InfoSec News

The credit card giants tell banks that a third-party payment processor may have been breached, causing the loss of tens of thousands of card numbers.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
PCWorld Business Center's "In Your Bag" series takes an intimate look at the essential tech gear that small-business leaders carry with them.
The wait for a new iPad ordered online from Apple stretches one to two weeks, but customers can walk into a company store now and buy a tablet, according to a stock sampling on Friday.
Qualcomm is preparing a quad-core version of its Snapdragon S4 chip for thin and light Windows 8 laptops, which the chip maker hopes will steal some thunder from Intel's second wave of ultrabooks due later this year.
Dell said this week it is expanding its virtual desktop offerings into the cloud through a partnership with another company.
PHP 'symlink()' 'open_basedir' Restriction Bypass Vulnerability

Fake Anti-Virus isn't enough, now we also have to contend with fake Microsoft reps! This scam has been going on for a while, but continues to be rampant, which suggests that it is quite successful for the bad guys.
ISC reader Fred received such a call earlier today. The caller claimed to be from the Tech department of Windows and asked Fred to open the event viewer via run command, to check for errors or warnings. Of course there were some errors (it is Windows, after all :-), but the alleged techie then theatrically exclaimed You indeed have the deadly errors .. and proceeded to ask Fred to connect to www.ammyy.com and launch a remote desktop app. Fred, savvy security guy that he is, went there with Firefox and Noscript, and while Fred was still launching Wireshark to capture the next steps, the alleged Windows techie got cold feet, and hung up.
Bottom line: If tech support calls you without you having opened a ticket with them first, be veeery suspicious. Chances are high it is a scam. (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
With disappointing earnings numbers, the departure of its former co-CEO and more layoffs looming like a dark cloud, RIM's new CEO is initiating a corporate shakeup that could have a lasting impact on the beleaguered handset maker.
Multiple Vendors libc 'regcomp()' Stack Exhaustion Denial Of Service Vulnerability
VMware ESXi and ESX Local Privilege Escalation Vulnerability
Sitecom WLM-2501 Multiple Cross Site Request Forgery Vulnerabilities
VMware High-Bandwidth Backdoor ROM Overwrite Privilege Elevation
Analysts are divided on the value of a reported plan by Google to sell its Android tablets in an online store, saying such a store wouldn't help Google cut significantly into the 65% tablet market share that Apple's iPad holds.
Two U.S. agencies seized 270 websites in 2011 for alleged copyright infringement, but just 22 of those sites were targeted for digital piracy, with the rest allegedly selling counterfeit products, according to the annual report from the government's intellectual-property enforcement coordinator.
[ MDVSA-2012:045 ] gnutls
Intuit Help System Protocol File Retrieval
Intuit Help System Protocol URL Heap Corruption and Memory Leak
Traffic-law violators in Long Beach, California, have gotten to keep a little more money in their wallets, as the municipality has failed to collect US$17.6 million in outstanding parking violation fees due to an "antiquated" software system, according to a report released this week by city auditor Laura Doud.
Both Visa and MasterCard Friday are acknowledging a possible data breach of a payment-card processing company network that, once an investigation is completed, could show that sensitive data from cardholders was stolen and payment fraud committed due to the break-in.
As many as 10 million users of VISA and MasterCard may have had their card numbers compromised in what sources in the financial sector are calling a "massive" breach of a U.S.-based credit card processor.
Mac users are nearly three times more likely to be running an early version of the OS X Mountain Lion operating system than PC owners testing Microsoft's Windows 8, the Chitika online ad network said today.
Intel this week said it was investing in the development of a "superchip" for high-performance computing systems that the company hopes will raise its supercomputing profile.
Multiple AntiVirus Products CVE-2012-1461 GZIP File Scan Evasion Vulnerability
Multiple AntiVirus Products CVE-2012-1442 ELF File Scan Evasion Vulnerability
Multiple AntiVirus Products CVE-2012-1429 ELF File Scan Evasion Vulnerability
So Google may enter the tablet fray directly by marketing its own Android challenger to the iPad while also licensing the OS to hardware partners. What makes it likely to succeed, after its Nexus phones online experiment failed?
It looks as though Google will offer users 5GB of free cloud storage space on its new Drive service.
The Storage Networking Industry Association is forming a task force to tackle interoperability issues related to PCIe-based solid-state drives. So far, 50 industry representatives have agreed to participate.
The cyber-criminal gang that operated the recently disabled Kelihos botnet has already begun building a new botnet with the help of a Facebook worm, according to security researchers from Seculert.
PHP 5.4/5.3 deprecated eregi() memory_limit bypass
Bitsmith PS Knowbase 3.2.3 - Buffer Overflow Vulnerability
We have just discovered a very large amount of mainly Australian based credit cards that have been obtained from an unknown source by an unknown hacker.



