1 hour ago
Tuesday, January 13, 2009
Around The Horn vol.1,8
Alerts
8:02 PM (10 hours ago)
Web Application Firewalls (WAF) - Have you deployed WAF technology?, (Mon, Jan 12th)
from SANS Internet Storm Center, InfoCON: green
What is WAF? If your first response to the subject is What is a Web Application Firew ...(more)...
Jan 12, 2009 (12 hours ago)
Downadup / Conficker - MS08-067 exploit and Windows domain account lockout, (Mon, Jan 12th)
from SANS Internet Storm Center, InfoCON: green
The storm center handlers mailbox has received a growing number of email inquiries regarding root ca ...(more)...
Security News
Jan 12, 2009 (18 hours ago)
Wireless at the hospital and the threats they face
from SANS Information Security Reading Room
Category: Wireless Access
Paper Added: January 12, 2009
Jan 12, 2009 (17 hours ago)
Zombie profiling with SMTP greylisting
from SANS Information Security Reading Room
Category: Email Issues
7:35 PM (10 hours ago)
HTTPS-only mode added to Chrome Browser
from CGISecurity - Website and Application Security News by Robert
Google has added a HTTPS browsing feature to chrome.From the changelog"A new HTTPS-only browsing mode. Add --force-https to your Google Chrome shortcut, and it will only load HTTPS sites. Sites with SSL certificate errors will not load. " Release Notes 2.0.156.1 http://dev.chromium.org/getting-involved/dev-channel/release-notes/releasenotes201561Very cool.
Jan 12, 2009 (17 hours ago)
Gary McKinnon confesses to escape extradition to USA
from CGISecurity - Website and Application Security News by Robert
"COMPUTER hacker Gary McKinnon has signed a formal confession in a last-ditch attempt to avoid his extradition to the US, his family have confirmed.Former Highgate Wood School pupil Mr McKinnon, 42, is currently awaiting extradition after being accused of causing $700,000 worth of damage when he allegedly hacked into US security...
Jan 12, 2009 (17 hours ago)
CWE & SANS TOP 25 Most Dangerous Programming Errors
from CGISecurity - Website and Application Security News by Robert
"Most of the vulnerabilities that hackers exploit to attack Web sites and corporate servers are usually the result of common and well-understood programming errors. A list of 25 of the most serious such coding errors is scheduled to be released later today by a group of 30 high-profile organizations, including Microsoft,...
Jan 12, 2009 (13 hours ago)
McAfee Monthly Spam Report Debuts
from McAfee Avert Labs by David Marcus
Today we at McAfee Avert Labs released the first of our new monthly publications: the “McAfee January Spam Report.”
Within its pages you will find excellent information on current spam trends, campaigns, and maybe even some “winners and losers.” Some of the highlights of the January issue include:
Political SpamTax Relief Junk MailUnemployment and Diploma Spam IncreasesChristmas E-Cards
As well as some 2009 spam predictions! Definitely worth the download and read. Watch for our February issue in about four weeks. All spam reports, as well as other white papers, are available from our whitepaper download area here.
8:34 PM (9 hours ago)
Experts trumpet '25 most dangerous' programming errors
from The Register - Security
And tips to avoid them
Computer experts from more than 30 organizations worldwide have released a consensus list of the 25 most dangerous programming errors that lead to security breaches.…
7:34 PM (10 hours ago)
Storm worm smackdown as researchers unpick control system
from The Register - Security
But legal fears may kibosh clean-up
A team of security researchers have developed a technique for automatically purging the remnants of the Storm worm infection from the internet. But the approach - which involves turning the botnet's command and control system against itself - could run foul of computer hacking laws in Germany and elsewhere, which ban the modification of computer systems without consent.…
Jan 12, 2009 (20 hours ago)
Vector buys security firm Aladdin
from The Register - Security
Private equity firm builds up information security portfolio
Private equity firm Vector Capital has agreed to acquire Israeli security tools firm Aladdin Knowledge Systems in a deal valued at $160m.…
Jan 12, 2009 (21 hours ago)
Web 2.0rhea hack mistaken for end of universe
from The Register - Security
Much aTwitter about nothing
Fail and You Kids these days. Used to be, when you were mad at your parents or your professors, you'd write an email worm in Visual Basic and spread it around via Outlook clients.…
5:00 AM (1 hour ago)
Third Brigade unveils Deep Security 6.0
from Network World on Security by Ellen Messmer
Sixth version of Third Brigade's Deep Security software adds file-integrity monitoring, log inspection and integration with VMware's vCenter management server.
5:00 AM (1 hour ago)
Browser bug could allow phishing without e-mail
from Network World on Security by Robert McMillan
A bug found in all major browsers could make it easier for criminals to steal online banking credentials using a new type of attack called "in-session phishing," according to researchers at security vendor Trusteer.
