SECURITY RELATED RSS FEEDS

Latest Advisories/Security Related News

 
The Register - Security
Last Downloaded: Tue, 09 Feb 2010 05:34:16 GMT.
View The Raw XML Source Of The Register - Security. hide
  Adobe apologizes for festering Flash crash bug  

16 months...and counting

An Adobe product manager has apologized for allowing a potentially serious bug in Flash Player to remain unfixed for more than 16 months.…

Web threats: Why conventional protection doesn't work

  Conficker outbreak infects Leeds hospital servers  

Sicko

Servers on the network of Leeds Primary Care NHS Trust were struck down by the Conficker worm late last week.…

  Oracle issues emergency security patch for WebLogic  

'Full disclosure' yields results

Oracle issued an emergency patch for its WebLogic Server almost two weeks after a white-hat hacker disclosed a vulnerability that allows criminals to remotely execute commands on the webserver with no authentication necessary.…

Web threats: Why conventional protection doesn't work

  Sweden to prosecute alleged Cisco, NASA hacker  

Stakkato's abrupt transfer

The prosecution of a Swedish man charged with breaching the computer networks of NASA and Cisco Systems and making off with sensitive source code will be transferred to Swedish authorities, US federal prosecutors said Monday.…

  Cheeky French hackers hijack Tata website  

Now you see it, maintenant... non

Top flight outsourcing firm Tata Consulting Services appeared to have lost control of its website to hackers today, with the domain apparently being touted for sale.…

  Leaky anti-virus defences letting malware through  

Spanky new scanners no longer cutting it

Even users running up-to-date anti-virus software still get infected with malware, according to stats from an online malware scanning service.…

  China stomps cybercrook training outfit  

Black Hawk taken down

Chinese authorities have closed down a firm that allegedly trained hackers to develop spyware and launch cyberattacks.…

  Microscope-wielding boffins crack cordless phone crypto  

DECT vivisection

Cryptographers have broken the proprietary encryption used to prevent eavesdropping on more than 800 million cordless phones worldwide, demonstrating once again the risks of relying on obscure technologies to remain secure.…

The power of collaboration within unified communications

  City supe slaps bank for account compromise  

$378,000 Ukraine transfer

A supervisor for the town of Poughkeepsie, New York lashed out at a local bank after someone siphoned $378,000 out of municipal coffers and transferred it to Ukraine.…

The power of collaboration within unified communications

  Mozilla overlooked malware-laced Firefox add-ons  

Feels like the first time. But it's not

Two Firefox add-ons available for months on Mozilla's website infected users with malware that stole passwords and opened a backdoor on Windows machines, the open-source browser maker has confirmed.…

Case Study: WhatsUp keeps Legoland turnstyles ringing

  Spooks scour gambling sites in terror finance probe  

Money laundering with a poker face

The security services are running 23 ongoing investigations into the exploitation of gambling websites to finance terrorism.…

  ZeuS tracker shrinks takedowns from days to minutes  

Search and destroy

A site dedicated to tracking the infamous ZeuS botnet is celebrating its first birthday.…

  Betting sites balance fraudster nab and customer loss  

Tricky job? You bet

Online gambling sites are fighting ever-sharper fraudsters, forcing them to balance stricter anti-cheat measures against the risk of alienating some of their best customers.…

  Baker's dozen for bumper February MS Patch Tuesday  

Get them while they're hot

Microsoft is planning a bumper patch Tuesday, with 13 bulletins that collectively fix 26 difference vulnerabilities.…

  Dear Adobe: It's time for security rehab  

This is an intervention

Comment The stories about Adobe software keep coming, and the news hasn't been good. Critical bugs in Reader and Flash have come under real-world, zero-day attacks so many times in the past year that the exploits almost seem routine.…

Web threats: Why conventional protection doesn't work

  US bill seeks cybersecurity scholarships  

Send your kid to hacker school

The US House of Representatives has overwhelmingly passed a bill that would direct almost $400m toward research designed to shore up the nation's cybersecurity defenses.…

The power of collaboration within unified communications

  Kit cracks iPhone backup passwords  

Download, point, click

Password cracking of iPhone backups has become a point-and-click exercise thanks to software unveiled Thursday by a computer forensics tools provider.…

Web threats: Why conventional protection doesn't work

  MS probes bug that turns PCs into 'public file servers'  

Unwanted promotion for older Windows boxes

Microsoft has begun investigating a flaw in IE that most affects older versions of Windows, and turns vulnerable systems into a "public file server".…

  Carbon trade phish scam disrupts exchanges  

Complex fraud lies behind emissions permissions attack

Phishing fraudsters have extended their net beyond harvesting e-banking credentials via a scam that resulted in the theft of 250,000 carbon permits worth over €3m.…

  Fugitive VoIP hacker admits 10 million minute spree  

When revenue is profit

A Miami hacker has admitted he pocketed more than $1m by selling millions of minutes of voice over IP calls and surreptitiously routing them through the networks of telecommunications companies.…

 
SecurityFocus News
Last Downloaded: Tue, 09 Feb 2010 08:34:30 GMT.
View The Raw XML Source Of SecurityFocus News. hide
  News: Twitter attacker had proper credentials  Twitter attacker had proper credentials
  News: PhotoDNA scans images for child abuse  PhotoDNA scans images for child abuse
  News: Conficker data highlights infected networks   Conficker data highlights infected networks

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909
  News: Popular apps need better patching, says report  Popular apps need better patching, says report
  Brief: Google offers bounty on browser bugs  Google offers bounty on browser bugs
  Brief: Cyberattacks from U.S. "greatest concern"   Cyberattacks from U.S. "greatest concern"

