Alerts
9:04 PM (1 minute ago)
Adobe/Acrobat 0-day in the wild?, (Fri, Feb 20th)
from SANS Internet Storm Center, InfoCON: green
According to our friends over at Shadowserver, There is a new Acrobat 0-day in the wild. They ...(more)...
4:29 PM (4 hours ago)
MS09-002, XML/DOC and initial infection vector, (Thu, Feb 19th)
from SANS Internet Storm Center, InfoCON: green
The MS09-002 exploit that we posted a diary about two days ago (http://isc.sans ...(more)...
9:09 AM (11 hours ago)
Denial of Service against Time Warner (San Diego)?, (Thu, Feb 19th)
from SANS Internet Storm Center, InfoCON: green
We've had unconfirmed reports this morning of a Denial of Service against the DNS servers for Time W ...(more)...
Security News
6:54 PM (2 hours ago)
Practical Example of csSQLi Using (Google) Gears Via XSS
from CGISecurity - Website and Application Security News by Robert A.
"Yesterday, at the Blackhat DC security conference, I spoke about the dangers of persistent web browser storage. Part of the talk focused on how emerging web browser storage solutions such as Gears (formerly Google Gears) and the Database Storage functionality included in the emerging HTML 5 specification, could be attacked on...
1:36 PM (7 hours ago)
Bot Busts Newest Hotmail CAPTCHA
from CGISecurity - Website and Application Security News by Robert A.
"The botnet, or collection of compromised PCs, can decipher Live Hotmail's CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart) registration safeguard in about 20 seconds, said Websense Inc. security researcher Sumeet Prasad.CAPTCHA is the term for the distorted characters that many Web sites, such as e-mail services...
12:36 PM (8 hours ago)
Wikileaks Accidentially Leaks Its Donor List
from CGISecurity - Website and Application Security News by Robert A.
"What's Wikileaks, the net's foremost document leaking site, supposed to do when a whistle-blower submits a list of email addresses belonging to the site's confidential donors as a leaked document? That's exactly the conundrum Wikileaks faced this week after someone from the controversial whistle-blowing site sent an emergency fund-raising appeal on...
Feb 18, 2009 (yesterday)
MS09-002 exploit in the wild
from CGISecurity - Website and Application Security News by Robert A.
Sans is reporting the MS09-002 exploit is in the wild."Several AV vendors reported about MS09-002 exploits in the wild. We can confirm this – the exploit for the CVE-2009-0075 vulnerability (Uninitialized Memory Corruption) in Internet Explorer 7 is definitely in the wild and working as charm on an unpatched Windows XP...
Feb 17, 2009 (2 days ago)
Top-10 Vulnerability Discoverers of All Time (as well as 2008)
from CGISecurity - Website and Application Security News by Robert A.
"Who discovers the most security vulnerabilities? That’s one of the more frequent questions I’ve encountered over the past few years. Funnily enough there’s usually a high correlation between the timing of my being asked and the latest marketing blitzkrieg customers may have encountered (not from IBM of course). It seems that...
2:31 PM (6 hours ago)
US feds pull travel site offline after hacker break-in
from The Register - Security
GovTrip trips up
A travel reservations website used by US government agencies remains offline more than a week after it was infected with malware that tried to install malicious code on the PCs of those who visited the site.…
11:31 AM (9 hours ago)
Grifters punt 'get rich quick' scams at Facebook users
from The Register - Security
Social networking marks made an offer you can refuse
Grifters are using Facebook to lend credibility to an elaborate get rich quick scam designed to trick punters into handing over credit card details.…
8:30 AM (12 hours ago)
Laptop facial recognition defeated by Photoshop
from The Register - Security
Taking a long hard stare at biometric security
White hat security researchers have demoed how to bypass the facial recognition systems on several laptops.…
7:30 AM (13 hours ago)
Pirate Bay supporters ram Swedish IFPI website
from The Register - Security
'We're winning, stop hacking plz'
Pirate Bay co-founder Peter Sunde has pleaded with fans to stop attacking official entertainment industry websites after the Swedish wing of the The International Federation of the Phonographic Industry’s (IFPI) site was hacked yesterday.…
6:30 AM (14 hours ago)
Cybercrime losses tax UK small business
from The Register - Security
Exposed SMEs call for reporting security blanket
Cybercrime and fraud are costing Britain's small business £800 a year each, according to a survey by the UK's Federation of Small Businesses (FSB).…
10:31 AM (10 hours ago)
Romeo 419ers take Canadian women for $300k
from The Register - Security
Lonely hearts, empty wallets
Nigerian fraudsters have relieved a number of Edmonton women of a total of $300,000 in what the local Sun describes as "an online dating scam".…
1:30 AM (19 hours ago)
Hacker pokes new hole in secure sockets layer
from The Register - Security
Moxie Marlinspike's man-in-the-middle
Website encryption has sustained another body blow, this time by an independent hacker who demonstrated a tool that can steal sensitive information by tricking users into believing they're visiting protected sites when in fact they're not.…
Feb 18, 2009 (yesterday)
Google gears Gmail for PC hack attack
from The Register - Security
'Offline' web apps exposed
Over the past year, dozens of web-based services have adopted new features that allow them to be used even when an internet connection isn't available. The technologies making this possible may offer plenty of convenience, but they also make end users susceptible to powerful new attacks, a security researcher warns.…
Feb 18, 2009 (yesterday)
Using Group Policy to Negate Conflicker on Windows
from WindowSecurity.com by (Derek Melber)
Different methods you can use to help secure a desktop from being infected with the ConFlicker worm.