5:00 AM (1 hour ago)
Gears of War 2 patch coming soon
from Network World on Security
According to Epic vice president Mark Rein, a Gears of War 2 patch will go live sometime this month that fixes a handful of online exploits, improves overall gameplay, and adds new achievement points related to downloadable content. No exact date is mentioned for when the patch will go live, but Rein does assure Gearheads that the patch will come out in "January... we are working hard to get this out the door." Here's the complete, more detailed forum post from Mark Rein:
5:00 AM (1 hour ago)
Paris Hilton's Web site being used in Web attack
from Network World on Security by Robert McMillan
Paris Hilton's Web site has been hacked and is serving visitors a malicious Trojan program designed to steal sensitive information from their computers.
5:00 AM (1 hour ago)
What Free Security Programs Can Protect My PC?
from Network World on Security
You really can protect your PC with free software, but there's a price. Multiple free security programs usually aren't as easy to use as one pricey suite. Your less likely to get decent support (perhaps I should say even less likely). And they lack features like antispam and child protection which you may or may not need. All of the companies that give away security programs sell more feature-rich versions, which come with better support and additional features.
5:00 AM (1 hour ago)
Top 25 software screw-ups
from Network World on Security by Ellen Messmer
Most IT security woes, from software patching to cyberespionage and cybercrime, can be traced to the devastating effects wrought by the Top 25 programming errors made in software, according to a broad consensus of government and security firms.
5:00 AM (1 hour ago)
Group lists 25 most dangerous coding errors hackers exploit
from Network World on Security
Most of the vulnerabilities that hackers exploit to attack Web sites and corporate servers are usually the result of common and well-understood programming errors.
5:00 AM (1 hour ago)
Startup launches cloud application management tool
from Network World on Security
Cloud-computing startup Kaavo's software for deploying and managing cloud-based applications is now out of beta, the company said Monday.
5:00 AM (1 hour ago)
'Huge increase' in worm attacks plague unpatched Windows PCs
from Network World on Security
A computer worm that exploits a Windows bug Microsoft Corp. patched more than two months ago continues to wreak havoc, a security company said Monday, as it boosted its overall threat ranking and warned users to patch their PCs.
Jan 12, 2009 (17 hours ago)
How to tell which employees are more of a security risk
from Network World on Security
Recently I have read quite a bit about "insider threats" and the potential for losing customer data. But not everyone is bad, so how can I tell if I need to pay attention to certain employees?
Jan 12, 2009 (17 hours ago)
Security Experts ID Top 25 Programming Errors
from Network World on Security
A group of security experts and luminaries have created a list of the 25 most significant programming errors that can lead to serious software vulnerabilities.
Add starShareEmailKeep unread
Jan 12, 2009 (17 hours ago)
(title unknown)
from Network World on Security
Jan 12, 2009 (17 hours ago)
Obama Inauguration Highlights Executive Protection
from Network World on Security
Between the pending presidential inauguration and roiling anti-corporate sentiment, executive protection is more critical than ever. Expert Robert Oatman explains the elements of a good program, the impact of technology, and more.
Jan 12, 2009 (17 hours ago)
NSA helps name most dangerous programming mistakes
from Network World on Security by Robert McMillan
A group of more than 30 computer organizations has taken what some are calling a big step toward making software more secure.
Jan 12, 2009 (12 hours ago)
Brief: DARPA awards $30m to create security test bed
from SecurityFocus News
DARPA awards $30m to create security test bed
Jan 12, 2009 (12 hours ago)
Brief: Army, NATO sites defaced by Mideast protesters
from SecurityFocus News
Army, NATO sites defaced by Mideast protesters
10:31 PM (7 hours ago)
China online porn crackdown: 91 sites down, thousands to go
from Ars Technica by jacqui@arstechnica.com (Jacqui Cheng)
The Chinese government has taken down 91 websites for hosting or linking to pornographic content since last week, and it vows to continue doing so in order to protect young minds.
Jan 12, 2009 (14 hours ago)
Cable Hacker Charged With Selling Illicit-Broadband Modems
from Wired Top Stories by Kevin Poulsen
In the first case of its kind, a Pennsylvania man faces federal criminal charges for selling hacked cable modems capable of stealing free, anonymous internet service from broadband providers.
5:43 AM (46 minutes ago)
Executive Charged With Exporting Dual-use ICs to China
from PC World Latest Technology News
A business executive has been charged in California with the illegal export of integrated circuits considered to have dual...
9:43 PM (8 hours ago)
Browser Bug Could Allow Phishing Without E-mail
from PC World Latest Technology News
Security vendor Trusteer says its found a way to do phishing without the e-mail, thanks to a bug in all major browsers.
6:39 PM (11 hours ago)
Disaster Recovery Budgets Feel the Pinch
from PC World Latest Technology News
Execs figure cutting DR for new projects will save half their cost. But to a security manager, it feels like living on the edge.
Jan 12, 2009 (14 hours ago)
Hacker Leaves Message for Microsoft in Trojan Code
from PC World Latest Technology News
A Zlob Trojan writer has left messages for Microsoft in his malicious code.
