Hackin9

Intel buys Sydney infosec startup Sensory Networks for $21.5M
SC Magazine Australia
Sensory Networks sold its 200Gbps pattern matching technology to network equipment vendors and counted LG and Intel's McAfee and Secure Computing as customers. The company was founded in 2003 by Matt Barrie and engineers Geoff Langdale, ...

and more »
 

Intel buys Sydney infosec startup Sensory Networks for $21.5M
SC Magazine Australia
Sensory Networks sold its 200 Gbps pattern matching technology to network equipment vendors and counted LG and Intel's McAfee and Secure Computing as customers. The company was founded in 2003 by Matt Barrie and engineers Geoff langdale, ...

and more »
 
The cybercriminals behind ZeroAccess, one of the largest botnets in existence, have lost access to more than a quarter of the infected machines they controlled because of an operation executed by security researchers from Symantec.
 
Seagate Technology will demonstrate HAMR, a technology it's counting on to fit more data onto hard disk drives, at the Ceatec show this week.
 
Head-mounted computers like Google Glass are a useful way to view content and interact with the world on the move, but one drawback is the lack of a physical interface on which the user can click, drag or navigate content.
 
VMware ESX and ESXi CVE-2013-3658 Directory Traversal Vulnerability
 
Mozilla Firefox/SeaMonkey CVE-2013-1721 Integer Overflow Vulnerability
 
CVE-2130-5680, HylaFAX+ heap overflow, unchecked network traffic.
 
First-generation Surface owners have complained that Microsoft won't buy their used tablets to help them buy the new editions shipping in three weeks, but other markets can actually return more cash.
 
Now that many organizations see the utility in big data, BMC Software has provided a way to incorporate jobs from the Hadoop data processing platform into larger enterprise workflows.
 
After a recent fire at its memory plant in Wuxi, China, Hynix's DRAM supply is now not expected to be restored until the first half of 2014.
 
The arrival of Obamacare on Tuesday may make it easier for some employees to quit their full-time jobs to launch tech start-ups, work as a freelance consultant or pursue some other solo career path.
 
Last week's OpenWorld conference made on thing clear: Oracle remains committed to its next-generation Fusion Applications but massive growth in the product line is probably not around the corner.
 

CSOs face ongoing paradoxical challenges, according to report
CSO
Equally unhelpful is the fact that a very small percentage of InfoSec professionals even have the certification for secure software development. The scarcity of people with the skill set for app security "is also a problem," explained Julie Peeler ...

and more »
 
The U.S. Congress must act quickly on legislation that would make electronic data collection efforts by the U.S. National Security Agency more public, a group of tech firms, civil liberties groups and other organizations said Monday.
 
T-Mobile US remains the nation's fourth largest carrier, but stands to gain ground from sales of the new iPhone 5S and 5C.
 
What started as an expression of art by Berlin Artist Aram Bartholl to explore the relationship between the online and offline worlds, has caught on and become an enormous file sharing network based on thumb drives embedded in buildings and other objects.
 

A highly resilient botnet conservatively estimated to generate about $700,000 per year in fraudulent advertising revenue narrowly escaped a shutdown engineered by whitehats from security firm Symantec.

Symantec researchers have estimated that ZeroAccess, until recently a network of about 1.9 million infected computers, generates about 1,000 fraudulent clicks per day on each machine it controls. It also harnessed the electricity and hardware at the disposal of compromised machines to carry out the mathematical operations required to "mine" bitcoins. The unusually large footprint combined with the high collective cost on advertisers and PC owners made ZeroAccess one of the most menacing botnets in current circulation. Symantec researchers set out to "sinkhole" the botnet by taking control of the command-and-control mechanism botmasters use to send and receive data from individual bots.

But there was a challenge. ZeroAccess implements a peer-to-peer architecture that was designed to withstand takedown attempts. Unlike traditional botnets that use a relatively small number of servers to communicate with infected machines, these bots exchanged data with hundreds of their peers, which in turn exchanged data with hundreds of peers. The decentralized arrangement meant ZeroAccess was immune to traditional sinkholing operations that seize control of the IP addresses or domain names the bots access to receive instructions and software updates.

Read 7 remaining paragraphs | Comments


    






 
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-1726 Security Bypass Vulnerability
 

The tenets of infosec can help clamp down hypervisor security
TechTarget
Hypervisor security requires constant diligence to prevent systems from being compromised. By considering security measures at each level of your virtual infrastructure, you will be well on your way to reaching the goals of confidentiality, integrity ...