Who Decides How to Allot Infosec Funds?
... the Information Security Forum investigates, clarifies and resolves key issues in information security and risk management, by developing best practice methodologies, processes and solutions. Who Decides How to Allot Infosec Funds ?

and more »
Low labor costs and a growing reliance on automation will ensure Apple supplier Foxconn's newly announced efforts to reduce overtime for its employees and hire extra workers has no effect on product prices, according to analysts.
Google has announced a new way for online news publishers to gate access to their premium content, by requiring would-be readers to fill in a survey first.
The European Telecommunications Standards Institute (ETSI) has decided to postpone a vote on a specification for nano-SIMs, after a row erupted between Apple and the backers of a competing proposal, Nokia, Research In Motion (RIM) and Motorola Mobility.
Europe's Justice Commissioner said this week that interior ministers are the biggest obstacle to data protection laws in the E.U.
Various Hackers have been targeting the Venezuela government over the past few weeks, Its not the first time we have seen attacks on this government and they always seem to come in constant runs then go quiet for a while.

Pulling off laptop-free business travel requires new hardware, a handful of apps and some extra planning. Here's how to make it work.
Micron Technology has reached an agreement to settle a lawsuit filed by Oracle over an alleged conspiracy to increase DRAM prices, it said on Thursday.
Ukrainian authorities have shut down a long-running forum that was used to trade tips on writing malicious software, a sign the country's law enforcement may be watching hackers more closely.
The startup Bump Labs threw its hat into the crowded mobile payments ring on Thursday, launching an app that allows people to exchange money by tapping their phones together.
An investigation by the Fair Labor Association into factories operated by Apple supplier Foxconn in China found poor working conditions and worker abuse, leading Foxconn to pledge it will make improvements.
A hacker using the handle stennis1 on pastebin has dumped a few leaks in the past weeks, one being ducatindia which is a IT company that provides a range of different services and based in India.

@AnonOpsRomania has taken revenge on Afghanistan by attacking the Independent Election Commission of Afghanistan website iec.org.af and leaking database data.

A dating site directed at military personal has been hacked and as a result has had a large amount of data leaked. The leak which comes from LulzSecReborn has the following message.


No, this isn't about the Mayan calendar, and that particular instance of End of the World is anyway not scheduled to happen until December 21st.
This is about March 31st, and the announcement by Anonymous, or those who claim to be Anonymous, to wipe out the DNS root servers with a Distributed Denial of Service (DDoS) attack on March 31. Cricket Liu, the author of most of the O'Reilly DNS books and an authority on the subject, has posted a good blog entry at http://www.cricketondns.com/post.cfm/could-a-ddos-attack-against-the-roots-succeed, explaining in-depth that while such an attack is theoretically feasible, it is unlikely to succeed at a large scale.
We'll have to see. If DNS stops working tomorrow, we at least only have to live without it until December 21st, when the world will end for good anyway :). (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Posted by InfoSec News on Mar 30


The New York Times
March 29, 2012

SAN FRANCISCO - A breach of computers belonging to companies in Japan
and India and to Tibetan activists has been linked to a former graduate
student at a Chinese university - putting a face on the persistent
espionage by Chinese hackers against foreign companies and groups.


Posted by InfoSec News on Mar 30


By Alastair Stevenson
27 Mar 2012

Oxford University has launched a cross-departmental Cyber Security
Centre designed to improve online security.

The university said the centre will work to create new ways to protect
internet users and companies' information, in the face of the increasing
threat from cyber criminals...

Posted by InfoSec News on Mar 30


Japan Today
March 30, 2012

SEOUL - Two young hackers have been arrested in the Netherlands and
Australia in a multinational operation prompted by tips from a South
Korean student, police said Thursday.

A 17-year-old Dutch boy and an Australian teenager were arrested last
week in their own countries on suspicion of hacking into servers in nine
nations, South...

Posted by InfoSec News on Mar 30


The Secunia Weekly Advisory Summary
2012-03-22 - 2012-03-29

This week: 92 advisories

Table of Contents:

1.....................................................Word From Secunia...

Posted by InfoSec News on Mar 30


By Lucian Constantin
IDG News Service
March 29, 2012

Security researchers have encountered new email-based targeted attacks
that exploit a vulnerability in Microsoft Office to install a remote
access Trojan horse program on Mac OS systems.

The rogue emails appear to target Tibetan activist organizations and
distribute booby-trapped...
Internet Storm Center Infocon Status