[Owasp-cincinnati] InfoSec And AppSec News Week of Sunday, September 19, 2010

Marco M. Morana marco.m.morana at gmail.com
Tue Sep 28 08:28:30 EDT 2010


[OWASP]

This page contains details about the ASP.NET POET vulnerability disclosed on
2010-09-17. This vulnerability exists in all versions of ASP.NET (all
versions released through 2010-09-18).

http://www.owasp.org/index.php/ASP.NET_POET_Vulnerability

 

[DataLossDB] Summary: Employee sells unknown number of patients names, dates
of birth, Social Security numbers

Organizations: University of Pittsburgh Medical Center

http://datalossdb.org/incidents/3154

 

[DataLossDB] Title: Hackers Find New Ways To Assume Identities

Although cyber scamming is nothing new, the way thieves use the data is
constantly changing, and social media is a gateway to the latest scams

http://www.mobile-tech-today.com/story.xhtml?story_id=75208

 

[DataLossDB] Title: Identity fraud costs billions a year, conference told

Fraud experts say one in five Australians have fallen victim to identity
theft and it is costing Australia around $3 billion a year
http://www.abc.net.au/news/stories/2010/09/20/3016521.htm

 

[ISN] Iran admits Stuxnet worm infected PCs at nuclear reactor

Stuxnet, considered by many security researchers to be the most
sophisticated malware ever, was first spotted in mid-June by VirusBlokAda, a
little-known security firm based in Belarus. A month later Microsoft
acknowledged that the worm targeted Windows PCs that managed large-scale
industrial-control systems in manufacturing and utility companies.

 

http://www.computerworld.com/s/article/9188147/Iran_admits_Stuxnet_worm_infe
cted_PCs_at_nuclear_reactor

http://www.csmonitor.com/USA/2010/0921/Stuxnet-malware-is-weapon-out-to-dest
roy-Iran-s-Bushehr-nuclear-plant

 

[ISN] 3 million gov't websites assailed by vicious hidden links

Shen Yang, a doctorial tutor at School of Information Management under Wuhan
University, showed reporters on Sept. 22 at his office that there are some
vicious hidden links among some government-run Web sites with domain names
ending in "gov.cn," such as those linking to the "latest information on the
Hong Kong Jockey Club" and "how to buy Mark Six" Web pages, according to a
report by Changjiang Daily.

http://english.people.com.cn/90001/90782/90872/7150848.html

 

[ISN] Cisco releases critical IOS security patches

There are six advisories in all, each one covering a different component of
the Cisco Internetwork Operating System (IOS), which powers the routers

http://www.computerworld.com/s/article/9187320/Cisco_releases_critical_IOS_s
ecurity_patches

[ISN] Former NSC Official Criticizes Cyber Security Policies

The Obama administration's cyber security policies came under fire today
from unexpected quarters -- former National Security Council official
Richard Clarke, who advised the administration's transition team.

http://blogs.wsj.com/washwire/2010/09/21/former-nsc-official-criticizes-cybe
r-security-policies/

 

Regards

 

Marco Mirko Morana

OWASP Cincinnati USA Chapter Lead

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-cincinnati/attachments/20100928/11c09525/attachment.html 


More information about the Owasp-cincinnati mailing list