 
A piece of malware designed to launch brute-force password guessing attacks against websites built with popular content management systems like WordPress and Joomla has started being used to also attack email and FTP servers.
 
LinuxSecurity.com: txt2man could be made to overwrite files.
 
LinuxSecurity.com: Several security issues were fixed in the kernel.
 
LinuxSecurity.com: Several security issues were fixed in the kernel.
 
LinuxSecurity.com: libKDcraw could be made to crash if it opened a specially crafted file.
 
LinuxSecurity.com: Vino could be made to hang if it received specially crafted networktraffic.
 
LinuxSecurity.com: A vulnerability has been discovered and corrected in davfs2: Davfs2, a filesystem client for WebDAV, calls the function system() insecurely while is setuid root. This might allow a privilege escalation (CVE-2013-4362). [More...]
 
LinuxSecurity.com: Kingcope discovered that the mod_sftp and mod_sftp_pam modules of proftpd, a powerful modular FTP/SFTP/FTPS server, are not properly validating input, before making pool allocations. An attacker can use this flaw to conduct denial of service attacks against the system [More...]
 
LinuxSecurity.com: New seamonkey packages are available for Slackware 14.0 and -current to fix security issues. [More Info...]
 
LinuxSecurity.com: Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: [More...]
 
LinuxSecurity.com: Multiple vulnerabilities have been found in Xen, allowing attackers on a Xen Virtual Machine to execute arbitrary code, cause Denial of Service, or gain access to data on the host.
 
LinuxSecurity.com: Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, and SeaMonkey, some of which may allow a remote user to execute arbitrary code.
 
Xen CVE-2013-4356 Local Privilege Escalation Vulnerability
 
[ MDVSA-2013:244 ] davfs2
 
Current Ford Motor CEO Alan Mulally has moved into second place behind former Nokia chief Stephen Elop in the betting pool as the next Microsoft CEO, according to an Irish bookmaker.
 
For Dr. Bob Laskowski, president and CEO of Christiana Care Health System, technology means empowering physicians and patients.
 
Xen 'syscall/sysenter' Instruction Local Denial of Service Vulnerability
 
Open-Xchange Security Advisory 2013-09-30
 
Firefox for Android - Same-origin bypass through symbolic links
 
Security-savvy mobile-device users are increasingly casting a skeptical eye on public Wi-Fi, and now the vendor consortium behind the wireless standard wants to make logging in via that coffee shop network a bit safer.
 
HP this week is establishing an 'open' approach to SDN intended to accelerate programmable network deployments and stimulate demand for its switches and routers.
 
The vendor gets aggressive about enterprise flash arrays, but faces challenges in the data center
 
Xen CVE-2013-0154 Local Denial Of Service Vulnerability
 
[CVE-2013-5725] - Byword for iOS Data Destruction Vulnerability
 

SANS Institute Heads to Singapore for Asia Pacific ICS Security Summit and ...
Sacramento Bee
SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; it also operates the Internet's early warning system—the Internet Storm Center. At the heart of SANS are the many security ...

and more »
 
Chief technology officers can't be all about technology. Building trust with the rest of the C-suite should be a top goal.
 
What if you could scale your IT personnel requirements as you would computing resources? Using a workforce-as-a-service model lets you add a skilled, vetted and insured workforce when you need it and release it when you don't.
 
CEO Michael Friedenberg reads the signs of an enterprise tech industry that is unraveling before our eyes. But as one computing era ends, a new one (which IDC calls the third platform) is just beginning.
 
Intel has partnered with startup TSO Logic in a move that should give more companies tools to track how much power their server applications consume.
 
[slackware-security] seamonkey (SSA:2013-271-01)
 
Linux Kernel Patches For Linux Kernel Security
 
[SECURITY] [DSA 27671-1] proftpd-dfsg security update
 
Microsoft handed out nearly $60 million in stock grants to eight executives on the same day it filed papers with the U.S. Securities and Exchange Commission announcing that the board had authorized special incentives to keep senior management from jumping ship.
 
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0766 Use After Free Memory Corruption Vulnerability
 
[IBliss Security Advisory] Cross-site scripting ( XSS ) in PHP IDNA Convert
 
Apple has emerged as the most valuable brand in the world, passing Coca-Cola which held the top position for 13 years, according to a report released by brand consultancy Interbrand.
 
We look at three keyboard covers for the iPad Mini from Belkin, Logitech and Zagg. Which is best at protecting your screen while typing your data?
 
