Hackin9
Stunnel CVE-2014-0016 PRNG Initialization Weakness
 
Oracle MySQL Server CVE-2014-4240 Local Security Vulnerability
 
Oracle MySQL Server CVE-2014-4243 Remote Security Vulnerability
 
Oracle MySQL Server CVE-2014-2484 Remote Security Vulnerability
 
Oracle MySQL Server CVE-2014-4233 Remote Security Vulnerability
 

Podcast: Explaining CISSP value to infosec pros
TechTarget
Many have cast doubt on whether the CISSP curriculum teaches the skills today's infosec pros need, whether the CISSP exam fairly assesses practitioners' knowledge and skills, and even whether the CISSP exam is necessary when demand for security ...

 
JPMorgan Chase CEO Jamie Dimon said attacks were "going to be non-stop." It looks like he was right.

The electronic attack on JPMorgan Chase’s network, now under investigation by federal law enforcement, apparently spanned months, according to a report by Bloomberg News. Starting in June, hackers used multiple custom-crafted bits of malware to infiltrate the bank’s infrastructure and slowly shipped bits of bank transaction data back out through computers in several countries before it was sent onward to Russia.

The attack, which went on for more than two months before being detected by JPMorgan in a security scan, bears the fingerprints of similar long-game attacks against corporate targets by cybercriminals from Eastern Europe, some of whom have developed capabilities more advanced than state-sponsored hackers. While the details obtained by Bloomberg’s Jordan Robertson and Michael Riley are sparse, the information provided by their sources is consistent with attacks on a number of European banks earlier this year.

While the FBI and National Security Agency are reportedly investigating whether the attack came from Russian state-sponsored hackers—or at least state-sanctioned ones—in retaliation for sanctions against Russia, making that connection will be difficult at best. It seems more likely, based on recent security reports, that the attacks were criminal in nature—but relied on tools and techniques that may have a mixed provenance, using methods honed in attacks on other banks and on government targets for financial gain.

Read 8 remaining paragraphs | Comments

 
Cisco Intelligent Automation for Cloud CVE-2014-3352 Remote Information Disclosure Vulnerability
 
Cisco Intelligent Automation for Cloud CVE-2014-3349 Arbitrary File Upload Vulnerability
 
Cisco Intelligent Automation for Cloud CVE-2014-3350 Open Redirection Vulnerability
 
LinuxSecurity.com: Multiple vulnerabilities have been discovered in Apache HTTP Server, the worse of which could lead to execution of arbitrary code or a Denial of Service condition
 
LinuxSecurity.com: Multiple vulnerabilities have been discovered in PHP, the worst of which could lead to remote execution of arbitrary code.
 
LinuxSecurity.com: A vulnerability in Libgcrypt could allow a remote attacker to extract ElGamal private key information.
 
LinuxSecurity.com: Multiple vulnerabilities have been discovered in GNU Libtasn1, the worse of which can allow a context-dependent attacker to cause a Denial of Service condition.
 
LinuxSecurity.com: A vulnerability in file could result in Denial of Service.
 
LinuxSecurity.com: Certain applications could be made to crash or run programs as anadministrator.
 
LinuxSecurity.com: Security Report Summary
 
LinuxSecurity.com: Squid could be made to crash if it received specially crafted networktraffic.
 
LinuxSecurity.com: Security Report Summary
 
LinuxSecurity.com: Updated ror40-rubygem-activerecord packages that fix one security issue are now available for Red Hat Software Collections 1. Red Hat Product Security has rated this update as having Important security [More...]
 
LinuxSecurity.com: Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6.4 Extended Update Support. Red Hat Product Security has rated this update as having Important security [More...]
 
LinuxSecurity.com: Security Report Summary
 
PhpWiki Ploticus Module Command Injection Vulnerability
 

5 things infosec can learn from adventure games
Help Net Security
Unfortunately, in infosec we don't have a common way of evaluating security controls – there is no such thing as a +3 firewall, for example. However, we can come up with our own factors to evaluate countermeasures so we can objectively compare one ...

 
Sierra Library Services Platform Multiple Vulnerability Disclosure
 
Internet Storm Center Infocon Status