InfoSec News

Mozilla Firefox/Thunderbird/SeaMonkey Ogg Vorbis Files Memory Corruption Vulnerability

Big Data Could Create Compliance Issues
Dark Reading
And when it does, infosec professionals need to be ready for the security and compliance complications that it could potentially introduce. So what exactly is big data? In a nutshell, it's a data set that's too big to be crunched by traditional ...

and more »
Salesforce.com will include some new analytics capabilities at no additional cost with the Enterprise and Unlimited editions of its CRM (customer relationship management) software, following complaints from customers who argued that the features should have been used to fill long-standing gaps in the products' core functionality, not sold separately.
Amazon said flooding in Thailand and economic problems in Europe weighed on its financial results for the fourth quarter but it also said it was pleased with the results, which disappointed investors.
Cisco Systems developed its latest enterprise access point with corporate bring-your-own-device policies in mind, aiming to give tablets and smartphones as well as traditional workplace devices strong and consistent performance.
Microsoft may try to revive support for Hyper-V in OpenStack as the community considers removing the code -- which one OpenStack developer called broken and unmaintained -- from the stack.
In a move to help administrators rid their networks of disparate personal email archives, Microsoft has released a tool for finding and importing Outlook PST files into modern Exchange environments. The tool will also help Microsoft rid itself of the archiving format, which it no longer sees as necessary.
Mozilla has released Firefox 10, inclusive of critical security fixes.

VMware has also released the following new and updated securityadvisories:

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Symantec has retracted its don't-use-pcAnywhere recommendation to owners of the remote access software.
Oracle executives gave a more detailed picture of their plans to integrate technologies gained through October's $1.5 billion acquisition of RightNow, maker of cloud-based software for customer service through the Web, social networks and contact centers.
The U.S. Federal Communications Commission has approved an overhaul to its Lifeline program, which subsidizes telephone service for poor people, with the goals of saving money and allowing the subsidy to go toward broadband service.
Let's say you like to watch heady documentaries over Netflix's streaming service and would like to share recommendations with your friends on Facebook. Netflix would like to offer that service, but the company says a 24-year-old U.S. law is in the way.
Mozilla today patched eight vulnerabilities in Firefox as it shipped the latest iteration in its rapid release schedule.
Semiconductor industry revenue will grow at a slow pace this year due to struggling economies worldwide, lower spending and sluggish demand for products, research firm IHS iSuppli said in a study released on Tuesday.
Research In Motion said its 'Be Bold' cartoon superheroes unveiled in a recent blog infographic were 'intended to be a bit of fun' and are not a new ad campaign.
Efforts are intensifying to retrieve data belonging to users of Megaupload's online storage service following the company's dramatic shuttering by U.S. law enforcement authorities this month.
Beta version of IBM Endpoint Manager for Mobile Devices supports Apple iOS, Google Android, Symbian and Microsoft Windows Phone devices.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

Presented By:
The next level in education with NEC
  We bring you tailor-made solutions built on an in-depth understanding of your unique needs. Learn how NEC?s solutions and expertise in voice and data communications, networks and data storage can elevate your performance at www.nec.com/education

Ads by Pheedo

The banking Trojan variant Cridex can break CAPTCHA tests in just a few attempts, allowing it to create malicious email accounts used for spamming and propagating the virus.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
Apple CEO Tim Cook made his first major hire yesterday since taking over the company in August, bringing in the CEO of a struggling British electronics chain to lead Apple's own retail operation.
While ERP projects go awry for many reasons, each incident reveals its own set of troublesome repercussions, financial and otherwise.
If political candidates want to make any traction in this year's election, they better use Twitter, says Dick Costolo, CEO of the social networking firm.
Nimbus today announced an enterprise-class version of its all-NAND flash primary storage array that sports redundant controller modules and twice the capacity of the previous model.
SeaMicro on Tuesday announced a new microserver that incorporates 256 Xeon processor cores to enable faster delivery of data for Internet-based activities such as social media or search.
In a letter sent to eight members of Congress, Google yesterday defended its move to consolidate its privacy policies and users' personal information.
Many IT departments are struggling with Apple's "take it or leave it" attitude, based on discussions last week at MacIT, which is Macworld|iWorld's companion conference for IT professionals.
[SECURITY] [DSA 2399-2] php5 regression fix
[SECURITY] [DSA 2399-1] php5 security update
VMSA-2012-0001 VMware ESXi and ESX updates to third party library and ESX Service Console
Research in Motion's tumultuous year seems to keep getting worse, as ridicule springs up over a company blog post and graphic featuring so-called "Be Bold" superheroes -- an apparent attempt to boost the appeal of its RIM Bold smartphones to the youth market.
President Barack Obama faced perhaps his toughest and most direct question ever on the H-1B program by a Texas woman during an online town hall Monday.
[security bulletin] HPSBUX02724 SSRT100650 rev.3 - HP-UX Running System Administration Manager (SAM), Local Increase in Privilege
[security bulletin] HPSBUX02737 SSRT100747 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (DoS)
[security bulletin] HPSBMU02738 SSRT100748 rev.1 - HP Network Automation Running on Linux, Solaris, and Windows, Remote Unauthorized Access
[SECURITY] [DSA 2398-1] curl security update

IT Governance launches a new CISSP Accelerated Training Programme
EIN News (press release)
This is clearly evident in the many job adverts for infosec managers where CISSP, CISM and experience in ISO27001 always seem to be listed". "The secret to passing the CISSP exam is to ensure that each candidate has a comprehensive knowledge of the ...

