1 hour ago
Wednesday, January 7, 2009
Around The Horn, Volume One, Number Two
Alerts
Cisco IOS Exploitation Technique and Defense In Depth, (Tue, Jan 6th)
from SANS Internet Storm Center, InfoCON: green
As many of you have seen, The Register and other main stream media sources are starting to discuss a ...(more)...
Tools on my Christmas list., (Fri, Jan 2nd)
from SANS Internet Storm Center, InfoCON: green
Every year I create a list of things I would like to do with my spare time over the holiday break.n ...(more)...
Security News
CheckFree warns 5 million customers after DNS hack
from CGISecurity - Website and Application Security News by Robert
"Tolley wouldn't say what banks were affected by the hack, but the majority of these five million customers were CheckFree's own users, she said. In total, about 42 million customers access CheckFree's bill payment site, she said. Customers who went to CheckFree's Web sites between 12:35 a.m. and 10:10 a.m. on...
Building a Web Application Security Program, Part 8: Putting It All Together
from CGISecurity - Website and Application Security News by Robert
"Whew! This is our final post in this series on Building a Web Application Security Program (Part 1, Part 2, Part 3, Part 4, Part 5, Part 6, Part 7), and it’s time to put all the pieces together. Here are our guidelines for designing a program that meets the needs...
Hackers Post Faked Report of Steve Jobs's Death
from CGISecurity - Website and Application Security News by Robert
"MacRumors, one of the many sites which cover Apple's annual Macworld product launches, has had its live coverage infiltrated, with someone adding the false news of Steve Jobs's death to the blow-by-blow reports."Here's the very amusing screenshot of the incident.http://cache.gawker.com/assets/images/gawker/2009/01/macrumorshacked.jpgRead more: http://valleywag.gawker.com/5124580/hackers-post-faked-report-of-steve-jobss-death
Pak hackers plan attack on Indian cyber networks: Intel
from CGISecurity - Website and Application Security News by Robert
"After the Mumbai terror strikes, anti-India elements in Pakistan are now planning an attack on Indian computer networks, intelligence agencies have warned. Already Pakistani hackers are trying out a dry run against Indian networks through popular websites registered there after the Mumbai terror strikes, Home Ministry sources told PTI here today....
Paper: Security Assessment of the Internet Protocol
from CGISecurity - Website and Application Security News by Robert
The following was sent to the Full Disclosure mailing list last yesterday."In August 2008 the UK CPNI (United Kingdom's Centre for the Protection ofNational Infrastructure) published the document "Security Assessment of theInternet Protocol". The motivation of the aforementioned document isexplained in the Preface of the document itself. (The paper is availableat:...
Israel hacks Arab TV station
from CGISecurity - Website and Application Security News by Robert
"Israeli military forces have reportedly hacked into a Hamas-run TV station to broadcast propaganda. The hijack of the Al-Aqsa television station last weekend represents the latest phase in a war in cyberspace that has accompanied the ongoing conflict in Gaza. Al-Aqsa is known for featuring allegedly antisemitic childrens' cartoons as part...
Rogue LinkedIn Profiles Lead To Malware
from McAfee Avert Labs by Micha Pekrul
LinkedIn is a popular social networking site where you can manage business contacts online. Since you can set up a profile with links to your own website, it seems to attract criminals’ attention as well. A Google search reveals that several hundred fake LinkedIn profiles from nude “Kirsten Dunst” to nude “Hulk Hogan” exist already. The rogue profiles look all alike, with a picture of the celebrity and three links to the parts of the “nude video” like shown in the following picture
Google picks up third spot in spam-friendly shame list
from The Register - Security
Blogspot exploits and Gmail scams slammed
Google has leapfrogged Microsoft to reach third place in a blacklist of spam-friendly ISPs and hosting firms, compiled by anti-spam organisation Spamhaus.org.…
Bogus LinkedIn profiles punt malware to fools
from The Register - Security
Beyoncé's not your friend, you berk
Bogus profiles on social networking website LinkedIn are punting malware to the credulous and starstruck.…
Pranksters inflitrate live Macworld feed
from The Register - Security
Blasphemy on Jobsian high holy day
As unfounded as they may be, reports of Steve Jobs's demise have spread to a live feed of Macworld Expo provided by Apple gossip site MacRumors after griefers managed to breach the website's security.…
Twitter Hack: How It Happened and What's Being Done
from Network World on Security
Twitter is tackling a series of security issues, starting with a hack that hit some well-known celebrity accounts. Someone broke into Twitter accounts belonging to President-elect Barack Obama, CNN anchor Rick Sanchez, and Britney Spears over the weekend. At the same time, a phishing scam is trying to trick regular users into handing over their passwords and compromising their profiles.
