SECURITY RELATED RSS FEEDS

Latest Advisories/Security Related News

 
The Register - Security
Last Downloaded: Thu, 21 Aug 2008 18:32:02 GMT.
View The Raw XML Source Of The Register - Security. hide
  Dabs.com founder accused of attempted rape, drugs offences  

Remanded in custody

The founder of Dabs.com, David Atherton, has been charged with attempted rape and possession of Class A drugs.…

  Opera update draws the curtain on seven security vulns  

Keeping schtum on XSS bug details, though

Opera users should upgrade their browser software following the discovery of multiple security bugs.…

  UK fraudster gang go PIN sniffing  

Portsmouth Asda links to credit card hack

Analysis The organised tampering of PIN entry devices to commit credit card fraud, which led to arrests in Birmingham last week, has been linked to a breach in an Asda store on the outskirts of Portsmouth.…

  Microsoft's IE 8 puts giant web hole on notice  

Tell us if you've heard this one before?

Engineers in Microsoft's Internet Explorer group are devising a new means to stamp out one of the web's biggest security banes: attacks that steal email, bank account credentials and other sensitive information by injecting malicious code into trusted websites.…

  Googlephone security team seeks bug hunters  

Android needs You

Google's Android security team has appealed to bug hunters to help it iron out flaws in the platform.…

  Gag order lifted for students who hacked subway card  

MIT students free to discuss gaping holes

Three Massachusetts Institute of Technology undergraduates are once again free to publicly discuss gaping security holes in the Boston subway system after a federal judge refused to renew a gag order requested by transportation officials.…

  Mystery Fedora disruption prompts security fears  

Did security breach prompt ground-up rebuild?

The majority of servers supporting the Fedora Linux distribution were back online on Tuesday following a mystery disruption.…

  Goldfish customers sent wrong bills  

'We're sorry about that. We're sorry about that'

A printing mix-up resulted in thousands of Goldfish credit card customers receiving other people's bills.…

  Vodafone exec stabbed to death in country home  

Man questioned

Police are questioning a man following the murder of a senior Vodafone UK executive on Saturday.…

  Symantec nabs PC Tools for added street cred  

G'day to added anti-spyware

Security and storage giant Symantec has agreed to buy specialist Australian-based anti-spyware firm PC Tools. Terms of the deal were undisclosed in Monday's announcement.…

  'Malvertizement' epidemic visits house of Newsweek.com  

Symptoms felt 'all over the net'

Newsweek.com is one of several high-profile websites suspected of running rogue banner advertisements that try to trick visitors into installing fraudulent anti-malware programs, security researchers warn.…

  Pirated movie downloads offered as Zango sweetener  

Holy warez, Batman

Zango affiliates are offering gateway access to pirated films, including the Hollywood blockbuster The Dark Knight, in a bid to induce users into accepting adware.…

  Cisco plugs online meeting bug  

Buffer buffed

Cisco has plugged a buffer overflow flaw involving its popular WebEx online meeting client.…

  GlobalSign revokes cert of rogue security app  

Certified malware exposes shortcomings of digital certificates

GlobalSign has revoked the digital certificate of a rogue security application, which acquired the veneer of respectability by parading the credentials while trying to scam users.…

  Mystery web attack hijacks your clipboard  

No, Macs are not immune

A new web-based attack is making the rounds that tries to spread poisonous links by hijacking end users' clipboards.…

  Microsoft ramps up vuln ActiveX controls cull  

Third-party fire and exploit block

This week's Patch Tuesday update was nearly as difficult to digest as a Michael Phelp's breakfast. It contained 11 bulletins covering 26 underlying vulnerabilities, the most in two years.…

  Murdered Chinese students linked to online betting scam  

Forum threats over football bets

The two Chinese Newcastle University graduates murdered last weekend could be linked to a complex web betting scam, Northumbrian Police believe.…

  Home Office reaches half-way hash in secure data handling  

Encryption bureau to operate like internal post office

Analysis The UK Home Office has introduced procedures to handle encrypted personal data from external partners. However, guidelines on how the new Home Office Central Cryptography service will work raise concerns about possible shortcomings with the service which, while a big improvement, falls below best practice in sectors such as banking.…

  Judge refuses to lift order squelching students' subway card hack  

Can't get no relief

A federal judge has refused to strike down an order gagging three Massachusetts Institute of Technology undergraduates from discussing gaping security holes in electronic payment systems used by Boston's transit agency.…

  Bear prints found on Georgian cyber-attacks  

Shots by both sides

Security researchers claim to have uncovered evidence pointing to a link between Russian state-run businesses and cyber-attacks against Georgia.…

 
SecurityFocus News
Last Downloaded: Thu, 21 Aug 2008 18:07:12 GMT.
View The Raw XML Source Of SecurityFocus News. hide
  News: Researchers race to zero in record time  Researchers race to zero in record time
  News: Gov't charges alleged TJX credit-card thieves  Gov't charges alleged TJX credit-card thieves
  News: Poisoned DNS servers pop up as ISPs patch   Poisoned DNS servers pop up as ISPs patch

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909
  News: E-Gold pleads guilty to money laundering  E-Gold pleads guilty to money laundering
  Brief: States seek workarounds for e-voting systems  States seek workarounds for e-voting systems
  Brief: Judge nixes gag order against MIT students   Judge nixes gag order against MIT students

