JSON-C Weak Hash Function CVE-2013-6371 Denial of Service Vulnerability
JSON-C 'printbuf' API CVE-2013-6370 Denial of Service Vulnerability


Infosec 2014: Investment in cyber security a major selling point to potential ...
An organisation's investment in cyber security - particularly in the financial services field - is a major selling point for sales reps that are looking to lure in new clients, according to Michael Colao, the head of security at insurance firm AXA UK ...

and more »
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Hacks that allow spies, villains, or terrorists to manipulate traffic signals may seem like the exclusive province of action movies, but a well-known security researcher says they're not as far-fetched as many people may think.

Cesar Cerrudo of security penetration testing firm IOActive said he has identified more than 50,000 devices in New York, Washington DC, Los Angeles, and cities in at least seven countries around the world that can be hacked using inexpensive gear that's easy and—at least in the US—legal to obtain and operate. The equipment Cerrudo used included a drone flying at heights of 650 feet and radio hardware that sells for $100. With more sophisticated transmitters, antennas, and other hardware, he said an attacker could be as far away as two miles from the targeted signals.

In a blog post published Wednesday, he wrote:

Read 6 remaining paragraphs | Comments

[security bulletin] HPSBPI03031 rev.1 - HP Officejet Pro X Printers, Certain Officejet Pro Printers, Remote Disclosure of Information
[security bulletin] HPSBST03016 rev.2 - HP P2000 G3 MSA Array Systems, HP MSA 2040 Storage, and HP MSA 1040 Storage running OpenSSL, Remote Disclosure of Information
[SECURITY] [DSA 2915-2] dpkg security update
[security bulletin] HPSBMU03024 rev.1 - HP Insight Control Server Deployment on Linux and Windows running OpenSSL with System Management Homepage and Systems Insight Manager, Remote Disclosure of Information
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2014-1532 Use After Free Memory Corruption Vulnerability
The National Institute of Standards and Technology (NIST) has released an update to a document that helps computer administrators maintain the security of information traveling across their networks.The document, NIST Special Publication ...
Jason Chen has been Acer's CEO for about 100 days, but he's already making major changes at the company as he boosts efforts to diversify beyond PCs and turn around years of financial and operational instability.
Facebook will extend its advertising business by distributing ads from its marketers to third-party mobile apps.

The State Department unveiled Wednesday that it is widely employing social media as a method to counter online violent extremism from Al-Qaeda and others.

Buried in an intelligence report published Wednesday, the government said that the Center for Strategic Counterterrorism Communications (CSCC), established in 2011, last year produced more than 10,000 online postings globally, some of which included one of 138 government-produced videos.

"CSCC's programs draw on a full range of intelligence information and analysis for context and feedback. CSCC counters terrorist propaganda in the social media environment on a daily basis, contesting space where AQ and its supporters formerly had free rein. CSCC communications have provoked defensive responses from violent extremists on many of the 249 most popular extremist websites and forums as well as on social media," said the document, Country Reports on Terrorism 2013 (PDF).

Read 4 remaining paragraphs | Comments

The jury deciding the $2.2 billion patent-infringement lawsuit between Apple and Samsung began its first full day of deliberations trying to tackle the question of what Steve Jobs said when he decided to sue Samsung and whether he also wanted to go after Google.
DreamWorks CEO Jeffrey Katzenberg said movies will eventually have a three-week release window after which the public will pay to see them based on screen size.
FreeBSD Security Advisory FreeBSD-SA-14:09.openssl [REVISED]
Critics who say a new U.S. Federal Communications Commission proposal to restore net neutrality rules is too weak are increasing pressure on the agency to reclassify broadband as a regulated, common-carrier service like the traditional telephone network.
Ever looked at an app and decided not to try it because you didn't want to share your data? Facebook is trying to remove that stumbling block with a new service called anonymous log-ins that was announced Wednesday.
ESA-2014-029: RSA® Access Manager Sensitive Information Disclosure Vulnerability
Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence TC and TE Software
Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence System MXP Series
Google has clearly been concerned about growing efforts by several vendors to create forked versions of Android to differentiate their high-end smartphones from the pack.
Mobile computing and workplace collaboration experts offer advice on how you can boost communication and productivity among your mobile employees.
Google will no longer scan the email messages of students and other school staff who use its Google Apps for Education suite, exempting about 30 million users from the chronically controversial practice for Gmail advertising.
Ubuntu indicator-datetime Package 'src/service.c' Local Security Bypass Vulnerability
LSE Leading Security Experts GmbH - LSE-2014-04-10 - Sitepark IES - Unauthenticated Access
[security bulletin] HPSBGN03010 rev.3 - HP Software Server Automation running OpenSSL, Remote Disclosure of Information