IBM on Tuesday announced plans to buy Worklight, a move that will give it a range of cross-platform mobile application development technologies. Terms of the deal, which is expected to close in the first quarter, were not disclosed.
Have security suites reached the point where they all work?
The European Commission is investigating the way Samsung Electronics licenses its patents on technology essential to mobile communications networks, concerned that it may be in breach of European competition law.
Hewlett-Packard has updated its Discovery and Dependency Mapping Advanced (DDMA) software package so it will allow administrators to map their IT assets in the cloud.
Toshiba and Fujitsu, two of Japan's largest tech companies, both said Tuesday they booked deep losses during the October-December quarter, blaming a spike in component costs caused by Thai flooding and a tough market for consumer electronics.
Symantec warns that its product should not be connected directly to the Internet, yet an estimated 140,000 computers are configured to allow direct external access
From a Windows app store to support for new wireless protocols, Windows 8 introduces a host of new features. Some will benefit consumers, some businesses -- and some, perhaps, nobody.
Apple has appealed a Chinese court ruling last December that rejected its ownership of the iPad trademark in the country and could expose the company to trademark infringement lawsuits from a local company.

A call for a new standard in infosec training and awareness
Infosecurity Magazine (US)
“Why,” asks Julian Fraser, a director at Data Eliminate Ltd, “are we unable to translate the term 'infosec' from the world of academia and technologist into business and civil society language so that we all start paying appropriate attention to the ...

and more »
All of the big trends in IT right now -- cloud computing, mobile solutions and the consumerization of IT -- look good for Apple as it slowly worms its way into the enterprise. Columnist Ryan Faas explains why it's happening now.
Linux Kernel GFS2 'fs/gfs2/file.c' Local Denial of Service Vulnerability
Xen SAHF Emulation Denial of Service Vulnerability
Salesforce.com on Tuesday unveiled a new SaaS (software as a service) help-desk application called Desk.com that can reach end users through social networks like Facebook and Twitter.
A court in California rejected Oracle's bid to use a fraud claim to undo an agreement to support the Itanium processor, that it is said to have made with Hewlett-Packard.
Oracle Sun Solaris CVE-2012-0100 Local Security Vulnerability
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Posted by InfoSec News on Jan 30


By Michael A. Riley and Sophia Pearson
Jan 30, 2012

China-based hackers looking to derail the $40 billion acquisition of the
world’s largest potash producer by an Australian mining giant zeroed in
on offices on Toronto’s Bay Street, home of the Canadian law firms
handling the deal.

Over a few months beginning in September 2010, the hackers...

Posted by InfoSec News on Jan 30


By Andy Greenberg

Even more embarrassing than a student discovering your GPS tracking
device on his car, as the FBI found out last year, is having to ask him
to give the expensive piece of equipment back.

So security researcher Brendan O’Connor is trying a different approach
to spy hardware:...

Posted by InfoSec News on Jan 30


By George V. Hulme
January 30, 2012

Two recent studies show that if organizations simply focused on IT
security basics, they'd make great strides in reducing their risk of
embarrassing, avoidable and often costly data breaches.

Security firm Imperva examined attack trends across 40 applications and
monitored millions of attacks that targeted web...

Posted by InfoSec News on Jan 30


By Grant Gross
IDG News Service
January 30, 2012

The U.S. and U.K. are relatively well prepared for cyberattacks,
compared to many other developed nations, but everyone has more work to
do, according to a new cybersecurity study from McAfee and Security &
Defence Agenda (SDA).

The report, which ranks 23 countries on cybersecurity...

Posted by InfoSec News on Jan 30


By Ellen Nakashima and Lisa Rein
The Washington Post
January 29, 2012

The Food and Drug Administration secretly monitored the personal e-mail
of a group of its own scientists and doctors after they warned Congress
that the agency was approving medical devices that they believed posed

Big Data Could Create Compliance Issues
Dark Reading
And when it does, infosec professionals need to be ready for the security and compliance complications that it could potentially introduce. So what exactly is big data? In a nutshell, it's a data set that's too big to be crunched by traditional ...

and more »
Internet Storm Center Infocon Status