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909
  Brief: P2P investigation leads to child-porn busts  P2P investigation leads to child-porn busts
  Brief: U.K. response team releases Net security guide  U.K. response team releases Net security guide
  News: TJX employee fired for exposing shoddy security   TJX employee fired for exposing shoddy security

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909
  News: Thoughts of a Teenage Bot Master  Thoughts of a Teenage Bot Master
  News: Radio Free Europe hit by DDoS attack  Radio Free Europe hit by DDoS attack
  News: Flash vuln fells Vista   Flash vuln fells Vista

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909
  News: Nigeria enlists Microsoft to fight spam scammers  Nigeria enlists Microsoft to fight spam scammers
  News: Cross-Site Scripting Worm Hits MySpace  Cross-Site Scripting Worm Hits MySpace
  News: Another data security bill in the works   Another data security bill in the works

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909
  News: FTC sues company over spyware  FTC sues company over spyware
  Infocus: Blocking Traffic by Country on Production Networks  Blocking Traffic by Country on Production Networks
  Infocus: Integrating More Intelligence into Your IDS, Part 2   Integrating More Intelligence into Your IDS, Part 2

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909
  Infocus: Integrating More Intelligence into Your IDS, Part 1  Integrating More Intelligence into Your IDS, Part 1
  Infocus: A Guide to Different Kinds of Honeypots  A Guide to Different Kinds of Honeypots
powered by zFeeder


Latest Security Files/Exploits

 
Packet Storm Security Last 20
Last Downloaded: Thu, 21 Aug 2008 16:06:39 GMT.
View The Raw XML Source Of Packet Storm Security Last 20. hide
  MDVSA-2008-177.txt  Mandriva Linux Security Advisory - Guido Landi found a stack-based buffer overflow in xine-lib that could allow a remote attacker to cause a denial of service (crash) and potentially execute arbitrary code via a long NSF title. The updated packages have been patched to correct this issue.
  MDVSA-2008-176.txt  Mandriva Linux Security Advisory - A stack-based buffer overflow was found in mtr prior to version 0.73 that allowed remote attackers to execute arbitrary code via a crafted DNS PTR record, when called with the --split option. The updated packages provide mtr 0.73 which corrects this issue.
  MDVSA-2008-175.txt  Mandriva Linux Security Advisory - A format string vulnerability was discovered in yelp after version 2.19.90 and before 2.24 that could allow remote attackers to execute arbitrary code via format string specifiers in an invalid URI on the command-line or via URI helpers in Firefox, Evolution, or possibly other programs. The updated packages have been patched to correct this issue.
  surveywizard-sql.txt  Survey Wizard suffers from a remote SQL injection vulnerability.
  dxshopcart-sql.txt  DXShopCart version 4.30mc suffers from a remote SQL injection vulnerability.
  faqman-sql.txt  FAQ Management suffers from a remote SQL injection vulnerability.
  CORE-2008-0813.txt  Core Security Technologies Advisory - vBulletin versions 3.7.2 Patch Level 1 and 3.6.10 Patch Level 3 suffer from a cross site scripting vulnerability.
  CORE-2008-0624.txt  Core Security Technologies Advisory - Anzio Web Print Object (WePO) is a Windows ActiveX web page component that suffers from a buffer overflow vulnerability.
  simasycms-sql.txt  Simasy CMS suffers from a remote SQL injection vulnerability.
  sipwitch-0.3.0.tar.gz  GNU SIP Witch is a pure SIP-based office telephone call server that supports generic phone system features like call forwarding, hunt groups and call distribution, call coverage and ring groups, holding, and call transfer, as well as offering SIP specific capabilities such as presence and messaging. It supports secure telephone extensions for making calls over the Internet, and intercept/decrypt-free peer-to-peer audio and video extensions. It is not a SIP proxy, a multi-protocol telephone server, or an IP-PBX, and does not try to emulate Asterisk, FreeSWITCH, or Yate.
  webeditioncms-sql.txt  WebEdition CMS remote blind SQL injection exploit.
  phpbazar-sql.txt  phpBazar version 2.0.2 suffers from a remote SQL injection vulnerability.
  DirBuster-0.11-src.tar.bz2  DirBuster is a multi-threaded java application designed to brute force directories and files names on web/application servers.
  toorconCFP2008.txt  ToorCon X Call For Papers - Papers and presentations are being accepted for ToorCon X to be held at the Convention Center in San Diego, CA from September 24th through the 25th.
  folderlock-disclose.txt  Folder Lock versions 5.9.5 and below suffer from a local password information disclosure vulnerability.
  pars4u-sqlxss.txt  Pars4U Videosharing version 1 cross site scripting and remote blind SQL injection exploit.
  collabreate-defcon.tgz  CollabREate is an IDA Pro plugin with a server backend that allows multiple people to collaborate on a single RE (reverse engineering) project. This is the Defcon demo bundle.
  Grendel-Scan-v1.0-src.zip  Grendel-Scan is an open-source web application security testing tool. It has an automated testing module for detecting common web application vulnerabilities, and features geared at aiding manual penetration tests.
  voiper-0.06.tar.gz  VoIPER is a VoIP security testing toolkit incorporating several VoIP fuzzers and auxiliary tools to assist the auditor. It can currently generate over 200,000 SIP tests and H.323/IAX modules are in development.
  modscan.py.txt  ModScan is a new tool designed to map a SCADA MODBUS TCP based network. The tool is written in python for portability and can be used on virtually any system with few required libraries.
powered by zFeeder