Information Security News
Beware of Super Bowl spam that may come to your email inbox this weekend. The big game is Sunday and the spam and phishing emails are pouring in complete with helpful links - back-ended by malware and/or credential harvesting of course.
Its worth a reminder friends and family if they see any emails about the Super Bowl that appears to be too good to be true to simply delete it. Be safe!
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Add PHP applications and the WordPress Web platform to the list of wares that may be susceptible to the critical Linux vulnerability known as Ghost.
As Ars reported Wednesday, the flaw resided in a variety of Linux distributions, including Centos/RHEL/Fedora 5, 6, and 7 Ubuntu 12.04, and possibly other versions. The buffer overflow made its way into those distributions through the GNU C Library, specifically in its gethostbyname() and gethostbyname2() function calls. The bug made it possible to execute malicious code by sending malformed data to various applications and services running on vulnerable systems. Proof-of-concept attack code was able to exploit the vulnerability in the Exim mail server, and researchers widely suspected clockdiff, procmail, and pppd were also susceptible.
Now, researchers from security firm Sucuri have expanded the list.
Posted by InfoSec News on Jan 30http://www.nextgov.com/cybersecurity/2015/01/beware-unwitting-insider-threat/104097/
Posted by InfoSec News on Jan 30http://www.wired.com/2015/01/chinas-new-rules-selling-tech-banks-us-companies-spooked/
Posted by InfoSec News on Jan 30http://www.intelligentutility.com/article/15/01/what-every-utility-should-know-about-new-physical-security-standard
Posted by InfoSec News on Jan 30http://www.csoonline.com/article/2877972/security-leadership/3-things-csos-can-learn-from-cpos.html
Posted by InfoSec News on Jan 30http://www.jamaicaobserver.com/news/OAS-hails-Jamaica-s-cyber-security-efforts_18310037