Alerts
2:49 AM (3 hours ago)
Critical VMware Security Alert for Windows-Hosted VMware Workstation (1008502)
from VMware RSS Feed by vmtn@vmware.com (VMTN)
Critical VMware Security Alert for Windows-Hosted VMware Workstation (1008502)
Summary There is a vulnerability in a certain ActiveX control in VMware Workstation. Problem Description The following description is from the Common Vulnerabilities and...
Security News
1:48 PM (7 hours ago)
Perimeter Defense-in-Depth with Cisco ASA
from SANS Information Security Reading Room
Category: Firewalls & Perimeter Protection
Paper Added: February 9, 2009
2:44 PM (6 hours ago)
Application Security Vendors Need Help With Reporting
from CGISecurity - Website and Application Security News by Robert A.
I've been reading web application vulnerability reports from tools and services for 6-7 years and found that 99% of these reports are geared towards security engineers or system administrators. Many of the reports I see focus on The type of flaw and what it its impact is The URL affected Links...
11:13 AM (9 hours ago)
New Valentine Scam on the Loose
from McAfee Avert Labs by Micha Pekrul
Following our last week’s warning of the possible scams related to the approaching Valentine’s Day, to no surprise, today we’ve seen another new Valentine theme come up - hosted on the fast-fluxing Waledac botnet. If a user were to follow the link in these spam emails - please don’t do that! -, a web site like the following appears:
A picture with two adorable Shitzu puppies is wishing a Happy Valentine’s Day. The text of the lure is advertizing a “Valentine Devkit” named ‘loveexe.exe’ or ’start.exe’. And regular readers can guess it already: this is a social-engineering trick to convince users to download the real threat. Don’t click the link to the executable, otherwise you will end up with malware.
A close look into the website’s source code currently doesn’t reveal any additional drive-by-infections nor -downloads (but that can change quickly), as seen in past Waledac (or “Storm”) themes. Coverage of this particular malware variant is in the 5522 DATs, plus blocked by Artemis, plus blocked at the (former Secure) Web Gateway as well.
5:10 PM (3 hours ago)
Brief: Reports: Obama to tap intel official for cyber post
from SecurityFocus News
Reports: Obama to tap intel official for cyber post
3:05 PM (5 hours ago)
Brief: Kaspersky: No personal info accessed by breach
from SecurityFocus News
Kaspersky: No personal info accessed by breach
11:04 AM (10 hours ago)
News: Kaspersky exposes sensitive database, says hacker
from SecurityFocus News
Kaspersky exposes sensitive database, says hacker
6:57 PM (2 hours ago)
Conficker Worm Sinks French Navy Network
from PC World Latest Technology News
The French Navy says it was infected by the Conficker worm, according to reports.
6:57 PM (2 hours ago)
A Jailhouse Interview with Terry Childs
from PC World Latest Technology News
Spending a half hour with San Francisco's most famous network administrator.
3:57 PM (5 hours ago)
Kaspersky Says Web Hack 'should Not Have Happened'
from PC World Latest Technology News
Kaspersky Lab says its Web site was hacked Saturday.
7:21 AM (13 hours ago)
Kaspersky, OpenDNS Collaborate to Slow Conficker Worm
from PC World Latest Technology News
OpenDNS has added a feature to its DNS services with help from Russian security company Kaspersky Lab to fight a widespread...
1:26 AM (5 hours ago)
New-age cyber-attack inflicts major damage with modest means
from The Register - Security
Ladyboydolls.com and the new DDoS
A sustained cyber-attack against a handful of niche pornography sites has demonstrated a novel way to inflict major damage on hardened targets using a modest amount of data, a security researcher has warned.…
10:03 PM (8 hours ago)
XSS bug crawls all over PayPal page
from The Register - Security
'Fugitif' strikes again
Online payments site PayPal has been bitten by yet another cross-site scripting (XSS) bug that could be exploited by black hats to phish user passwords or possibly steal authentication cookies.…
12:12 AM (6 hours ago)
Cracking down on Conficker: Kaspersky, OpenDNS join forces
from Ars Technica - Front page content by jhruska@arstechnica.com (Joel Hruska)
The Conficker botnet is proving to be a feisty bit of malware. It may never become a problem of Storm-sized proportions, but Conficker's authors seem determined to keep their system in play. Team White Hat, however, isn't giving up—OpenDNS and Kaspersky Lab announced on Monday, February 9 that they'd be working together to prevent Conficker from spreading once it's infected a network. There are two components to the new approach. First, Kaspersky Labs is capable of predicting what domains Conficker will attempt to contact, while OpenDNS' Botnet Protection feature prevents those domains from resolving internally. The result—at least in theory—is a cooped-up Conficker.