The 4 Security Rules Employees Love to Break
from Network World on Security
Most CSOs and security managers know employees are taking risks everyday that could set their company up for a breach. What some of the biggest offenses? And what can be done to nip that risky behavior in the bud? John Stewart, CSO of Cisco, offers his take on 4 rules people love to break and offers advice on getting them to stop.
The CAN-SPAM Act as a warning
from Network World on Security by Scott Bradner
It is widely expected that the new Congress and administration will be passing a lot of regulations to deal with all sorts of perceived problems.
Rogue SSL certificate exploit puts VeriSign on the spot
from Network World on Security by Ellen Messmer
Following the success of researchers last week in creating a false SSL certificate based on VeriSign's RapidSSL brand, the company is scrambling to explain how it happened, how it's preventing it from reoccurring, and whether its other SSL certificate-generation services are at risk.
Google comes in fourth on top 10 list of spam enablers
from Network World on Security
Google has yet to stop a rising number of spammers from abusing Google Docs, its Web-based collaboration and spreadsheet application, according to junk mail watchdog Spamhaus
3 Ways a Twitter Hack Can Hurt You
from Network World on Security
Just days after popular social networking tool Twitter was hit was a phishing scam, the company is now trying to clean up a mess surrounding a separate hacking attack.
Digital Gangster Take Credit for Twitter Hacks
from Network World on Security
Members of the online forum Digital Gangster may have been behind Monday's Twitter hack. On Monday, hacker's gained access to, and posted messages from, 33 Twitter accounts including those of Bill O'Reilly, Britney Spear and CNN's Rick Sanchez
The Five Most Dangerous Security Myths: Myth #2
from Network World on Security
Sure, the Web is today's Wild West, with digital guns blazing and no sheriff in sight. But as long as you use a good antivirus program, you're completely safe, right?
CheckFree warns 5 million customers after hack
from Network World on Security by Robert McMillan
CheckFree and some of the banks that use its electronic bill payment service are notifying more than 5 million customers after criminals took control of several of the company's Internet domains and redirected customer traffic to a malicious Web site hosted in the Ukraine.
Cisco Vulnerability Given ‘Write Once, Run Anywhere’ Treatement
from Darknet - The Darkside by Darknet
This is an interesting development in router security, Cisco bugs have been popping up now and then - not that often - but usually when they do they are quite serious. The problem with them was you needed so many variations unless you were just targeting one specific router, with that specific version of IOS and [...]
Brief: Researchers claim flaws in Intel's trusted platform
from SecurityFocus News
Researchers claim flaws in Intel's trusted platform
Brief: Celebrities mask malware on Twitter, LinkedIn
from SecurityFocus News
Celebrities mask malware on Twitter, LinkedIn
-- Aurora Report says thats the roundup for today.
Subscribe to:
Post Comments (Atom)
My Blog List
-
In the Face of Humane and Rabbit, It's Time for Google to Flex Its AI Power - CNET - Commentary: Google doesn't need a dedicated AI device. But it's time for the company to bring a more powerful Large Language Model to the masses
-
Soon You May Be Able Edit Your Android Text Messages Just Like on iPhone. Here's How - CNET - If you're in the Google Messages Beta program, you may be able to edit RCS chats right now.