Infosec 2014: Threat knowledge is key to cyber security, say experts
Infosec 2014: Threat knowledge is key to cyber security, say experts · Infosec 2014: US tech dominance Europe's fault, says Mikko Hypponen · Interview: Nick Roberts, president of Socitm and IT group manager · View All News. Sponsored News; Six ...
FBI bigwig pleads for help from ISPs in fight against cyber crimeComputing

all 3 news articles »


Infosec 2014: BlackBerry customers showing “tremendous interest” in new BES ...
Vice-president of security product management and research at BlackBerry, Michael K Brown, spoke to Computing at the Infosec conference in London today, saying that the EZ Pass scheme, which launched at the start of this month, had experienced ...

SEC Consult SA-20140430-0 :: SQL injection and persistent XSS in the Typo3 3rd party extension si_bibtex
Syhunt Advisory: CGILua session.lua Predictable Session ID Vulnerability
Heartbleed Testing Server
[SECURITY] [DSA 2918-1] iceweasel security update

We've received multiple reports regarding impact to UltraDNS services which are allegedly the result of a 100Gb/s attack on one of their customers, which in turn is causing latency for others. Monitor #ultradns for the time being as no official report has been released yet by UltraDNS. One reporting party did indicate that they learned that the management of UltraDNS had said that one of their customers was being attacked and that they black-holed that customer to get back on trend. Resolver nodes around the world are resetting.

We'll update here as we learn more.

Update as of 1045 PST: UltraDNS is still not stable as customers are still having intermittent DNS resolution failures

Update as of 1100 PST: UltraDNS still propagating changes from the attack this morning and hope to be complete as of approximately 11:30 PST. Intermittent issues still remain for customers. Always a bit ironic when those who sell DDoS protection are themselves adversely impacted by DDoS. :-)

Update as of 1240 PST: Direct quote from Neustar UltraDNS - "Currently, the Neustar UltraDNS Operations and Security teams continue to work with our Tier One Providers to further refine upstream mitigations within the Carriers networks. Additionally, the Neustar team is working on adding additional UltraDNS Name Servers into active mitigation. The DDoS traffic continues to shift attack vectors and our teams are working on altering countermeasures to insure stability of
service as quickly as possible.
At Neustar, we are committed to providing the highest levels of performance and reliability through the products and solutions we deliver. Please feel free to contact our 24x7 UltraDNS Support Team at [email protected] with any questions or concerns.

Update as 1400 PST: "The Neustar UltraDNS Operations and Security teams have the majority of the UltraDNS customer base in mitigation on our DDoS mitigation
network. Currently, only customers utilizing a segment of UltraDNS Name Server addresses (PDNS1-PDNS6) are experiencing resolution latency due to intermittent network saturation in the Western US. We continue to aggressively refine mitigations for these customers and hope to have the issue resolved shortly.

NOTE: Customers are indicating that Neustar UltraDNS has been providing constant updates (5 or 6 now) which should be seen as a positive response to a difficult situation.

