Alerts
-- Aurora Report has no alerts to report today.
Security News
9:05 PM (9 hours ago)
Embedded device security assessment, (Wed, Jan 28th)
from SANS Internet Storm Center, InfoCON: green
Following on the theme from Pat's last diary on Conficker and embedded systems, we had a reader su ...(more)...
9:47 PM (8 hours ago)
Heartland Sniffer Hid In Unallocated Portion Of Disk
from CGISecurity - Website and Application Security News by Robert A.
"The sniffer malware that surreptitiously siphoned tons of payment card data from card processor Heartland Payment Systems hid in an unallocated portion of a server’s disk. The malware, which was ultimately detected courtesy of a trail of temp files, was hidden so well that it eluded two different teams of forensic...
Jan 28, 2009 (15 hours ago)
A Little Filtering Can Halt Some XSS Attacks
from McAfee Avert Labs by Zhu Cheng
Recently, xiaonei.com (a Chinese social-networking site, similar to Facebook) fixed a cross-site scripting (XSS) vulnerability known as “HTTP Response Splitting.” This flaw occurs when a web application does not properly filter carriage returns and linefeeds (%0d%0a).
-- Aurora Report says go read this article, content removed due to popups generated in blogger.com which is apparently susceptible to this XSS technique.
So web programmers: Don’t forget to filter %0d%0a in your code.
Jan 28, 2009 (13 hours ago)
Mac Trojans Follow Successful Windows Path
from McAfee Avert Labs by Pedro Bueno
It’s been a week since we’ve seen the new Mac malware, the iWork09 Trojan, which is disguised as pirated software. Since then there have been several reports about new Mac Trojans.
Jan 28, 2009 (15 hours ago)
DDoS attack boots Kyrgyzstan from net
from The Register - Security
Russian bears blamed
The central Asian republic of Kyrgyzstan was effectively knocked offline for more than a week by a Russian cybermilitia that continues to flood the country's internet providers with crippling data attacks, a security expert said.…
Jan 28, 2009 (17 hours ago)
Kaspersky Labs denies panic mongering
from The Register - Security
The papers just made it up
A mild warning from anti-virus labs Kaspersky has been inflated into a full-blown panic by the Australian press that is warning of an imminent meltdown once infection reaches Australian shores.…
Jan 28, 2009 (20 hours ago)
Websense buys Defensio to fight blog comment spam
from The Register - Security
Web security and content filtering firm Websense has bought Defensio!, a security startup specialising in defending against blog-comment spam. Terms of the deal, announced Tuesday, were undisclosed.…
Jan 28, 2009 (20 hours ago)
Anonymous pwns Digital Camera Mag website
from The Register - Security
'This forum is now 4chan's !#$%'
The website of Digital Camera Magazine was taken offline on Wednesday morning following an attack by denizens of 4chan.…
Jan 28, 2009 (22 hours ago)
Why conventional protection fails against web threats
from The Register - Security
White paper trail
And so to the Reg whitepaper library to inspect some security pitches. Here's a couple we thought deserved a wider airing.…
Jan 28, 2009 (20 hours ago)
Unveiling IE 7 and Integrity Levels
from WindowSecurity.com by (Derek Melber)
How Windows Vista's Internet Explorer 7 comes with Protected Mode, works with User Account Control, and provides Integrity Levels for internet protection.
5:03 AM (1 hour ago)
With economic slump, concerns rise over data theft
from Network World on Security by Robert McMillan
Is the worsening economic situation going to turn some employees into data thieves?
5:03 AM (1 hour ago)
Cookie use in videos on gov't site prompts privacy concerns
from Network World on Security
Back when he was campaigning for president, Barack Obama 's skillful use of Web 2.0 technologies such as Facebook and YouTube enabled him to get his message out to new audiences of voters in an unprecedented fashion. But using the same technologies in his new role as president is already proving to be more controversial.