1 hour ago -
'Cyberattack' shutters Christie's website days before $840M art mega-auction - Going once, going twice, going offline Christie's website remains offline as of Monday after a "technology security issue" shut it down Thursday night – j...2 hours ago
-
-
How Did Authorities Identify the Alleged Lockbit Boss? - Last week, the United States joined the U.K. and Australia in sanctioning and charging a Russian man named Dmitry Yuryevich Khoroshev as the leader of the ...10 hours ago
-
Anybody knows that this URL is about? Maybe Balena API request?, (Wed, Feb 7th) - Yesterday, I noticed a new URL in our honeypots: /v5/device/heartbeat. But I have no idea what this URL may be associated with. Based on some googleing, I ...3 months ago
-
Best EDR Of The Market (BEOTM) – Endpoint Detection and Response Testing Tool - BestEDROfTheMarket is a naive user-mode EDR (Endpoint Detection and Response) tool designed to serve as a testing ground4 months ago
-
My Last Email with W. Richard Stevens - In the fall of 1998 I joined the AFCERT. I became acquainted with the amazing book *TCP/IP Illustrated, Volume 1: The Protocols* by W. Richard Stevens...
10 months ago -
Comic for March 12, 2023 - Dilbert readers - Please visit Dilbert.com to read this feature. Due to changes with our feeds, we are now making this RSS feed a link to Dilbert.com.1 year ago
-
87% of Container Images in Production Have Critical or High-Severity Vulnerabilities - At the inaugural CloudNativeSecurityCon, DevSecOps practitioners discussed how to shore up the software supply chain.1 year ago
-
Vulnerability Summary for the Week of November 29, 2021 - Original release date: December 6, 2021 High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info abb -- rtu50...2 years ago
-
AA21-336A: APT Actors Exploiting CVE-2021-44077 in Zoho ManageEngine ServiceDesk Plus - Original release date: December 2, 2021 Summary *This joint Cybersecurity Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (AT...2 years ago
-
20 years of CGISecurity: What appsec looked like in the year 2000 - Just realized that 20 years have passed since I started this site to learn more about web security threats. What 'appsec' looked like in 2000 OWASP didn't ...3 years ago
-
Ransomware: Why one city chose to the pay the ransom after falling victim - Posted by InfoSec News on Aug 12 https://www.zdnet.com/article/ransomware-why-one-city-chose-to-the-pay-the-ransom-after-falling-victim/ By Danny Palmer Z...3 years ago
-
What the newly released Checkra1n jailbreak means for iDevice security - There are reasons to embrace it. There are reasons to be wary of it. Here's the breakdown.4 years ago
-
Privacy and Mobile Device Apps - Original release date: July 9, 2019 | Last revised: November 15, 2019 What are the risks associated with mobile device apps? Applications (apps) on your sm...4 years ago
-
44CON 2018 - 12th-14th September, London (UK) - Posted by Steve on Feb 28 44CON 2018 is the UK's best annual Security Conference and Training event. The conference spans 2.5 days with training on the 1...6 years ago
-
Cryptopp Crypto++ 5.6.4 octets Remote Code Execution Vulnerability - Crypto++ (aka cryptopp and libcrypto++) 5.6.4 contained a bug in its ASN.1 BER decoding routine. The library will allocate a memory block based on the leng...6 years ago
-
V2V Communications security considerations - The future of vehicles, road infrastructure and driving are changing. We are progressing with vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) ...7 years ago
-
vTech – ignorance is no defence (and neither are weasel words) - This morning, Troy Hunt published a blog post alerting to a recent change in the Terms & Conditions published by children’s toy manufacturer vTech. The cha...8 years ago
-
DOJ probing claims U.S. drug agency 'collaborated' with NSA on intelligence - The U.S. Justice Dept. said it was "looking into the issues" raised by an Reuters story, that one of its law enforcement agencies collaborated with the NSA...10 years ago
-
-
-
-
-
-
-
-
-
Posts
No comments:
Post a Comment