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909
  Brief: Microsoft patches as fraudsters target IE flaw  Microsoft patches as fraudsters target IE flaw
  Brief: Attack on IE 0-day refined by researchers  Attack on IE 0-day refined by researchers
  News: Most consumers reuse banking passwords   Most consumers reuse banking passwords

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909
  News: CIA, PayPal under bizarre SSL assault  CIA, PayPal under bizarre SSL assault
  News: Malicious traffic can crash routers, Juniper warns  Malicious traffic can crash routers, Juniper warns
  News: Scammers scrape RAM for bank card data   Scammers scrape RAM for bank card data

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909
  Infocus: Enterprise Intrusion Analysis, Part One  Enterprise Intrusion Analysis, Part One
  Infocus: Responding to a Brute Force SSH Attack  Responding to a Brute Force SSH Attack
  Infocus: Data Recovery on Linux and ext3   Data Recovery on Linux and <i>ext3</i>

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909
  Infocus: WiMax: Just Another Security Challenge?  WiMax: Just Another Security Challenge?
  Gunter Ollmann: Time to Squish SQL Injection  Time to Squish SQL Injection
  Mark Rasch: Lazy Workers May Be Deemed Hackers   Lazy Workers May Be Deemed Hackers

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909
  Adam O'Donnell: The Scale of Security  The Scale of Security
  Mark Rasch: Hacker-Tool Law Still Does Little  Hacker-Tool Law Still Does Little
powered by zFeeder


Latest Security Files/Exploits

 
Packet Storm Security Last 20
Last Downloaded: Tue, 09 Feb 2010 08:34:30 GMT.
View The Raw XML Source Of Packet Storm Security Last 20. hide
  HPSBUX02503-SSRT100019.txt  HP Security Bulletin - Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, privilege escalation, and Denial of Service (DoS).
  MDVSA-2010-034.txt  Mandriva Linux Security Advisory 2010-034 - Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel. Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request. The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in the Linux kernel before 2.6.32-rc7 allows attackers to have an unspecified impact via a crafted HDLC packet that arrives over ISDN and triggers a buffer under-read. Additionally, the Linux kernel was updated to the stable release 2.6.27.45.
  nightdahack2010-cfp.txt  Night Da Hack 2010 Call For Proposals - This conference will take place from 4 PM through 7 AM, June 19th through the 20th, 2010 in Paris, France.
  CORELAN-10-010.txt  GeFest Web HomeServer version 1.0 suffers from a directory traversal vulnerability.
  wsnguestdb-disclose.txt  WSN Guest Database appears to suffer from a database disclosure vulnerability.
  bluedove-sql.txt  Blue Dove suffers from a remote SQL injection vulnerability.
  synspam_0.4.0-1.tar.gz  Synspam uses Netfilter NFQUEUE to catch the source IP address of any machine connecting to your mail server, running multiple tests against it possible, a scoring system is used. If the source IP address is believed to be a spammer IP address, the connection can be dropped. There is a dry run mode if you just want to test it, which is the default.
  as3flexdb-sqldisclose.txt  AS3FlexDB suffer from remote database login information disclosure and remote SQL execution vulnerabilities.
  HPSBMA02487-SSRT100024.txt  HP Security Bulletin - A potential vulnerability has been identified with HP Operations Agent running on Solaris 10. The vulnerability could be exploited remotely to gain unauthorized access.
  jdownloader-exec.txt  JDownloader versions below 2010-01-25 with Click n Load 2 support suffer from a code execution vulnerability. Proof of concept included.
  DSECRG-09-065.txt  TVUPlayer version 2.4.9beta build 1797 suffers from an Active-X insecure method vulnerability.
  sapone_fc.tar.bz2  Remote exploit for SAP MaxDB versions 7.6.03 build 007 and below which suffer from a pre-authentication remote code execution vulnerability. This version has been updated by FortConsult A/S to use the same byte code as the Nessus plugin.
  sipwitch-0.7.0.tar.gz  GNU SIP Witch is a pure SIP-based office telephone call server that supports generic phone system features like call forwarding, hunt groups and call distribution, call coverage and ring groups, holding, and call transfer, as well as offering SIP specific capabilities such as presence and messaging. It supports secure telephone extensions for making calls over the Internet, and intercept/decrypt-free peer-to-peer audio and video extensions. It is not a SIP proxy, a multi-protocol telephone server, or an IP-PBX, and does not try to emulate Asterisk, FreeSWITCH, or Yate.
  uigabp-sqlxss.txt  Uiga Business Portal suffers from cross site scripting and remote SQL injection vulnerabilities.
  cve-2010-0453.c  This is a denial of service (kernel panic) proof of concept exploit for the UCODE_GET_VERSION ioctl NULL pointer dereference vulnerability on Solaris / OpenSolaris.
  exponentcms-sql.txt  Exponent CMS version 0.96.3 suffers from a remote SQL injection vulnerability. This really old version has been known vulnerable to various issues since 2005.
  mongoose28-disclose.txt  Mongoose version 2.8 seems to suffer from yet another source disclosure vulnerability.
  belkatalog-sql.txt  Belkatalog CMS suffers from a remote SQL injection vulnerability.
  zentracking-sql.txt  Zen Tracking versions 2.2 and below suffer from a remote SQL injection vulnerability that allows for authentication bypass.
  baalsystems-sql.txt  Baal Systems version 3.8 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
powered by zFeeder