InfoSec News

Less than a day after announcing plans to charge customers a $2 convenience fee for every online transaction, Verizon Wireless has announced that it will back off.
After a rollercoaster ride on the stock market, tech companies are ending the year just about where they started, despite strong and in some cases record sales and profits for IT bellwethers.
Greening your business has short-term effects that will save you money, let employees breathe better, and maybe even help land you a few more customers. These tips, sites, and kits can help your business go green for 2012.
Details of allegations of sexual harassment that ultimately caused Mark Hurd, now co-president at Oracle, to quit as CEO of Hewlett-Packard are now plastered across the Internet after a letter written on behalf of the complainant was unsealed by the Delaware Supreme Court Wednesday.
Bugzilla Cross Site Scripting and Security Bypass Vulnerabilities
DedeCMS Multiple SQL Injection Vulnerabilities
op5 Appliance Multiple Unspecified Remote Command Execution Vulnerabilities
SEC Consult SA-20111230-0 :: Critical authentication bypass in Microsoft ASP.NET Forms - CVE-2011-3416
Malware toolkits are being programmed with attacks that make the most business sense, say security experts. Automated toolkit users will have new capabilities to target specific groups and organizations.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
Hackers released another batch of data on Thursday pilfered from Stratfor Global Intelligence, a widely used research and analysis company whose website was attacked last weekend.
Microsoft .NET Framework CVE-2011-3416 ASP.NET Forms Authentication Bypass Vulnerability
Akiva WebBoard 'name' Parameter SQL Injection Vulnerability
Texas Instruments Golden Gateway MXP Denial of Service Vulnerability
[ MDVSA-2011:197 ] php
[SECURITY] [DSA 2263-2] movabletype-opensource security update
[SECURITY] [DSA 2376-1] ipmitool security update
You don't need an electrical engineering degree to properly install a cooler on your CPU. As is the case when installing many PC components, however, the procedure involves some subtleties that can have a measurable impact on the computer's performance.
First, let's get the obvious out of the way: In 2012, cameras will become smaller, more powerful, and more specialized. Meanwhile, smartphone cameras will continue to improve at a blistering pace, approaching the imaging capabilities and features found in stand-alone cameras of a few years ago. Over the next 12 months, you can expect another great round of "phones versus cameras."
Consumerization of IT is the consensus choice of the new year's major technology force, one that will manifest itself in several forms
Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
Researchers have released two tools that can take advantage of a weakness in a system designed to let people easily secure their wireless routers.
Google+ membership is accelerating, and the young social network is now adding 625,000 users a day with over 62 million in total, a researcher has estimated.
As Google works to make its Google+ social network a major competitor to market leader Facebook, the battle between the two could reach a critical point in 2012, analysts say.

Posted by InfoSec News on Dec 30

2011 is a year I'd love to forget (as I would bet all the firms that were
compromised this year would too) I'll raise a toast, hoping that in 2012
security will improve. However, my experience working in the industry and
moderating InfoSec News over the years tells me that things will remain the
same, if not get worse. Only the names and dates seem to change.

I am still looking for a new security opportunity either in Chicagoland...

Posted by InfoSec News on Dec 30


By Karen Idelson
Dec. 28, 2011

In a saga worthy of a Hollywood thriller, allegations of email hacking
and industrial espionage have surfaced in the camera industry in a
lawsuit filed by digital camera maker Red against rival Arri.

In the suit filed Dec. 21 in federal court in Orange County, Calif., Red
accuses Arri of stealing technical details and development plans for Red

Posted by InfoSec News on Dec 30


By Ericka Chickowski
Contributing Editor
Dark Reading
Dec 29, 2011

As mobile marketers have latched onto the convenience and cool-factor of
QR codes, hackers are starting to take advantage of these square,
scannable bar codes as a new way to distribute malware. Like all mobile
attack vectors, it is a new frontier that security...

Posted by InfoSec News on Dec 30


By Gregg Keizer
December 29, 2011

Hackers armed with a single machine and a minimal broadband connection
can cripple Web servers, researchers disclosed Wednesday, putting
uncounted websites and Web apps at risk from denial-of-service attacks.

In a security advisory issued the same day, Microsoft, whose ASP...

Posted by InfoSec News on Dec 30



BEIJING, Dec. 30 (Xinhua) -- China's ten major search engines have
agreed to put banks' official homepages at the top of search results for
related queries in a move to curb cyber scams, according to a statement
from the Ministry of Public Security on Friday.

The move was jointly pushed by the ministry, banking industry
organizations and...

Posted by InfoSec News on Dec 30


By Meghan Kelly
December 29, 2011

Stuxnet has been called the most sophisticated computer worm ever
created. We know there are siblings to the malware which took down
Iran’s nuclear centrifuges, but now Kaspersky labs is saying there may
be up to four other worms in the family tree.

In 2010, Stuxnet infiltrated Iran’s nuclear program. The highly capable
malware targets an...

Posted by InfoSec News on Dec 30


The Secunia Weekly Advisory Summary
2011-12-22 - 2011-12-29

This week: 20 advisories

Table of Contents:

1.....................................................Word From Secunia...

Posted by InfoSec News on Dec 30


By Aliya Sternstein

Recent and future government victims of the hacker collective Anonymous
may want to stop using agency passwords on nonwork websites, say
officials with the Arizona Department of Public Safety, which learned
that lesson the hard way.

During the weekend, hacker activists purportedly from Anonymous leaked
the apparent passwords and some credit card...
Internet Storm Center Infocon Status