Alerts
8:52 PM (1 hour ago)
CVE 2003-0786, CVE 2008-0891 and CVE 2008-1672 OpenSSL Vulnerability and ESX (1008521)
from VMware RSS Feed by vmtn@vmware.com (VMTN)
CVE 2003-0786, CVE 2008-0891 and CVE 2008-1672 OpenSSL Vulnerability and ESX (1008521)
Security scans might show that an ESX host contains a version of OpenSSL that is vulnerable to the issues described by CVE 2003-0786, CVE 2008-0891 and CVE...
4:11 PM (5 hours ago)
TA09-041A: Microsoft Updates for Multiple Vulnerabilities
from US-CERT Technical Cyber Security Alerts
Microsoft Updates for Multiple Vulnerabilities
3:55 PM (6 hours ago)
MS09-005 - Important: Vulnerabilities in Microsoft Office Visio Could Allow Remote Code Execution (957634)
from Microsoft Security Bulletins
Bulletin Severity Rating:Important - This security update resolves three privately reported vulnerabilities in Microsoft Office Visio that could allow remote code execution if a user opens a specially crafted Visio file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
3:55 PM (6 hours ago)
MS09-004 - Important: Vulnerability in Microsoft SQL Server Could Allow Remote Code Execution (959420)
from Microsoft Security Bulletins
Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in Microsoft SQL Server. The vulnerability could allow remote code execution if untrusted users access an affected system or if a SQL injection attack occurs to an affected system. Systems with SQL Server 7.0 Service Pack 4, SQL Server 2005 Service Pack 3, and SQL Server 2008 are not affected by this issue.
3:55 PM (6 hours ago)
MS09-003 - Critical: Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (959239)
from Microsoft Security Bulletins
Bulletin Severity Rating:Critical - This security update resolves two privately reported vulnerabilities in Microsoft Exchange Server. The first vulnerability could allow remote code execution if a specially crafted TNEF message is sent to a Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could take complete control of the affected system with Exchange Server service account privileges. The second vulnerability could allow denial of service if a specially crafted MAPI command is sent to a Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could cause the Microsoft Exchange System Attendant service and other services that use the EMSMDB32 provider to stop responding.
3:55 PM (6 hours ago)
MS09-002 - Critical: Cumulative Security Update for Internet Explorer (961260)
from Microsoft Security Bulletins
Bulletin Severity Rating:Critical - This security update resolves two privately reported vulnerabilities. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
3:41 PM (6 hours ago)
More tricks from Conficker and VM detection, (Tue, Feb 10th)
from SANS Internet Storm Center, InfoCON: green
Following my yesterdays diary (http://isc.sans ...(more)...
2:29 PM (7 hours ago)
February Black Tuesday Overview, (Tue, Feb 10th)
from SANS Internet Storm Center, InfoCON: green
Overview of the February 2009 Microsoft patches and their status. # ...(more)...
1:41 PM (8 hours ago)
Java up to date ?, (Tue, Feb 10th)
from SANS Internet Storm Center, InfoCON: green
Roseman wrote in with a link to http://java.com/en/download/installed ...(more)...
Security News
3:42 PM (6 hours ago)
Microsoft Security Bulletin Summary for February 2009
from Microsoft Security Content: Comprehensive Edition
Revision Note: Bulletin Summary published.Summary: This bulletin summary lists security bulletins released for February 2009.
8:44 PM (1 hour ago)
Microsoft Security Bulletin MS09-002
from CGISecurity - Website and Application Security News by Robert A.
"Microsoft published four patches on Tuesday to close serious vulnerabilities in its Internet Explorer browser, Exchange e-mail server and Microsoft SQL server. The fixes, which were released on Microsoft's regular monthly schedule, close two Critical vulnerabilities in Internet Explorer 7 running on Windows XP that could allow a malicious Web site...
1:35 PM (8 hours ago)
Trojan Bundles Legit Social-Network Toolbar with Backdoor
from McAfee Avert Labs by Dennis Elser
Here’s another twist in regionally targeted attacks: A new Trojan (pretending to be a toolbar installer) is spreading that bundles the legitimate toolbar for the German social network “StudiVZ” with a variant of Backdoor-CEP. Among other malicious activities, the backdoor is capable of recording a user’s screen, taking screenshots, and logging keyboard strokes. At first glance, the deliberately modified installer looks perfectly harmless, especially because it refuses to do anything malicious if it detects certain security products or if it thinks it’s being observed through a sandbox or a debugger.
