The Counter Terror Expo US , being held May 16-17, 2012 at the Walter E. Washington Convention Center , has formed an advisory board of industry experts from leading organizations to help guide and shape the educational programming and conference content. The advisory board includes individuals from government, academia, law enforcement, media, and the private sector with knowledge ranging from cyber security to border and critical infrastructure protection.

US-Cert has just distributed a notification about the release of Chrome 16.0.912.77 for Linux, Mac, Windows, and Chrome Frame to address multiple vulnerabilities.
The vulnerabilities may allow an attacker to execute arbitrary code or
cause a denial-of-service condition.

The FBI even put out a warning to let people know what to watch out for. This recent scam doesn’t surprise me at all. It only takes these scanners to get .05% of people on email for it to be worth their time. And think how much easier it is today. I mean, I hardly ever go into a bank anymore. With online banking I can do almost everything, from checking my balance, transferring funds to paying my bills. And with hot new apps from banks like Chase, PNC and USAA I can even scan my checks with my phone and deposit them straight into my account.

This bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) the week of January 16, 2012. It is available here:

Lawmakers on Friday indefinitely postponed anti-piracy legislation that pits Hollywood against Silicon Valley, two days after major Internet companies staged an online protest by blacking out parts of prominent websites.

Senate Democratic leader Harry Reid postponed a showdown vote in his chamber on the Protect Intellectual Property Act, or PIPA for short, that had been scheduled for January 24.

“Carberp replaces any Facebook page the user navigates to with a fake page notifying the victim that his/her Facebook account is ‘temporarily locked,’” says Trusteer CTO Amit Klein in his blog. “The page asks the user for their first name, last name, email, date of birth, password and a Ukash 20 euro [approximately $25 US] voucher number to ‘confirm verification’ of their identity and unlock the account.

SANS 2012 (March 23-30, 2012) is fast approaching! More than 35 courses are offered, all taught by our top-rated instructors who are the best at ensuring you learn the material and can apply it immediately when you return to your office. Choose from audit, IT legal, security management, software and web app developer, forensics, computer security training, and more.

Software vulnerabilities receive most of the limelight in network security, but weak, shared, and mismanaged passwords are often the biggest threat to most organizations.

FYI for those running Oracle products such as OracleDB, Glassfish, MySQL, Solaris, etc. The following links will provide additional information to assist you.

Oracle Critical Patch Update (CPU) Pre-Release Announcement – January 2012

Mobile Devices continue to evolve, and with each development there are becoming more efficient tools employees increasingly rely on to conduct both their corporate and personal business. Portable applications that allow the user to access sensitive corporate data are prime targets for hackers and provide them a wide range of access port to data. Controlling security breaches of mobile devices is complex due to the varying software and device types. Additionally, many organizations have no restrictions on the use of personal devices.

Mario Armstrong has sales person demo security app FastAccess Anywhere by Sensible Vision. FastAccess Anywhere securely replaces passwords with a face to authenticate users to access their apps and web sites on mobile devices.