3:28 AM (3 hours ago)
Fight Back Against Cybersquatters
from PC World Latest Technology News
Don't Pay Ransom for Kidnapped Domain Names (and Remember Your Renewals)
9:57 PM (8 hours ago)
Virulent Worm Exploits Missing Patches
from PC World Latest Technology News
The Conficker worm shows why it's so important to keep PCs up-to-date.
9:57 PM (8 hours ago)
Public Greets Massive Data Breach With Collective Yawn
from PC World Latest Technology News
Crooks steal a huge trove of credit card data, but are we too burned out on such news to care?
Subscribe to:
Post Comments (Atom)
My Blog List
-
-
China, Iran are having a field day with React2Shell, Google warns - Who hasn't exploited this max-severity flaw? At least five more Chinese spy crews, Iran-linked goons, and financially motivated criminals are now attackin...5 hours ago
-
Microsoft Patch Tuesday, December 2025 Edition - Microsoft today pushed updates to fix at least 56 security flaws in its Windows operating systems and supported software. This final Patch Tuesday of 2025 ...6 days ago
-
We have achieved FreeBSD 15.0-REL with KDE Plasma - Houston, we have installed #FreeBSD 15.0-REL with KDE Plasma 6.4.5 on a Lenovo ThinkPad X1 Carbon Gen 6 laptop. I have come full circle. I used to dail...
2 weeks ago -
Systemic Ransomware Events in 2025 – How Jaguar Land Rover Showed What a Category 3 Supply Chain Breach Looks Like - Systemic ransomware events in 2025, how Jaguar Land Rover’s shutdown exposed Category 3 supply chain risk, with lessons from Toyota, Nissan and Ferrari.2 weeks ago
-
Today's NYT Mini Crossword Answers for Tuesday, Oct. 7 - Here are the answers for The New York Times Mini Crossword for Oct. 7.
2 months ago -
Today's NYT Mini Crossword Answers for Tuesday, Oct. 7 - Here are the answers for The New York Times Mini Crossword for Oct. 7.
2 months ago
-
Announcing SecTemplates.com release #6: Security Partner Program Pack v1 - I have built several security partner programs at companies such as Box Inc. and Coinbase, with over 8 years of experience leading them. I have consistentl...6 months ago
-
Anybody knows that this URL is about? Maybe Balena API request?, (Wed, Feb 7th) - Yesterday, I noticed a new URL in our honeypots: /v5/device/heartbeat. But I have no idea what this URL may be associated with. Based on some googleing, I ...1 year ago
-
Comic for March 12, 2023 - Dilbert readers - Please visit Dilbert.com to read this feature. Due to changes with our feeds, we are now making this RSS feed a link to Dilbert.com.2 years ago
-
87% of Container Images in Production Have Critical or High-Severity Vulnerabilities - At the inaugural CloudNativeSecurityCon, DevSecOps practitioners discussed how to shore up the software supply chain.2 years ago
-
Vulnerability Summary for the Week of November 29, 2021 - Original release date: December 6, 2021 High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info abb -- rtu50...4 years ago
-
AA21-336A: APT Actors Exploiting CVE-2021-44077 in Zoho ManageEngine ServiceDesk Plus - Original release date: December 2, 2021 Summary *This joint Cybersecurity Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (AT...4 years ago
-
Ransomware: Why one city chose to the pay the ransom after falling victim - Posted by InfoSec News on Aug 12 https://www.zdnet.com/article/ransomware-why-one-city-chose-to-the-pay-the-ransom-after-falling-victim/ By Danny Palmer Z...5 years ago
-
What the newly released Checkra1n jailbreak means for iDevice security - There are reasons to embrace it. There are reasons to be wary of it. Here's the breakdown.6 years ago
-
Privacy and Mobile Device Apps - Original release date: July 9, 2019 | Last revised: November 15, 2019 What are the risks associated with mobile device apps? Applications (apps) on your sm...6 years ago
-
44CON 2018 - 12th-14th September, London (UK) - Posted by Steve on Feb 28 44CON 2018 is the UK's best annual Security Conference and Training event. The conference spans 2.5 days with training on the 1...7 years ago
-
Cryptopp Crypto++ 5.6.4 octets Remote Code Execution Vulnerability - Crypto++ (aka cryptopp and libcrypto++) 5.6.4 contained a bug in its ASN.1 BER decoding routine. The library will allocate a memory block based on the leng...8 years ago
-
V2V Communications security considerations - The future of vehicles, road infrastructure and driving are changing. We are progressing with vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) ...8 years ago
-
vTech – ignorance is no defence (and neither are weasel words) - This morning, Troy Hunt published a blog post alerting to a recent change in the Terms & Conditions published by children’s toy manufacturer vTech. The cha...9 years ago
-
DOJ probing claims U.S. drug agency 'collaborated' with NSA on intelligence - The U.S. Justice Dept. said it was "looking into the issues" raised by an Reuters story, that one of its law enforcement agencies collaborated with the NSA...12 years ago
-
-
-
-
-
-
-
-
-
Posts
No comments:
Post a Comment