Dropping prices, fast processing speeds and more user-friendly designs have given a boost to this highly accurate biometric technology.
 
Sharp on Monday showed off its latest prototypes of a new type of display screen that it says brings several advantages over today's LCD screens.
 
[ MDVSA-2013:243 ] polkit
 
Most malware is mundane, but these innovative techniques are exploiting systems and networks of even the savviest users
 
The second commercial venture to ink a deal with NASA to run resupply missions to International Space Station successfully docked at the orbiting facility on Sunday.
 
Microsoft plans to make it easier for Wall Street and industry analysts to track revenue generated by the company's struggling Surface line of tablets.
 
Replacing silicon transistors with carbon nanotubes could make any electronic device -- smartphones, laptops, tablets and supercomputers -- smaller and more powerful.
 
The U.S. Dept. of Justice and IBM have settled charges the company posted job ads with a preference for visa holders, something the government says is discriminatory.
 
Oracle Java SE CVE-2013-0436 Remote JavaFX Vulnerability
 
[SECURITY] [DSA 2766-1] linux-2.6 security update
 

Posted by InfoSec News on Sep 30

http://www.thehindu.com/news/cities/Thiruvananthapuram/chief-minister-stresses-importance-of-cyber-security/article5182027.ece

By Staff Reporter
The Hindu
September 29, 2013

Chief Minister Oommen Chandy on Saturday said that the State Police
Department’s cyber security hub, Cyberdome, scheduled to come up at
Technopark would be a model in public private partnership.

Delivering the valedictory address at the International Cyber Security and...
 

Posted by InfoSec News on Sep 30

http://www.bbc.co.uk/news/uk-24321717

BBC News
29 September 2013

The UK is to create a new cyber unit to help defend national security, the
defence secretary has announced.

The Ministry of Defence is set to recruit hundreds of reservists as computer
experts to work alongside regular forces in the creation of the new Joint Cyber
Reserve Unit.

The new unit will also, if necessary, launch strikes in cyber space, Philip
Hammond said....
 

Posted by InfoSec News on Sep 30

http://www.scmp.com/news/hong-kong/article/1320250/virus-sends-data-belgian-leaders-computer-servers-hong-kong

Reuters and Lana Lam
SCMP.com
29 September, 2013

Hong Kong has been linked to new computer hacking allegations after the
Belgian government revealed that its prime minister had been the target of
a cyberattack using a virus that sent data to servers in the city.

Security experts investigating the computer network at the offices of...
 

Posted by InfoSec News on Sep 30

http://www.csoonline.com/article/740456/cybersecurity-should-be-seen-as-an-occupation-not-a-profession-report-says

By Steve Ragan
Staff Writer
CSO Online
September 26, 2013

A panel from the National Academy of Sciences, commissioned by the U.S.
Department of Homeland Security, says that cybersecurity should be seen as
an occupation and not a profession.

After being commissioned by the U.S. Department of Homeland Security, a
panel from the...
 

Posted by InfoSec News on Sep 30

http://arstechnica.com/tech-policy/2013/09/miss-teen-usas-webcam-spy-called-himself-cutefuzzypuppy/

By Nate Anderson
Ars Technica
Sept 27 2013

The sextortionist who snapped nude pictures of Miss Teen USA Cassidy Wolf
through her laptop's webcam has been found and arrested, the FBI revealed
yesterday. 19-year old Jared James Abrahams, a California computer science
student who went by the online handle "cutefuzzypuppy," had as...
 

Posted by InfoSec News on Sep 30

http://online.wsj.com/article/SB10001424052702304526204579101602356751772.html

By JULIAN E. BARNES and SIOBHAN GORMAN
The Wall Street Journal
September 27, 2013

WASHINGTON -- U.S. officials said Iran hacked unclassified Navy computers
in recent weeks in an escalation of Iranian cyberintrusions targeting the
U.S. military.

The allegations, coming as the Obama administration ramps up talks with
Iran over its nuclear program, show the depth...
 

Posted by InfoSec News on Sep 30

http://www.nytimes.com/2013/09/28/us/pressure-reported-in-rush-to-meet-security-clearances-including-edward-snowden-and-aaron-alexis.html

By TRIP GABRIEL
The New York Times
September 27, 2013

The calls and e-mails from top executives came toward the end of each
month, former managers at USIS recalled. The company needed to swiftly
complete investigating security clearances for the government in order to
reach its monthly revenue goal, the...
 
Internet Storm Center Infocon Status