Story

Vulnerability revealed in diagnostic dongles used for vehicle tracking and insurance that lets them take control using just an SMSResearchers have hacked a car, remotely activated its windscreen wipers, applied its brakes and even disabled them, all via simple text messages.

Team of Guardia Civil officers to provide escort for walkers on ancient route to cathedral after reports of harassment and disappearance of American pilgrimFor hundreds of years, pilgrims have trekked along Spain’s Camino de Santiago to the cathedral at Santiago de Compostela, believed to be the final resting place of St James.But this year, pilgrims and hikers have a police escort for part of the way, with a team of five Guardia Civil police officers on horseback covering up to 18 miles a day of the ancient Catholic pilgrimage. Continue reading...

Comments

Arch Linux has updated ppp (denial of service).Debian has updated subversion (two vulnerabilities).Debian-LTS has updated opensaml2 (denial of service).Fedora has updated elasticsearch(F22: multiple vulnerabilities), lxc (F22; F21: twovulnerabilities), and rubygems (F22: DNS hijacking).

Location of current incumbent unknown... Anyone seen Art Gilliland lately? HP has called on channel sales veteran Sue Barsamian to take charge of the enterprise security products unit in the software division amid the breakup of the corporation.…

Design NewsBy Rob SpeigelOver the last five years, the DuPont Co. has regularly monitored all aspects of the security of its Sabine River Works plant on the Gulf Coast of Texas. The plant produces ethylene copolymers used in plastic packaging. The monitoring process began with a full security assessment. The assessment focused heavily – though not exclusively – on cyber threats.

Government sources tell NBC News that Chinese attack targeted personal emails of ‘all top national security’ officials just days after Pentagon hackThe ongoing saga of successful foreign hack attacks on government databases continued Monday with news of another break-in allegedly perpetrated by China.Just days after the reported spear-phishing attack on the Pentagon’s joint staff email system, which exposed some 4,000 civilian and military employees and is believed to have been sponsored by Russia, anonymous government sources told NBC News that a separate set of Chinese hack attacks targeted the personal emails of “all top national security and trade officials”. Continue reading...

Researchers from FireEye Labs have unearthed multiple vulnerabilities in the fingerprint scanner implementations of several Android handsets. The group's research paper was presented at the Black Hat conference last week, and it describes several vulnerabilities, some of which had the potential to allow for remote background collection of fingerprints. We say "had," because it should be noted that all of the companies mentioned have patched the issues presented in the paper. Other, non-manufacturer-specific vulnerabilities could still be exploited.Android's fingerprint authentication framework originally provided only weak security. Fingerprint data was only as secure as the kernel iself—an attacker who manages to gain root access to the device can read fingerprints. Companies are starting to use ARM's TrustZone functionality , ...Read more...

CentOS has updated firefox (C7; C6; C5: information leak).Debian has updated activemq(denial of service) and opensaml2 (problemwith previous update).Debian-LTS has updated xmltooling (denial of service).Fedora has updated community-mysql (F22; F21: unspecified vulnerabilities) and firefox (F22; F21: information leak).Mageia has updated cacti (MG4,5:multiple vulnerabilities), firefox (MG4,5:information leak), ghostscript (MG4,5:buffer overflow), libunwind (MG4,5: bufferoverflow), lxc (MG5: two vulnerabilities),and wordpress (MG4: multiple vulnerabilities).Oracle has updated firefox (OL7; OL6; OL5: information leak).Red Hat has updated firefox(RHEL5,6,7: information leak).Scientific Linux has updated firefox (SL5,6,7: information leak).Slackware has updated firefox(information leak) and nss (information leak).

Comments

Comments

Comments

The city is nearly one year into its pilot project to have food allergy injectors in local malls — but so far, no one has needed it.

Comments

Arch Linux has updated firefox (information leak) and wordpress (multiple vulnerabilities).Debian has updated kernel (multiple vulnerabilities).Debian-LTS has updated openssh(two vulnerabilities) and remind (buffer overflow).Fedora has updated drupal6-cck (F22; F21:unspecified vulnerability), lighttpd (F22; F21: loginjection), mantis (F22; F21: information disclosure),opensaml-java (F22; F21: missing host name verification),opensaml-java-openws (F22; F21: missing host name verification), and openstack-swift (F22: arbitrary object deletion).Oracle has updated kernel 3.8.13 (OL7; OL6:information leak), kernel 2.6.39 (OL6; OL5: twovulnerabilities), and kernel 2.6.32 (OL6; OL5: two vulnerabilities).Ubuntu has updated firefox(15.04, 14.04, 12.04: information leak) and openjdk-6 (12.04: multiple vulnerabilities).

Today's high-level Android vulnerability is called Certifi-gate. As you might have guessed, it gets its name from an underlying problem with the way the operating system handles digital certificates in the context of remote support tools (RSTs). The vulnerability can let an attacker gain full control over a victim's device.Here's roughly how it goes. A bog-standard RST app will usually ask for a normal set of user permissions, but it also needs to install a plugin with elevated permissions so it can perform its tasks. While the RST is digitally signed by its ...Read more...

The capability dynamically inspects and validates all DNP3 communications, adding previously unavailable security to counter vulnerable pathways in the SCADA systems used by most water and electric utilities.

New figures buried in SEC filing, which also shows Apple chief executive gained the security team in 2014Tim Cook’s security expenses cost Apple almost $700,000 (£450,000) a year, according to new figures filed with America’s securities and exchange commission.The docs, discovered by news site Patently Apple buried in a SEC filing from March, count the security detail among the Apple executive’s benefits in kind. Under the heading “all other compensation”, the filing breaks down the figure of $774,176 for 2014. Continue reading...