Based on SE Linux, SE Android developed by the U.S. National Security Agency is a security-enhanced version of Google’s mobile platform with stricter access-control policies. – The National
Security Agency has publicly released SE Android, a secure version of Google’s
mobile operating system.
A
security-enhanced version of Android, SE Android would enforce stricter access-control
policies and better sandboxing than what is currently available in the most
up-to-date v…

Symantec has confirmed that hackers obtained source code to two of its enterprise security products and have released portions of it on the web, portending a worst-case scenario where its security software could be perused by hackers to devise ways to circumvent it.

“Symantec can confirm that a segment of its source code has been accessed,” the company said in a statement released Friday. “Symantec’s own network was not breached, but rather that of a third party entity.”

A hacker group calling itself the Lords of Dharmaraja claimed it uncovered the source code on servers belonging to India’s military intelligence agency.

“We have discovered within the Indian Spy Program source codes of a dozen software companies which have signed agreements with Indian TANCS programme and CBI,” the hackers claimed in post published on Pastebin.

Symantec acknowledged that segments of source code that the hackers posted online and passed to reporters belonged to Symantec’s 2006 Endpoint Protection 11.0 and its discontinued Symantec Antivirus 10.2. Symantec’s Endpoint Protection is currently at version 12.0.

Although the products are not the most recent releases and are not the company’s flagship consumer products, if hackers obtained all of the source code and released it, it could be valuable to Symantec competitors and could also be used by hackers to search for vulnerabilities in the products that may be unpatched and therefore exploited.

Stuxnet, a sophisticated worm that sabotaged Iran’s uranium enrichment program, contained code that conducted extensive checks to determine what anti-virus products were installed on targeted machines in order to bypass them.

Photo: cytech/flickr

Malware makes off with the usernames and passwords of more than 45,000 users of the social network, mostly in France and the United Kingdom.

A series of tweets claim that Anonymous has hacked Stratfor’s e-mail and client list, including snagging credit card numbers. Stratfor’s site is “undergoing maintenance.”

Wi-Fi hotspots are popping up everywhere, from coffee shops and libraries to airports and hotel rooms.

Ironically, the very tool that was intended to help users police inappropriate and offensive content on Facebook was exploited to access images that users had marked private. – Some Facebook users gleefully exploited a security flaw in Facebook’s mechanism for reporting inappropriate or offensive images posted on the social networking site to access and publish Facebook CEO Mark Zuckerberg’s private photos. Facebook moved quickly to close the hole.

On Nov. 27, an anonym…

I’m back for the last Mandiant Webinar of the year, titled State of the Hack: It’s The End of The Year As We Know It – 2011. And you know what? We feel fine! That’s right, join Kris Harms and me Wednesday at 2 pm eastern as we discuss our reactions to noteworthy security stories from 2011.

Register now and help Kris and me beat the attendee count from last month’s record-setting Webinar.

If you have questions about and during the Webinar, you can always send them via Twitter to @mandiant and use the hashtag m_soh.

Tweet

wiredmikey writes “Adobe issued an advisory today on a zero-day vulnerability (CVE-2011-2462) that has come under attack in the wild. According to Adobe, the issue is a U3D memory corruption vulnerability that can be exploited to cause a crash and permit an attacker to hijack a system. So far, there are reports the vulnerability is being exploited in limited, targeted attacks against Adobe Reader 9.x on Windows. However, the bug also affects Adobe Reader and Acrobat 9.4.6 and earlier 9.x versions for UNIX and Macintosh computers, as well as Adobe Reader X (10.1.1) and Acrobat X (10.1.1) and earlier 10.x versions on Windows and Mac. Patches for Windows and Mac users of Adobe Reader X and Acrobat X will come on the next quarterly update, scheduled for Jan. 10, 2012.”

Read more of this story at Slashdot.

Michael Friedenberg, President and CEO of CIO magazine, weighs in with his top ten predictions for what will impact the IT-business landscape in 2012.

Researchers from the Danish security firm CSIS, have intercepted a currently spreading Facebook worm.

brycegalbraith: RT @chadtilbury: Build your own password cracking server step-by-step | http://t.co/hhOPwHI1 #security #dfir

Building sandbox functionality into applications is the new standard. Examples include: Office 2010 Protected View and the Chrome sandbox. Even the HTML5 standard includes sandboxing capabilities for iframes. This is a great way to mitigate the number of attacks that…

brycegalbraith: RT @SecurityTube: [Video] Session Hijacking – SSL Session Sidejacking (SSLStrip, Hamster, Ferret) http://t.co/1qBCfgDx by LionelSecurityTube

brycegalbraith: RT @armitagehacker: Video demonstration of multi/browser/java_rhino (new Java exploit in MSF) against Windows and MacOS X: http://t.co/1 …

A recently discovered Java vulnerability that’s been circulating throughout the hacking underground has begun to show up alongside the BlackHole exploit kit, according to a post on Brian Krebs’ KrebsonSecurity blog.

read more

A new reverse proxy issue affecting Apache HTTP server can be used by attackers to access internal systems if certain rules are improperly configured, a security researcher said.

read more

brycegalbraith: HTTPS-enabled Google services now implement a special encryption technique to mitigate future key recovery attacks – http://t.co/KoCcPJBw

Cyber Monday — which for many stores begins Sunday — is almost upon us. That means that more than any other time of year, we’ll be bombarded with sales and deals and notices and ads.

Mobile shopping is on the rise. In fact, nearly 60 million users will shop on their mobile phone for Black Friday and Cyber Monday sales this year.

This week marks the third anniversary of Conficker’s assault on our PCs. Where do we stand after doing 36 months of battle with this worm?

Happy Thanksgiving!
On the heels of Dr. Ullrich’s diary regardingSCADA hacks published on Pas …(more)…

Yesterday, British police arrested an unnamed 52-year-old man in Milton Keynes for computer hacking related to the News of the World phone hacking fiasco.

A week-long DDoS attack that launched a flood of traffic at an Asian e-commerce company in early November was the biggest such incident so far this year, according to Prolexic, a company that defends websites against such attacks.

TheHackersNews: #Security #Infosec ☛ SecurityTube Metasploit Framework Expert Certification Launched ! http://t.co/EXQlGgtn #news

Watch out for shopping scams as the seaonal shopping frenzy ramps up over the US Thanksgiving weekend.

brycegalbraith: Sovereign Keys: A Proposal to Make HTTPS and Email More Secure – http://t.co/FB6mRcrp

Over the previous few days, our research team here at GFI has noticed an uptick in bank phishes winding up in a few of our spam traps. This particular scam is unique in that it comes with an html file attachment which leads to a form that attempts to steal from the unsuspecting victim all types of identifying information from the standard pin and password to their Driver’s License number and even a (fake) description of the last transaction made on the account.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Flash Player.

-

Make your website safer. Use external penetration testing service. First report ready in one hour!