3:47 PM (5 hours ago)
Hacker claims SQL bug on Symantec site
from Network World on Security by Robert McMillan
A Romanian hacker who has spent the past few weeks exposing a common, but dangerous, Web programming error on security vendors Web sites says he's found a SQL injection flaw on Symantec's Web site. But Symantec says it's not a security issue.
3:47 PM (5 hours ago)
DHS names Callahan privacy chief
from Network World on Security by Ellen Messmer
The Department of Homeland Security Thursday named Mary Ellen Callahan as the department's Chief Privacy Officer.
3:47 PM (5 hours ago)
Cloud security fears are overblown, some say
from Network World on Security by James Niccolai
It may sound like heresy to say it, but it's possible to worry a little too much about security in cloud computing environments, speakers at IDC's Cloud Computing Forum said on Wednesday.
3:47 PM (5 hours ago)
Pirate Bay supporters hack Swedish IFPI Web site
from Network World on Security by Jeremy Kirk
Hackers defaced the International Federation of the Phonographic Industry's (IFPI) Swedish Web site on Wednesday as The Pirate Bay trial continued.
3:47 PM (5 hours ago)
Researchers detail Intel TXT hacks at Black Hat
from Network World on Security by Jaikumar Vijayan
Two security researchers fleshed out details Wednesday at the Black Hat conference in Washington of a method they disclosed earlier this year for circumventing Intel's new Trusted Execution Technology (TXT) security software.
3:47 PM (5 hours ago)
The Ultimate Browser Security Face-Off
from Network World on Security by Tom Kaneshige
The Web is teeming with venomous exploits. And an ever-increasing quantity of that malware sneaks onto hard drives via the browser.
3:47 PM (5 hours ago)
The case for flat-rate services
from Network World on Security by Steve Taylor and Jim Metzler
As we look at today's economic landscape, only one thing seems scarier than controlling expenses, and that is having unpredictable expenses. For that reason, we expect lots of services that have traditionally been usage based to be even more attractive if offered as a flat-rate service.
3:47 PM (5 hours ago)
Guidelines for securing IEEE 802.11i wireless networks
from Network World on Security by M. E. Kabay
A useful free document, one not requiring registration and having 162 pages, is "Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i," which is Special Publication 800-97 from the National Institute of Standards and Technology.
3:47 PM (5 hours ago)
Bangkok upgrades surveillance network at Chinatown
from Network World on Security by Carol Ko
The Bangkok government is now operating a 24-hour video surveillance network in the city's Chinatown for public safety and traffic management.
3:47 PM (5 hours ago)
NAC market continues to evolve
from Network World on Security by Tim Greene
The NAC market continues to evolve, including the necessary and sometimes painful process of consolidation.