Jan 12, 2009 (21 hours ago)
Court Says Feds Need A Warrant To Listen To Touchtone Beeps Too
from Techdirt by Michael Masnick
While there are still arguments over the legality of the government's warrantless wiretap program, apparently there's been a separate court case looking at whether or not a warrant is needed if the authorities are just listening to your touchtone dialing, rather than the contents of the call itself. The feds felt that if it was just the touchtone beeps, then they didn't need any warrant at all -- but a court has now shot that theory down. The feds tried to claim that such data was not "content" which would trigger the need for a warrant -- but considering that with today's touchtone IVR systems, such data could include passwords, PINs, social security numbers and other private data, it seems perfectly reasonable to suggest a warrant is necessary.
-- Aurora Report says bonus material included for free.
Subscribe to:
Post Comments (Atom)
My Blog List
-
In the Face of Humane and Rabbit, It's Time for Google to Flex Its AI Power - CNET - Commentary: Google doesn't need a dedicated AI device. But it's time for the company to bring a more powerful Large Language Model to the masses
-
Soon You May Be Able Edit Your Android Text Messages Just Like on iPhone. Here's How - CNET - If you're in the Google Messages Beta program, you may be able to edit RCS chats right now.
1 hour ago -
'Cyberattack' shutters Christie's website days before $840M art mega-auction - Going once, going twice, going offline Christie's website remains offline as of Monday after a "technology security issue" shut it down Thursday night – j...2 hours ago
-
-
How Did Authorities Identify the Alleged Lockbit Boss? - Last week, the United States joined the U.K. and Australia in sanctioning and charging a Russian man named Dmitry Yuryevich Khoroshev as the leader of the ...10 hours ago
-
Anybody knows that this URL is about? Maybe Balena API request?, (Wed, Feb 7th) - Yesterday, I noticed a new URL in our honeypots: /v5/device/heartbeat. But I have no idea what this URL may be associated with. Based on some googleing, I ...3 months ago
-
Best EDR Of The Market (BEOTM) – Endpoint Detection and Response Testing Tool - BestEDROfTheMarket is a naive user-mode EDR (Endpoint Detection and Response) tool designed to serve as a testing ground4 months ago
-
My Last Email with W. Richard Stevens - In the fall of 1998 I joined the AFCERT. I became acquainted with the amazing book *TCP/IP Illustrated, Volume 1: The Protocols* by W. Richard Stevens...
10 months ago -
Comic for March 12, 2023 - Dilbert readers - Please visit Dilbert.com to read this feature. Due to changes with our feeds, we are now making this RSS feed a link to Dilbert.com.1 year ago
-
87% of Container Images in Production Have Critical or High-Severity Vulnerabilities - At the inaugural CloudNativeSecurityCon, DevSecOps practitioners discussed how to shore up the software supply chain.1 year ago
-
Vulnerability Summary for the Week of November 29, 2021 - Original release date: December 6, 2021 High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info abb -- rtu50...2 years ago
-
AA21-336A: APT Actors Exploiting CVE-2021-44077 in Zoho ManageEngine ServiceDesk Plus - Original release date: December 2, 2021 Summary *This joint Cybersecurity Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (AT...2 years ago
-
20 years of CGISecurity: What appsec looked like in the year 2000 - Just realized that 20 years have passed since I started this site to learn more about web security threats. What 'appsec' looked like in 2000 OWASP didn't ...3 years ago
-
Ransomware: Why one city chose to the pay the ransom after falling victim - Posted by InfoSec News on Aug 12 https://www.zdnet.com/article/ransomware-why-one-city-chose-to-the-pay-the-ransom-after-falling-victim/ By Danny Palmer Z...3 years ago
-
What the newly released Checkra1n jailbreak means for iDevice security - There are reasons to embrace it. There are reasons to be wary of it. Here's the breakdown.4 years ago
-
Privacy and Mobile Device Apps - Original release date: July 9, 2019 | Last revised: November 15, 2019 What are the risks associated with mobile device apps? Applications (apps) on your sm...4 years ago
-
44CON 2018 - 12th-14th September, London (UK) - Posted by Steve on Feb 28 44CON 2018 is the UK's best annual Security Conference and Training event. The conference spans 2.5 days with training on the 1...6 years ago
-
Cryptopp Crypto++ 5.6.4 octets Remote Code Execution Vulnerability - Crypto++ (aka cryptopp and libcrypto++) 5.6.4 contained a bug in its ASN.1 BER decoding routine. The library will allocate a memory block based on the leng...6 years ago
-
V2V Communications security considerations - The future of vehicles, road infrastructure and driving are changing. We are progressing with vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) ...7 years ago
-
vTech – ignorance is no defence (and neither are weasel words) - This morning, Troy Hunt published a blog post alerting to a recent change in the Terms & Conditions published by children’s toy manufacturer vTech. The cha...8 years ago
-
DOJ probing claims U.S. drug agency 'collaborated' with NSA on intelligence - The U.S. Justice Dept. said it was "looking into the issues" raised by an Reuters story, that one of its law enforcement agencies collaborated with the NSA...10 years ago
-
-
-
-
-
-
-
-
-
Posts
No comments:
Post a Comment