since the beginning of July, according to security researchers.
 
Germany's Federal Patent Court invalidated an Apple photo-management patent because Steve Jobs showed how the technology worked during a keynote months before the company applied for the patent in Europe.
 
Respected analyst firm Gartner is set to recommend that all BlackBerry enterprise customers find alternatives to the struggling vendor's smartphones and enterprise management software over the next six months.
 
Astium PBX 'logon.php' Multiple SQL Injection Vulnerabilities
 
Cisco IOS XR Software CVE-2013-5498 Denial of Service Vulnerability
 
Curiosity, NASA's Mars rover, has discovered there is water in the soil today after earlier finding evidence of ancient water flows on the Martian surface.
 
LinuxSecurity.com: Several security issues were fixed in the kernel.
 
LinuxSecurity.com: Several security issues were fixed in the kernel.
 
LinuxSecurity.com: Several security issues were fixed in the kernel.
 
LinuxSecurity.com: Several security issues were fixed in the kernel.
 
LinuxSecurity.com: Updated polkit packages fix security vulnerability: A race condition was found in the way the PolicyKit pkcheck utility checked process authorization when the process was specified by its process ID via the --process option. A local user could use this [More...]
 
LinuxSecurity.com: Multiple vulnerabilities have been found in Squid, possibly resulting in remote Denial of Service.
 
LinuxSecurity.com: A vulnerability in klibc could allow remote attackers to execute arbitrary shell code.
 
LinuxSecurity.com: Multiple vulnerabilities have been found in Dropbear, the worst of which could lead to arbitrary code execution.
 
LinuxSecurity.com: Several security issues were fixed in the kernel.
 
LinuxSecurity.com: Several security issues were fixed in the kernel.
 
LinuxSecurity.com: Several security issues were fixed in the kernel.
 
LinuxSecurity.com: Several security issues were fixed in the kernel.
 
Cisco Systems has patched 10 vulnerabilities that could impact the availability of devices using various versions of its IOS software.
 
Touch-enabled Windows notebooks and Chrome OS-powered Chromebooks contributed to better-than-expected PC sales during the back-to-school period and may hint at a less dismal holiday-selling season than once thought, a retail analyst said.
 

A vulnerability affecting older versions of Google's Android operating system may make it possible for attackers to execute malicious code on end-user smartphones that use a wide variety of apps, researchers said.

The weakness resides in a widely used programming interface known as WebView, which allows developers to embed Web-based content into apps used for banking, entertainment, and other purposes. Many apps available on the official Google Play market don't properly secure the connection between the WebView component on a phone and the Web content being downloaded, researchers from UK-based MWR Labs recently warned. That makes it possible for attackers who are on the same open Wi-Fi network as a vulnerable user to hijack the connection and inject malicious code that can be executed by the phone.

"The lowest impact attack would be downloading contents of the SD card and the exploited application's data directory," the researchers wrote in an advisory published earlier this week. "However, depending on the device that was exploited this could extend to obtaining root privileges, retrieving other sensitive user data from the device or causing the user monetary loss."

Read 11 remaining paragraphs | Comments


    






 
While Iceland has long been touted as an ideal spot for a data center, companies have been slow to take advantages of its climate, renewable energy and government incentives. Risk Management Solutions, though, jumped at the chance to put its new cloud environment on the Nordic island.
 
The health insurance marketplaces mandated by the Obama administration's Affordable Care Act are scheduled to open for business in four days. Yet even before the sites launch, tech problems are emerging.
 
Apple yesterday released an iOS 7 software update that fixes a security flaw that let users bypass the iPhone lockscreen to access a range of onboard information and online accounts.
 
The iOSphere this week was filled with iPhone 6 demands, revelations, assertions, and advice, most of it aimed at Apple.
 
IBM Eclipse Help System CVE-2013-0464 Cross Site Scripting Vulnerability
 
HTC is selling back the remainder of its stake in Beats Electronics, shedding its financial ties to the headphones vendor in a partnership that did little to help turn the smartphone maker's fortunes around.
 

BankInfoSecurity.com

Previewing a Government Shutdown
BankInfoSecurity.com
With the prospect of a partial federal government shutdown on Oct. 1, and its implications for IT security, it's worth considering what occurred in Minnesota two years ago, when a similar budget squabble between Democrats and Republicans shuttered ...

and more »
 
BlackBerry confirmed on Friday its $965 million net operating loss in the second quarter, following low interest in the Z10 smartphone.
 
glibc and eglibc CVE-2013-4788 Buffer Overflow Vulnerability
 
The first draft of anything is terrible, Ernest Hemingway once said (though in slightly more colorful language). Facebook is applying some similar thinking and allowing users to edit their posts.
 