5:03 AM (1 hour ago)
Researcher: IE8 clickjacking protection will have no impact
from Network World on Security
Microsoft provided more information Wednesday about how Internet Explorer 's new anti-clickjacking feature works, but one of the researchers who first reported the problem last year said it will have "zero impact" on protecting users.
Jan 28, 2009 (17 hours ago)
Click fraud shoots up in Q4, driven by botnets
from Network World on Security
Click fraud, a big threat to the highly profitable pay-per-click search advertising business, increased significantly in the fourth quarter, thanks to scammers' rising and sophisticated use of botnets.
5:03 AM (1 hour ago)
Russian 'cyber militia' knocks Kyrgyzstan offline
from Network World on Security
A Russian "cyber militia" has knocked the central Asian country of Kyrgyzstan off the Internet, a security researcher said Wednesday, demonstrating that the hackers are able to respond even faster than last year, when they waged a digital war against another former Soviet republic, Georgia.
Jan 28, 2009 (17 hours ago)
Third US gov't worker pleads to passport snooping
from Network World on Security by Grant Gross
A third U.S. State Department employee has pleaded guilty to illegally accessing dozens of confidential passport application files, the U.S. Department of Justice said.
5:03 AM (1 hour ago)
5 Musts for Advancing Video Surveillance in Security
from Network World on Security
Video surveillance was once the exclusive province of physical security; operators looked at multiple video screens, each displaying the field of view of a single video camera, to monitor for security incidents. But increasingly, the charge of fully securing an organization's assets requires a larger number of cameras with multiple viewers of the video information.
5:03 AM (1 hour ago)
Security networks send spammers underground
from Network World on Security
Botnets will employ more obfuscated control techniques including the use of peer-to-peer networks during 2009, according to security researchers, following the McColo data center take-down last year.
5:03 AM (1 hour ago)
Undercover theft retrieval software gets location tracking
from Network World on Security
Orbicule has announced Undercover 3, a major new release of its theft-recovery software for Mac OS X. It costs $49.
Jan 28, 2009 (17 hours ago)
Data Breach Threatens Job Search Sites' Effectiveness
from Network World on Security
Last Friday, Monster.com disclosed that its database was hacked, and that members' names, usernames, passwords, e-mail addresses, phone numbers and demographic data were compromised in the data breach. The job search site, which boasts over 75 million accounts for job seekers, hasn't disclosed the number of users whose personal information was stolen.
Jan 28, 2009 (17 hours ago)
MySpace faces fresh controversy over sex offender issue
from Network World on Security
Just two weeks after a task force whose formation was spearheaded by MySpace Inc. delivered a report saying that social networking sites were safer from sexual predators than many people had assumed, MySpace finds itself dealing with a new inquiry related to registered sex offenders by Connecticut's attorney general.
Jan 28, 2009 (17 hours ago)
Banks, credit unions scramble in wake of Heartland breach
from Network World on Security
In the first real indication of the scope of the recently disclosed breach at Heartland Payment Systems , banks and credit unions from Washington to Maine have begun to reissue thousands of credit and debit cards over the past few days.
Jan 28, 2009 (16 hours ago)
Brief: Netgear commits to SMB security market
from SecurityFocus News
Netgear commits to SMB security market
Jan 28, 2009 (12 hours ago)
Leigh Purdie, InterSect Alliance, co-founder of Snare: Update on log analysis
from SANS Technology Institute - Security Laboratory
We asked Leigh Purdie if he would give us an update on Snare and log analysis, as a follow to our interview with him in March, 2008, and we certainly thank him for his time.
Jan 28, 2009 (21 hours ago)
How Secure Is Firefox?
from PC World Latest Technology News
Mozilla's popular Web browser is long on user-friendly features and third-party extensions, and short on granular security controls
-- Aurora Report says the light, the light, it burns my eyes, turn it off, turn it off!
The only thing worse than being fired is scammers fooling you into thinking
you're fired
-
Scumbags play on victims' worst fears in phishing campaign referencing UK
Employment Tribunal
A current phishing campaign scares recipients into believing...
2 hours ago
No comments:
Post a Comment