8:33 PM (1 hour ago)
Microsoft takes scissors to Srizbi
from The Register - Security
Botnet's last stand
Microsoft security teams have struck what they hope is a fatal blow at Srizbi, the once-powerful spam botnet that has been fighting for its life since last year's demise of two US-based network providers that offered vital lifelines.…
5:33 PM (4 hours ago)
Fraudsters cream opposition in cybercrime wars
from The Register - Security
Unsafe Internet Day
The celebration of Safer Internet Day on Tuesday was marked by warnings that cybercriminals are staying ahead of defenders in their attempts to defraud or otherwise abuse internet users.…
3:33 PM (6 hours ago)
BitDefender distances self from gaping BitDefender.pt breach
from The Register - Security
Can you trust the gatekeeper?
Comment This piece was updated to reflect information released by BitDefendor after publication.…
5:11 PM (4 hours ago)
Brief: Microsoft plugs eight security holes
from SecurityFocus News
Microsoft plugs eight security holes
5:11 PM (4 hours ago)
Brief: Reports: Obama to tap intel official for cyber post
from SecurityFocus News
Reports: Obama to tap intel official for cyber post
5:11 PM (4 hours ago)
Brief: Kaspersky: No personal info accessed by breach
from SecurityFocus News
Kaspersky: No personal info accessed by breach
5:11 PM (4 hours ago)
News: Kaspersky exposes sensitive database, says hacker
from SecurityFocus News
Kaspersky exposes sensitive database, says hacker
4:02 AM (2 hours ago)
Webtunnel 0.0.2 - HTTP Encapsulation and Tunnel Tool
from Darknet - The Darkside by Darknet
Webtunnel is a network utility that encapsulates arbitrary data in HTTP and transmits it through a web server. In that regard, it is similar to httptunnel, however, it has several key important differences: its server component runs in the context of a web server as a CGI application (with optional FastCGI support) so it does [...]
Feb 10, 2009 (20 hours ago)
Open letter to Obama: Uncle Sam should go open source
from Ars Technica - Front page content by segphault@arstechnica.com (Ryan Paul)
A group of software vendors has published an open letter to president Obama encouraging the new administration to adopt open source software in the government's IT infrastructure. The letter says that open source software can reduce costs when implementing government technology initiatives in areas like healthcare and security.
Open source software is already broadly used by many different branches of the government. The Department of Defense, which has been exploring the benefits of open source software for years, has used Linux and open source technology in a wide range of key projects, including the Army Future Combat Systems program and the Land Warrior program. The DoD also recently launched a Web site on which it hosts its open source projects.
Feb 10, 2009 (15 hours ago)
Obama taps Bush official to head cybersecurity review
from Ars Technica - Front page content by julian.sanchez@arstechnica.com (Julian Sanchez)
The White House announced Monday that Barack Obama has instructed his national security advisors to begin a comprehensive 60-day review of federal cybersecurity initiatives as a prelude to developing an integrated strategy that will coordinate security efforts across government agencies, and between the public and private sectors. The effort will be led by Melissa Hathaway, previously a senior advisor to the Bush administration's Director of National Intelligence, Michael McConnell. Upon completion of the review, Hathaway is reportedly in line for the new post of cybersecurity "czar" in the Obama White House.
1:44 AM (5 hours ago)
Microsoft Update Takes on Spam-spewing Botnet
from PC World Latest Technology News
Microsoft has added detection for the Srizbi botnet to its Malicious Software Removal Tool.
Feb 10, 2009 (13 hours ago)
Must-Have Security Fixes for IE7, Microsoft Servers
from PC World Latest Technology News
Today's Patch Tuesday from Microsoft includes important fixes for IE7 and Visio, and businesses should be sure to apply patches for Exchange and SQL servers.
Feb 10, 2009 (14 hours ago)
Microsoft Releases Monthly Security Updates
from PC World Latest Technology News
Microsoft has released four security updates including critical fixes for Internet Explorer and Exchange.
Feb 10, 2009 (14 hours ago)
Five Tips for Managing Security in a Recession
from PC World Latest Technology News
In the current economic downturn, many companies are cutting costs and security expenses frequently get cut.
Feb 10, 2009 (17 hours ago)
Antivirus Firm Confirms Hackers Breached Site
from PC World Latest Technology News
Kaspersky Lab, a Moscow-based security company, admitted that a database containing customer information had been breached.
Feb 10, 2009 (17 hours ago)
Social Networking's Security Pitfalls
from PC World Latest Technology News
Spending a little time on Facebook and other social networking sites is a ritual for many of us every morning. And afternoon. And evening.
