Thursday, February 5, 2009
Around The Horn vol.1,32
Security News
12:30 PM (9 hours ago)
Attacker flaunts details of phpBB hack
from CGISecurity - Website and Application Security News by Robert A.
"In a post on Blogger on Saturday, a person who claims to have breached the Web site of open-source online community software phpBB gave a detailed account of how he did it. Using a vulnerability in PHPlist publicly disclosed on January 14, the attacker gained access to the password and configuration...
1:30 PM (8 hours ago)
Firefox 3.0.6 Released To Address Multiple Security Issues
from CGISecurity - Website and Application Security News by Robert A.
Fixed in Firefox 3.0.6 MFSA 2009-06 Directives to not cache pages ignored MFSA 2009-05 XMLHttpRequest allows reading HTTPOnly cookies MFSA 2009-04 Chrome privilege escalation via local .desktop files MFSA 2009-03 Local file stealing with SessionStore MFSA 2009-02 XSS using a chrome XBL method and window.eval MFSA 2009-01 Crashes with evidence of...
9:31 AM (12 hours ago)
Counting Malware
from McAfee Avert Labs by Marius van Oers
Malware continues to increase at a rapid rate. With the DAT-5516 release, scheduled for 4 February, the number of drivers in the DATs will pass 500,000. Half a million is a huge amount. I remember my first antivirus program, back in the ’80s, that had a count of about 80. I don’t recall the exact number, but it’s easy to place it into perspective. We add way more on a daily basis now.
11:33 AM (10 hours ago)
FlowMatrix - Free Network Behavior Analysis System
from Darknet - The Darkside by Darknet
FlowMatrix is Network Anomaly Detection and Network Behavioral Analysis (NBA) System, which in fully automatic mode constantly monitors your network using NetFlow records from your routers and other network devices in order to identify relevant anomalous security and network events. In addition, the new release of FlowMatrix, (ver.0.9.62 and...Read the full post at darknet.org.uk
3:03 PM (7 hours ago)
Four Security Updates Due From Microsoft Next Week
from PC World Latest Technology News
Microsoft will release critical security patches for IE and Exchange next week and important fixes for SQL Server and Visio.
3:03 PM (7 hours ago)
Microsoft Changes Windows 7 UAC Due to New Exploit Code
from PC World Latest Technology News
A pair of Windows bloggers posted more proof-of-concept code that subverts an important security feature of Windows 7.
6:41 AM (2 hours ago)
MS lines up two critical updates for Patch Tuesday
from The Register - Security
Security gnomes busy on IE
Microsoft is lining up four security updates - two of which earn the dread rating of critical - for the February edition on its regular monthly Patch Tuesday update cycle.…
8:41 AM (14 minutes ago)
Cisco wireless flaws pose DoS risk
from The Register - Security
Wi-Fi kit found wanting
Cisco is urging admins to update their wireless LAN hardware following the discovery of multiple vulnerabilities in its enterprise Wi-Fi kit.…
Subscribe to:
Post Comments (Atom)
My Blog List
-
-
Ransomware negotiator weighs in on the extortion payment debate with El Reg - As gang tactics get nastier while attacks hit all-time highs *Interview* Ransomware hit an all-time high last year, with more than 60 criminal gangs listi...6 hours ago
-
Amazon's Echo Hub Makes It Easy for My Whole Family to Use the Smart Home - CNET - The Amazon Echo Hub's ease of use for controlling smart home devices creates less frustration for my family and saves my sanity.
12 hours ago -
Amazon's Echo Hub Makes It Easy for My Whole Family to Use the Smart Home - CNET - The Amazon Echo Hub's ease of use for controlling smart home devices creates less frustration for my family and saves my sanity.
12 hours ago
-
U.S. Charges Russian Man as Boss of LockBit Ransomware Group - The United States joined the United Kingdom and Australia today in sanctioning 31-year-old Russian national Dmitry Yuryevich Khoroshev as the alleged leade...5 days ago
-
Anybody knows that this URL is about? Maybe Balena API request?, (Wed, Feb 7th) - Yesterday, I noticed a new URL in our honeypots: /v5/device/heartbeat. But I have no idea what this URL may be associated with. Based on some googleing, I ...3 months ago
-
Best EDR Of The Market (BEOTM) – Endpoint Detection and Response Testing Tool - BestEDROfTheMarket is a naive user-mode EDR (Endpoint Detection and Response) tool designed to serve as a testing ground4 months ago
-
My Last Email with W. Richard Stevens - In the fall of 1998 I joined the AFCERT. I became acquainted with the amazing book *TCP/IP Illustrated, Volume 1: The Protocols* by W. Richard Stevens...
10 months ago -
Comic for March 12, 2023 - Dilbert readers - Please visit Dilbert.com to read this feature. Due to changes with our feeds, we are now making this RSS feed a link to Dilbert.com.1 year ago
-
87% of Container Images in Production Have Critical or High-Severity Vulnerabilities - At the inaugural CloudNativeSecurityCon, DevSecOps practitioners discussed how to shore up the software supply chain.1 year ago
-
Vulnerability Summary for the Week of November 29, 2021 - Original release date: December 6, 2021 High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info abb -- rtu50...2 years ago
-
AA21-336A: APT Actors Exploiting CVE-2021-44077 in Zoho ManageEngine ServiceDesk Plus - Original release date: December 2, 2021 Summary *This joint Cybersecurity Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (AT...2 years ago
-
20 years of CGISecurity: What appsec looked like in the year 2000 - Just realized that 20 years have passed since I started this site to learn more about web security threats. What 'appsec' looked like in 2000 OWASP didn't ...3 years ago
-
Ransomware: Why one city chose to the pay the ransom after falling victim - Posted by InfoSec News on Aug 12 https://www.zdnet.com/article/ransomware-why-one-city-chose-to-the-pay-the-ransom-after-falling-victim/ By Danny Palmer Z...3 years ago
-
What the newly released Checkra1n jailbreak means for iDevice security - There are reasons to embrace it. There are reasons to be wary of it. Here's the breakdown.4 years ago
-
Privacy and Mobile Device Apps - Original release date: July 9, 2019 | Last revised: November 15, 2019 What are the risks associated with mobile device apps? Applications (apps) on your sm...4 years ago
-
44CON 2018 - 12th-14th September, London (UK) - Posted by Steve on Feb 28 44CON 2018 is the UK's best annual Security Conference and Training event. The conference spans 2.5 days with training on the 1...6 years ago
-
Cryptopp Crypto++ 5.6.4 octets Remote Code Execution Vulnerability - Crypto++ (aka cryptopp and libcrypto++) 5.6.4 contained a bug in its ASN.1 BER decoding routine. The library will allocate a memory block based on the leng...6 years ago
-
V2V Communications security considerations - The future of vehicles, road infrastructure and driving are changing. We are progressing with vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) ...7 years ago
-
vTech – ignorance is no defence (and neither are weasel words) - This morning, Troy Hunt published a blog post alerting to a recent change in the Terms & Conditions published by children’s toy manufacturer vTech. The cha...8 years ago
-
DOJ probing claims U.S. drug agency 'collaborated' with NSA on intelligence - The U.S. Justice Dept. said it was "looking into the issues" raised by an Reuters story, that one of its law enforcement agencies collaborated with the NSA...10 years ago
-
-
-
-
-
-
-
-
-
Posts
No comments:
Post a Comment