Brian Donohue

About

“We are what we pretend to be, so we must be careful about what we pretend to be.” ― Kurt Vonnegut

Vulnerabilities in Cisco’s Unified Communications Manager

Cisco published an advisory report yesterday detailing multiple vulnerabilities in there Unified Communications Manager.

There are three denial of service vulnerabilities that affect session initiation protocol services, two SQL injection vulnerabilities, and a directory transversal vulnerability.

These bugs affect versions 6-8 of Cisco’s Unified Communications Manager.

The DoS bugs are triggered by a malformed SIP message that could cause a critical process to fail, resulting in the failure of voice services.

Congress to Apple: You Got Some Splainin to do

In a letter to the chairman of the Federal Trade Commission, Jay Inslee (D-Wash.) expressed concerns regarding recent revelations that Apple products have been continuously tracking and recording user location information with questionable consent and without an easy way to opt out of such tracking.


Sony’s online gaming platform, The PlayStation Network (PSN), continued a five day outage on Monday after what the company described as an “attack” on its network knocked PSN offline on April 20. And hope is fading for a fast resolution, with Sony saying it is revamping the network to make it more secure.

Amazon Web Service’s (AWS) Elastic Compute Cloud (EC2), based in Northern Virginia, went offline early this morning, taking with it a number of popular sites including, news aggregator Reddit and question and answer site (and TechCrunch darling), Quora.The Web hosting firm’s Relational Database Service

Microsoft on Tuesday provided key details of  a “Coordinated Vulnerability Disclosure”
(CVD) program it announced in July and that’s aimed at bolstering
collaboration between Microsoft, its customers and the security
community. 

The U.S. Chamber of Commerce held a press conference this morning to unveil details surrounding a National Strategy for Trusted Identities in Cyberspace, or NSTIC as they are calling it.

While the press conference was somewhat vague in terms of specifics, the initiative appears to be designed to build a voluntary transactional ecosystem of trust between businesses and individuals online, or, more generally between anyone or thing attempting to transmit money, goods, or ideas online.

Back in January, Threatpost covered a story originally reported by Julien Sobrier of Zsacaler. Sobrier discovered that the websites of a number of prominent American universities and government institutions had been hijacked and were redirecting fake online stores. As it turns out, some of the sites mentioned in the initial report continue to do so.