Feb 10, 2009 (19 hours ago)
Online Safety Tips for Facebook Fogeys
from PC Magazine Tips and Solutions
Grownups, take note! Here is what you need to know before "friending" your first Facebook connection.
Subscribe to:
Post Comments (Atom)
My Blog List
-
-
Get Prepared for Your First New Home or Apartment With These Tips - CNET - This to-do list may seem a little overwhelming, but it has valuable tips to help you when you're moving into your first new home or apartment.
3 hours ago -
Get Prepared for Your First New Home or Apartment With These Tips - CNET - This to-do list may seem a little overwhelming, but it has valuable tips to help you when you're moving into your first new home or apartment.
3 hours ago
-
AI red-teaming tools helped X-Force break into a major tech manufacturer 'in 8 hours' - Hint: It's the 'the largest' maker of a key computer component *RSAC* An unnamed tech business hired IBM's X-Force penetration-testing team to break in an...3 hours ago
-
How Did Authorities Identify the Alleged Lockbit Boss? - Last week, the United States joined the U.K. and Australia in sanctioning and charging a Russian man named Dmitry Yuryevich Khoroshev as the leader of the ...6 hours ago
-
Anybody knows that this URL is about? Maybe Balena API request?, (Wed, Feb 7th) - Yesterday, I noticed a new URL in our honeypots: /v5/device/heartbeat. But I have no idea what this URL may be associated with. Based on some googleing, I ...3 months ago
-
Best EDR Of The Market (BEOTM) – Endpoint Detection and Response Testing Tool - BestEDROfTheMarket is a naive user-mode EDR (Endpoint Detection and Response) tool designed to serve as a testing ground4 months ago
-
My Last Email with W. Richard Stevens - In the fall of 1998 I joined the AFCERT. I became acquainted with the amazing book *TCP/IP Illustrated, Volume 1: The Protocols* by W. Richard Stevens...
10 months ago -
Comic for March 12, 2023 - Dilbert readers - Please visit Dilbert.com to read this feature. Due to changes with our feeds, we are now making this RSS feed a link to Dilbert.com.1 year ago
-
87% of Container Images in Production Have Critical or High-Severity Vulnerabilities - At the inaugural CloudNativeSecurityCon, DevSecOps practitioners discussed how to shore up the software supply chain.1 year ago
-
Vulnerability Summary for the Week of November 29, 2021 - Original release date: December 6, 2021 High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info abb -- rtu50...2 years ago
-
AA21-336A: APT Actors Exploiting CVE-2021-44077 in Zoho ManageEngine ServiceDesk Plus - Original release date: December 2, 2021 Summary *This joint Cybersecurity Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (AT...2 years ago
-
20 years of CGISecurity: What appsec looked like in the year 2000 - Just realized that 20 years have passed since I started this site to learn more about web security threats. What 'appsec' looked like in 2000 OWASP didn't ...3 years ago
-
Ransomware: Why one city chose to the pay the ransom after falling victim - Posted by InfoSec News on Aug 12 https://www.zdnet.com/article/ransomware-why-one-city-chose-to-the-pay-the-ransom-after-falling-victim/ By Danny Palmer Z...3 years ago
-
What the newly released Checkra1n jailbreak means for iDevice security - There are reasons to embrace it. There are reasons to be wary of it. Here's the breakdown.4 years ago
-
Privacy and Mobile Device Apps - Original release date: July 9, 2019 | Last revised: November 15, 2019 What are the risks associated with mobile device apps? Applications (apps) on your sm...4 years ago
-
44CON 2018 - 12th-14th September, London (UK) - Posted by Steve on Feb 28 44CON 2018 is the UK's best annual Security Conference and Training event. The conference spans 2.5 days with training on the 1...6 years ago
-
Cryptopp Crypto++ 5.6.4 octets Remote Code Execution Vulnerability - Crypto++ (aka cryptopp and libcrypto++) 5.6.4 contained a bug in its ASN.1 BER decoding routine. The library will allocate a memory block based on the leng...6 years ago
-
V2V Communications security considerations - The future of vehicles, road infrastructure and driving are changing. We are progressing with vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) ...7 years ago
-
vTech – ignorance is no defence (and neither are weasel words) - This morning, Troy Hunt published a blog post alerting to a recent change in the Terms & Conditions published by children’s toy manufacturer vTech. The cha...8 years ago
-
DOJ probing claims U.S. drug agency 'collaborated' with NSA on intelligence - The U.S. Justice Dept. said it was "looking into the issues" raised by an Reuters story, that one of its law enforcement agencies collaborated with the NSA...10 years ago
-
-
-
-
-
-
-
-
-
Posts
No comments:
Post a Comment