Russ McRee | @holisticinfosec

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Cybercriminals stole debit card information from customers of dozens of financial institutions in a phishing campaign that combined rogue text messages and with VoIP calls.
Taking a step into the rapidly emerging market for software-defined storage, Red Hat has agreed to acquire Inktank, the company behind the Ceph open-source storage system, for approximately $175 million in cash.
LinuxSecurity.com: Security Report Summary
LinuxSecurity.com: The Date and Time Indicator would allow unintended access.
LinuxSecurity.com: New mozilla-thunderbird packages are available for Slackware 14.1 and -current to fix security issues. [More Info...]
LinuxSecurity.com: New mozilla-firefox packages are available for Slackware 14.1 and -current to fix security issues. [More Info...]
LinuxSecurity.com: An updated Adobe Flash Player package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having Critical [More...]
LinuxSecurity.com: An updated firefox package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Critical [More...]
LinuxSecurity.com: An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having [More...]
LinuxSecurity.com: Firefox could be made to crash or run programs as your login if itopened a malicious website.
Google Chrome Multiple Security Vulnerabilities
Unitrends Enterprise Backup Multiple Security Vulnerabilities
FreeBSD Security Advisory FreeBSD-SA-14:09.openssl
FreeBSD Security Advisory FreeBSD-SA-14:08.tcp
FreeBSD Security Advisory FreeBSD-SA-14:07.devfs
Battery life has never really been the iPhone's strength, though it has improved since 2007, the year the first iPhone was released. The original iPhone got about eight hours of talk time, according to Apple, while the latest Apple smartphone, the iPhone 5s, gets about 10 hours talk time. The first iPhone had a 1440mAh battery and the iPhone 5s has a 1570mAh battery. Capacity only increased by 12 percent during the last six years, according to ZDNet.com, while average life increased by 25 percent.
In the world of tech and non-tech managerial roles, if you want a seat at the big table or you have aspirations of greatness, then certain leadership skills are necessary to take you to the next level. But how can you actualize leadership and define what makes a great leader? We spoke with authors, industry and IT career experts to find out what you can do to build your leadership skills to world-class.
Enterprises have an average 461 cloud apps running in their organizations (nine to 10 times IT's estimates), according to some reports. Line-of-business managers hesitate to bring in the CIO out of fear of being blocked. If CIOs can remove this fear, everyone, it turns out, benefits.


Infosec 2014: EU cybercrime head blames TOR for making it difficult to catch ...
Troels Oerting, the head of the European Cybercrime Centre (EC3), has blamed the "darknet" for making it difficult to catch cyber-criminals in his keynote speech to Infosecurity Europe in London. Furthermore, he added, the revelations of former US ...
Infosec 2014: Cyber safety will take joint effort, says top EU cyber copComputerWeekly.com
Cuffing darknet-dwelling cyberscum is tricky. We'll 'disrupt' crims instead ...Register
Infosecurity Europe 2014 > Security Can Be A Business EnablerInfosecurity Magazine
SC Magazine UK
all 13 news articles »
Cisco Adaptive Security Appliance (ASA) Software CVE-2014-2182 Denial of Service Vulnerability
Sony has developed a magnetic tape material that can store data at 148 gigabits per square inch, roughly 74 times the density of standard tapes.


Infosec 2014: Word document threat intelligence not good enough - Santander
Threat intelligence providers that pass on Word documents which detail what an organisation's threats are and how it can best tackle them are most likely not good enough, according to Santander's head of operational risk unit, Michael Paisley. Speaking ...

and more »

SC Magazine UK

Infosec 2014: US tech dominance Europe's fault, says Mikko Hypponen
Infosec 2014: US tech dominance Europe's fault, says Mikko Hypponen · Software developers suffer as IT companies endure rising insolvencies · Oracle updates Solaris, but is its server strategy sound? View All News. Sponsored News; Six considerations ...
Security guru: You can't blame EDWARD SNOWDEN for making US clouds ...Register
Europe needs to build its own cloud servicesPC Pro

all 7 news articles »

University brings infosec courses to London
Help Net Security
The University of South Wales is to open a Centre in the heart of London's Docklands financial district where it will deliver a range of professional level courses in information and cyber security, it has been announced at Infosecurity Europe 2014.