7:01 AM (14 hours ago)
Satellite Feed Hacking - Your Data Isn’t Private!
from Darknet - The Darkside by Darknet
Hardware hacking is an interesting area and something not too many people get into as the soldering irons, capacitors and chipsets seem daunting. I did have a play around with cable boxes and satellite feeds in my earlier years and was surprised to find how insecure they were. Most traffic is transmitted unencrypted, the stuff that [...]Read the full post at darknet.org.uk
Feb 18, 2009 (yesterday)
Fast-Track 4.0 - Automated Penetration Testing Suite
from Darknet - The Darkside by Darknet
The latest big buzz is Fast-Track released recently at ShmooCon by Securestate, basically Fast-Track is an automated penetration suite for penetration testers. For those of you new to Fast-Track, Fast-Track is a python based open-source project aimed at helping Penetration Testers in an effort to identify, exploit, and further penetrate a network....Read the full post at darknet.org.uk
3:29 PM (5 hours ago)
Sourcefire VRT posts some interesting Conflickr Analysis, (Thu, Feb 19th)
from SANS Internet Storm Center, InfoCON: green
Just wanted to put out an article from a few friends of mine at the Vulnerability Research Team at S ...(more)...
4:10 PM (4 hours ago)
News: Advisor: U.S. needs policy to defend cyberspace
from SecurityFocus News
Advisor: U.S. needs policy to defend cyberspace
1:11 PM (7 hours ago)
Brief: Kaminsky calls for DNSSEC deployment
from SecurityFocus News
Kaminsky calls for DNSSEC deployment
Feb 18, 2009 (22 hours ago)
Brief: Man-in-the-middle attack sidesteps SSL
from SecurityFocus News
Man-in-the-middle attack sidesteps SSL
12:02 AM (21 hours ago)
Black hat, blank face: researchers crack biometric scanners
from Ars Technica - Front page content by nate@arstechnica.com (Joel Hruska)
Biometric systems have been touted as the next big thing in computer security for the past several years, despite the fact that some of them—fingerprint scanners, for example—have proven to be incredibly easy to bypass, requiring little more, in some cases, than some scotch tape and a bit of patience. Facial-recognition scanners have been a hot commodity on laptops of late, but researchers scheduled to present at the ongoing Black Hat DC conference this week have demonstrated that current implementations have flaws of their own.
9:27 PM (12 minutes ago)
Group Spots Giant Hacks by Combing Small Newspapers
from Wired Top Stories by Kim Zetter
A volunteer group of security researchers and ex-hackers track diverse sources for info on consumer data spills. Logging more than 394 million records lost or compromised in 1,700 incidents, they sometimes spot major breaches before the company at fault warns the public.
6:08 PM (3 hours ago)
IFPI Site Hacked to Protest Pirate Bay Trial
from Wired Top Stories by David Kravets
Hackers protesting the Pirate Bay trial in Stockholm break into the Swedish website of the International Federation of the Phonographic Industry's website to show their displeasure.
5:01 PM (4 hours ago)
Hacker Claims SQL Bug on Symantec Site
from PC World Latest Technology News
Symantec is the latest company to fall prey to a Romanian hacker who has been finding SQL injection bugs in security sites.
4:01 PM (5 hours ago)
Computer Thefts Prompt Los Alamos Security Review
from PC World Latest Technology News
The Los Alamos National Laboratories has launched a month-long project aimed at ensuring that offsite computer systems fully comply with the institution's information security policies.
4:01 PM (5 hours ago)
Fugitive Hacker Indicted for Running VoIP Scam
from PC World Latest Technology News
Just days after his apprehension in Mexico following two years on the run from law enforcement authorities, an alleged hacker...
4:01 PM (5 hours ago)
Researchers Detail Intel TXT Hacks at Black Hat
from PC World Latest Technology News
Two security researchers fleshed out details at the Black Hat conference in Washington this week of a method for circumventing Intel's Trusted Execution Technology security software.
4:01 PM (5 hours ago)
Hackers Break Into Government Travel Site
from PC World Latest Technology News
A travel reservations Web site used by several federal agencies was hacked last week, and shunted unsuspecting users to a malicious domain.
12:54 AM (21 hours ago)
Cloud Security Fears Are Overblown, Some Say
from PC World Latest Technology News
Concerns about the security of cloud computing services may be overstated, panelists at IDC's Cloud Computing Forum said.
Feb 18, 2009 (yesterday)
Hackers Steal Thousands of Wyndham Credit Card Numbers
from PC World Latest Technology News
Criminals stole tens of thousand of credit card numbers from Wyndham Hotels and Resorts after hacking into a computer.
9:50 PM (13 minutes ago)
Conficker Worm Gets an Evil Twin
from PC World Latest Technology News
Researchers have spotted a new variant of the Conficker worm, dubbed Conficker B++.
