Vulnerability-Lab Team discovered today a  File Include Vulnerability on  Cyberoams Central Console v2.x Appliance Application. Cyberoam Central Console (CCC) appliances offer the flexibility of hardware CCC appliances and virtual CCC appliances to provide centralized security management across distributed Cyberoam UTM appliances, enabling  high levels of security for MSSPs and large enterprises.

The rise in cyberattacks and the proliferation of security products to safeguard against these attacks seem to be directly proportional. Data breaches, loss of personally identifiable information, cyber-attacks and hacking by nefarious elements continue to make the headlines despite IT security companies churning out solutions that claim to protect against them. It is high time IT security companies selling to consumers utilized both truth and honesty as part of clear and growing need for more transparent security disclosure.

The media - and indeed many parts of the security industry - just looove zero-day exploits. They are exciting to report, to research, to block...but interestingly, SophosLabs sees much more malware exploiting patched vulnerabilities.

I know - it's a bit weird. Why would malware authors bother to target a vulnerability for which a patch is already available for download...for free? Surely, it would be a lost cause, a dud, a lemon, a non-starter.

Apple has released three EFI Firmware Updates for 2010-model Macs, including the iMac, MacBook Air, and MacBook Pro. This update enables Lion Internet Recovery on those older Macs. Introduced in OS X Lion alongside the mid-2011 updates to the MacBook Air and Mac mini, Internet Recovery enables access to disk repair or OS X Lion installation options via a broadband internet connection. This is intended for use on a failed hard drive or a blank drive that's never had OS X installed on it.

Research In Motion spent the early years of their development focussing on the demands of the corporate business user, while continually refining their products and services, along with evolving them all. In the beginning, the rise of popularity within the BlackBerry society was purely down to the availability and access to email away from the computer.

Certificate authority Trustwave issued a certificate to a company allowing it to issue valid certificates for any server. This enabled the company to listen in on encrypted traffic sent and received by its staff using services such as Google and Hotmail. Trustwave has since revoked the CA certificate and vowed to refrain from issuing such certificates in future.

As expected, MasterCard has joined Visa in its support for chip-enabled technology, considered one of the most effective ways to deter counterfeit debit and credit card fraud.

Citing the need to keep pace with advances in technology and new channels from which consumers wish to make payments, particularly mobile and online, MasterCard has laid out a "roadmap," which, it said, will provide added security and control in payment choices.

Google issued a beta release of Chrome for Android earlier today. The browser provides support for modern Web standards and includes a number of compelling features that aren't available in the Android's default browser. One noteworthy Chrome desktop feature that isn't included in the mobile port, however, is the integrated Flash runtime.

Hackers aligned with Anonymous have exposed hundreds of e-mail messages from the webmail server of Syria's Ministry of Presidential Affairs, the support ministry for Syrian President Bashar al-Assad. Among the exposed e-mail messages was a set of talking points for Assad's interview with Barbara Walters in December 2011.

A security flaw in web-connected home security cameras made by Trendnet, which distributes in Australia, is allowing internet users to spy on the private video feeds of thousands.

Trendnet, a US company, issued an update to fix the flaw on February 6 but it requires owners of the cameras to take action, which has led to some speculating that many will not install the fix unless they are made aware of the flaws.

He set the wheels of social network filtering in India in motion, which subsequently kickstarted one of the most important, headline grabbing court cases in recent times, and now, he faced an attack. A petitioner, an Islamic scholar, Mufti Aijaz Arshad Qasmi can be better referred to as the man who took Facebook, Google, YouTube, Yahoo!, among others to court, for having allegedly permitted their users to post objectionable content on their sites, threatening the peace and harmony in the country.

There’s no need to man the ramparts, a new wave of antisemitism in not about to descend on Canadian society. Nevertheless, reports from Germany naming 74 individuals linked to neo-Nazi and white supremacist websites should alert Canadians to the fact that the “classical” antisemitic attitudes have not been vanquished.

A temporary IT jobs specialist fears candidates are harming their prospects by sharing their gripes and groans online, even if their rant is nothing to do with the workplace.

Having polled 1,000 job-seekers, Computer People said it could be “career-limiting” if they post comments about receiving poor customer service from, say, an online retailer or call centre.

IT giant Cisco has warned customers that certain blade servers that it sells as part of Unified Computing System data centre platform are prone to overheating and emitting a "short flash" in the event of a transistor failure.

"A failure has been observed where a MOSFET [metal–oxide–semiconductor field-effect transistor] power transistor failed in a manner that caused the MOSFET to overheat and emit a flash before failing," the company revealed in a field notice.

Despite the government having outsourced the majority of its IT delivery, research by Computer Weekly has revealed that Whitehall still has 8,000 in-house IT staff. 

With public sector IT spending under growing scrutiny, does the taxpayer get value for money from the IT departments running central government? Consider a few facts that may put the government’s 8,000-strong in-house IT workforce into perspective:

Around this time last year, the cloud computing contract signings were coming fast and furious -- not just for commodity work like IT management or email, but for software and infrastructure closer to the core of corporate value. Not long after that, the calls started to come in to Greg Bell, principal and the Americas service leader for information protection at KPMG.

A "worrying number" of Facebook users are sharing a link to a malware-laden fake CNN news page reporting the US has attacked Iran and Saudi Arabia, security firm Sophos claims.

If users who follow the link then click to play what purports to be video coverage of the attack, they are prompted to update their Adobe Flash player with a popup window that looks very much like the real thing. Those who accept the prompt unwittingly install malware on their computers.

On January 18, 2012, several of the most prominent websites on the Internet, including Wikipedia, suspended operations in protest of the Stop Online Piracy Act (SOPA), currently under consideration in the House of Representatives. While the main arguments against SOPA have been focused on free speech and fair use, I have not seen any discussion of a provision that bears directly on the payment industry: the requirement that payment networks refuse to settle transactions with foreign websites alleged to have infringed on copyrights.

People often think that Distributed Denial of Service (DDoS) attacks-you know like the ones that knocked the Department of Justice, the Recording Industry Association of America (RIAA), Motion Picture Association of America (MPAA), and Universal Music recently–require hundreds of attackers generating gigabytes of traffic per second to pound a Website down into the ground. Ah, no they don’t.

Adobe has released beta code for sandboxing its heavily hacked Flash code within Firefox, in a similar fashion to the Chrome security protections added to its Reader software and Google’s Chrome browser.