and more »
Sony has developed a magnetic tape material that can store data at 148 gigabits per square inch, roughly 74 times the density of standard tapes.
The pace of change is too slow for most people now alive to see parity in their lifetimes.
LG Electronics has sent out invites to an event on May 27, at which the company is expected to launch its next flagship smartphone, the G3, as well as the Android Wear-based G Watch.
Hewlett-Packard is partnering with Foxconn, the Taiwanese manufacturing giant best known for producing Apple's iPhone, to tackle the growing market for low-cost servers in cloud data centers.
Cisco Unified Contact Center Express CVE-2014-2180 Arbitrary File Upload Vulnerability


Infosec 2014: make IT security a personal issue for staff, say CISOs
Security chiefs at Infosecurity Europe 2014 urged companies to raise awareness of cyber security by simply talking to employees about how to protect their own home PCs and laptops. Channel 4 CISO Brian Brackenborough explained that the security team ...

IT can never take all the risk out of a supply chain, but it can help organizations minimize their vulnerability in a world of new threats.
Target is upgrading the security of its store-branded payment cards and making other network improvements as it seeks to restore confidence after one of the largest-ever data breaches last year.
Microsoft's research division has developed a keyboard that can interpret basic hand gestures, potentially bridging a gap between touch devices and more traditional input methods.
EMC will give users a peek at its progress toward software-defined storage next week at EMC World in Las Vegas, demonstrating a virtualized VNX array developed under a program called Project Liberty.
National correspondent Julia King reports the mood is feisty at this year's CITE Conference & Expo.
Microsoft is bringing its Xbox One to China this September after the nation recently ended a ban on foreign-made video game consoles.
3D printing will become a mainstream production method within a decade as the range of industrial applications skyrockets and printer speeds double or triple.

Posted by InfoSec News on Apr 30


By Jennifer Granick

Yesterday afternoon, the White House put out a statement describing its
vulnerability disclosure policies: the contentious issue of whether and
when government agencies should disclose their knowledge of computer
vulnerabilities. The statement falls far short of a commitment to network
security for all and fails to...
If smartwatch development can be thought of in terms of dance crazes, the next phase might become the Twist.
Ecava IntegraXor Account Information Disclosure Vulnerability
Cisco Unified Communications Manager CVE-2014-2184 Information Disclosure Vulnerability
Cisco Unified Communications Manager CVE-2014-2185 Information Disclosure Vulnerability

Infosec 2014: Datacentre security key to cloud security, says Google
The security challenges of the cloud are fundamentally the same as those of any in-house datacentre, says Peter Dickman, engineering manager at Google. This means securing data in both can be tackled in the same way, he told attendees of Infosecurity ...

and more »

Posted by InfoSec News on Apr 30


By S. Sotans
April 29, 2014

Best IT Security Certifications 2014: the 10 top paying

The global threat to core IT infrastructure by hackers has created the
conditions for security certification skills. When enterprise systems
networks are violated by way of internet service providers (ISP) or
unauthorized access to designated user login credentials,...

Posted by InfoSec News on Apr 30


By Editor
The Lithuania Tribune
April 29, 2014

Lithuania’s military intelligence said on Tuesday it last year found
spying software in computers used to process information related with
Lithuania’s domestic and foreign policy, as well as energy.

In a report, the Defence Ministry’s Second Investigation Department also
said it had...

Posted by InfoSec News on Apr 30


By Robert Lemos
MIT Technology Review
April 29, 2014

After causing widespread panic and changing of passwords, the Heartbleed
bug has largely disappeared from the news. Yet the implications of the
discovery are still being debated across the computer industry. The
biggest concern for security experts is how to preëmpt other flaws lurking
in the Internet’s...

Posted by InfoSec News on Apr 30


By Arjun Kharpal

State-backed hackers are aiming to create "war-like activities" that could
harm economic growth in Europe, the region's cybercrime chief warned on

The stark warning from Troels Oerting, head of the European Cybercrime
Center and assistant director at law enforcement agency Europol, comes as
governments and law enforcement agencies...
Internet Storm Center Infocon Status