Mobile operators would have to tell the public what percentage of their cell sites were working during and after major disasters if the FCC adopts a rule it is proposing in the wake of Hurricane Sandy.
 
Pay-as-you-drive insurance plans, where premiums are based on an individual's actual driving habits, pose a potential privacy risk for motorists, a recent study has found.
 
A federal judge allowed a class-action suit against Google to proceed, saying the company's terms of service are unclear when describing how it scans Gmail content in order to deliver advertisements.
 
The U.S. mobile industry would be more competitive with one less carrier, Sprint's CFO said on Thursday.
 
Microsoft has said a new way of reporting its financial results will be better aligned with its corporate reorganization and offer more insight into its business.
 
Microsoft has announced the general availability of multifactor authentication on its Windows Azure cloud platform.
 
Employees of the U.S. National Security Agency spied on 'unfaithful' husbands, boyfriends and girlfriends using surveillance technology of the agency, according to a letter from the NSA to a U.S. Senator.
 
IT hiring by the federal government is trending downward, with fewer jobs posted each month this year than last year, according to a Computerworld analysis of employment data.
 
Cisco Unified Computing System CVE-2012-4088 Hardcoded Password Security Bypass Vulnerability
 
Oracle Java SE CVE-2013-0439 Remote JavaFX Vulnerability
 

Posted by InfoSec News on Sep 27

Forwarded from: Marjorie Simmons <lawyer (at) marjoriesimmonsesq.com>

A Friday muse for the equinox:

As everyone not living under a rock now knows, the NSA is an APT (advanced
persistent threat): "[t]hrough covert partnerships with
tech companies, the spy agencies have inserted secret vulnerabilities into
encryption software."
http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security

According to the...
 

Posted by InfoSec News on Sep 27

http://www.csoonline.com/article/740396/spear-phishing-poses-threat-to-industrial-control-systems

By John P. Mello, Jr.
CSO Online
September 26, 2013

While the energy industry may fear the appearance of another Stuxnet on
the systems they use to keep oil and gas flowing and the electric grid
powered, an equally devastating attack could come from a much more mundane
source: phishing.

Rather than worry about exotic cyber weapons like Stuxnet...
 

Posted by InfoSec News on Sep 27

http://www.darkreading.com/risk/five-habits-it-security-professionals-ne/240161795

By Tim Wilson
Dark Reading
September 25, 2013

CHICAGO -- (ISC)2 Congress 2013 -- If security professionals want to take
their craft in new directions, then they need to stop thinking in old
ways, experts said in a panel here Tuesday.

In a panel, entitled "Cyber Security -- Where the Industry Is Headed Next
Year and Beyond," seven industry leaders...
 

Posted by InfoSec News on Sep 27

http://elevenmyanmar.com/national/3539-myanmar-to-reform-national-cyber-security-team

Eleven
26 September 2013

Myanmar will reform its national cyber security response team, according
to Myanmar Computer Federation (MCF).

The team known as Computer Emergency Response Team (MMCERT), along with
the with MCF, aims to cooperate with the International Telecommunication
Union and other organisations to improve Myanmar's cyber security....
 

Posted by InfoSec News on Sep 27

http://www.standard.co.uk/news/crime/london-schoolboy-secretly-arrested-over-worlds-biggest-cyber-attack-8840766.html

By MARTIN BENTHAM
London Evening Standard
26 September 2013

A London schoolboy has been secretly arrested over the "world's biggest
cyber attack" as part of an international swoop against a suspected
organised crime gang.

The 16-year-old was detained by detectives at his home in south-west
London after...
 
[SECURITY] [DSA 2765-1] davfs2 security update
 
Re:joomla com_zimbcomment Components Local File Include vulnerability
 
APPLE-SA-2013-09-26-1 iOS 7.0.2
 
Linux Kernel CVE-2013-2889 Heap Buffer Overflow Vulnerability
 
Linux Kernel CVE-2013-2899 NULL Pointer Dereference Denial of Service Vulnerability
 
Linux Kernel CVE-2013-2895 NULL Pointer Dereference Denial of Service Vulnerability
 
Linux Kernel CVE-2013-2892 Heap Buffer Overflow Vulnerability
 
Internet Storm Center Infocon Status