Hackin9
Namazu 'namazu.cgi' Multiple Directory Traversal Vulnerabilities
 

How to cope with information security job search challenges
TechTarget
True infosec professionals will still be a mix in the pack hoping to be selected, until their qualifications are recognized by a clearly defined profession. Hiring officials will continue to hire and scratch their heads trying to figure out why no one ...

 
Attackers are exploiting a new and unpatched vulnerability in Windows XP and Windows Server 2003 that allows them to execute code with higher privileges than they have access to.
 

Big data presents big security challenges, study finds
ComputerworldUK
Indeed, FedEx now allows employees to take an “InfoSec 101” course and “enterprise security awareness programme”. “A key strategy of the overall programme is educating employees on current threats and providing practical security tips they can apply ...

and more »
 
Claroline Multiple Cross Site Scripting Vulnerabilities
 

ITWeb Africa

High-profile speakers at 2014 Security Summit
ITWeb Africa
An in-depth insight into the failures of the infosec community will be presented by Charlie Miller, security engineer at Twitter and four-time winner of the CanSecWest Pwn2Own competition. Haroon Meer, founder of Thinkst, an applied research company ...

 
Prices of some laptops and tablets have already fallen as the holiday shopping season approaches, and more price drops are expected starting with Black Friday year-end sales in the U.S. this week.
 
KDE Okular PDB File Parsing RLE Decompression Buffer Overflow Vulnerability
 

Posted by InfoSec News on Nov 28

http://arstechnica.com/security/2013/11/new-linux-worm-targets-routers-cameras-internet-of-things-devices/

By Dan Goodin
Ars Technica
Nov 27 2013

Researchers have discovered a Linux worm capable of infecting a wide range
of home routers, set-top boxes, security cameras, and other consumer
devices that are increasingly equipped with an Internet connection.

Linux.Darlloz, as the worm has been dubbed, is now classified as a
low-level threat,...
 

Posted by InfoSec News on Nov 28

Best wishes to all on this holiday.

Please remember all those working and serving overseas
who cannot be with their families today.

Thanks!

Everyone @ InfoSec News
www.infosecnews.org
 

Posted by InfoSec News on Nov 28

http://jobs.siliconindia.com/career-news/99-Percent-Of-Indian-IT-Engineers-Lack-Secure-Programming-Skills-nid-157340.html

Silicon India
27 November 2013

Mumbai: Spelling alarm for the country's corporate and defense
establishments, a recent survey shows that less than one percent of Indian
IT students are skilled in secure programming.

The survey-cum-test "The Talent Crisis in InfoSec" was was conducted by
EC-Council, a...
 

Posted by InfoSec News on Nov 28

http://www.canada.com/news/Quebec+hacker+when+crippled+government+websites+gets+probation/9220389/story.html

BY SIDHARTHA BANERJEE
THE CANADIAN PRESS
NOVEMBER 27, 2013

MONTREAL - A Montreal hacker who was just 12 when he crippled several
provincial government websites and shared information in exchange for
video games has been sentenced to 18 months probation.

The 14-year-old pleaded guilty in October to attacks that occurred in 2012
at the...
 

Posted by InfoSec News on Nov 28

http://www.latimes.com/business/money/la-fi-mo-anthem-doctors-breach-20131125,0,4528975.story#ixzz2lvd0rfqG

By Chad Terhune
Los Angeles Times
November 25, 2013

In a departure from most medical privacy cases, Anthem Blue Cross said it
accidentally posted online Social Security or tax identification numbers
for about 24,500 California doctors.

[Updated 1:03 p.m. PST Nov. 25: An Anthem spokesman said Monday that
24,500 doctors were affected,...
 
ownCloud Admin Page Unspecified Security Bypass Vulnerability
 
Kimai 'db_restore.php' Security Bypass Vulnerability
 
RUCKUS WIRELESS Zoneflex 2942 CVE-2013-5030 Multiple Authentication Bypass Vulnerabilities
 
Toshiba has offered to buy the assets of OCZ Technology, a solid-state drive manufacturer on the verge of bankruptcy.
 
[HITB-Announce] #HITB2014AMS Call for Papers Now Open
 
RUCKUS ADVISORY ID 10282013 - User authentication bypass vulnerability in Ruckus Access Point's administrative web interface
 
[SECURITY] [DSA 2805-1] sup-mail security update
 
Internet Storm Center Infocon Status