Other News
Intel Eyes Cloud Computing With New Hardware, Software
from PC World Latest Technology News
Intel earlier this week pitched hardware improvement that could boost performance of a cloud while cutting energy costs.
Subscribe to:
Post Comments (Atom)
My Blog List
-
-
Amazon's Echo Hub Makes It Easy for My Whole Family to Use the Smart Home - CNET - The Amazon Echo Hub's ease of use for controlling smart home devices creates less frustration for my family and saves my sanity.
5 hours ago -
Amazon's Echo Hub Makes It Easy for My Whole Family to Use the Smart Home - CNET - The Amazon Echo Hub's ease of use for controlling smart home devices creates less frustration for my family and saves my sanity.
5 hours ago
-
Critical infrastructure security will stay poor until everyone pulls together - Claroty CEO Yaniv Vardi tells us what's needed to defend vital networks *Interview* Take a glance at the cybersecurity headlines of late, and you'll see a...1 day ago
-
U.S. Charges Russian Man as Boss of LockBit Ransomware Group - The United States joined the United Kingdom and Australia today in sanctioning 31-year-old Russian national Dmitry Yuryevich Khoroshev as the alleged leade...5 days ago
-
Anybody knows that this URL is about? Maybe Balena API request?, (Wed, Feb 7th) - Yesterday, I noticed a new URL in our honeypots: /v5/device/heartbeat. But I have no idea what this URL may be associated with. Based on some googleing, I ...3 months ago
-
Best EDR Of The Market (BEOTM) – Endpoint Detection and Response Testing Tool - BestEDROfTheMarket is a naive user-mode EDR (Endpoint Detection and Response) tool designed to serve as a testing ground4 months ago
-
My Last Email with W. Richard Stevens - In the fall of 1998 I joined the AFCERT. I became acquainted with the amazing book *TCP/IP Illustrated, Volume 1: The Protocols* by W. Richard Stevens...
10 months ago -
Comic for March 12, 2023 - Dilbert readers - Please visit Dilbert.com to read this feature. Due to changes with our feeds, we are now making this RSS feed a link to Dilbert.com.1 year ago
-
87% of Container Images in Production Have Critical or High-Severity Vulnerabilities - At the inaugural CloudNativeSecurityCon, DevSecOps practitioners discussed how to shore up the software supply chain.1 year ago
-
Vulnerability Summary for the Week of November 29, 2021 - Original release date: December 6, 2021 High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info abb -- rtu50...2 years ago
-
AA21-336A: APT Actors Exploiting CVE-2021-44077 in Zoho ManageEngine ServiceDesk Plus - Original release date: December 2, 2021 Summary *This joint Cybersecurity Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (AT...2 years ago
-
20 years of CGISecurity: What appsec looked like in the year 2000 - Just realized that 20 years have passed since I started this site to learn more about web security threats. What 'appsec' looked like in 2000 OWASP didn't ...3 years ago
-
Ransomware: Why one city chose to the pay the ransom after falling victim - Posted by InfoSec News on Aug 12 https://www.zdnet.com/article/ransomware-why-one-city-chose-to-the-pay-the-ransom-after-falling-victim/ By Danny Palmer Z...3 years ago
-
What the newly released Checkra1n jailbreak means for iDevice security - There are reasons to embrace it. There are reasons to be wary of it. Here's the breakdown.4 years ago
-
Privacy and Mobile Device Apps - Original release date: July 9, 2019 | Last revised: November 15, 2019 What are the risks associated with mobile device apps? Applications (apps) on your sm...4 years ago
-
44CON 2018 - 12th-14th September, London (UK) - Posted by Steve on Feb 28 44CON 2018 is the UK's best annual Security Conference and Training event. The conference spans 2.5 days with training on the 1...6 years ago
-
Cryptopp Crypto++ 5.6.4 octets Remote Code Execution Vulnerability - Crypto++ (aka cryptopp and libcrypto++) 5.6.4 contained a bug in its ASN.1 BER decoding routine. The library will allocate a memory block based on the leng...6 years ago
-
V2V Communications security considerations - The future of vehicles, road infrastructure and driving are changing. We are progressing with vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) ...7 years ago
-
vTech – ignorance is no defence (and neither are weasel words) - This morning, Troy Hunt published a blog post alerting to a recent change in the Terms & Conditions published by children’s toy manufacturer vTech. The cha...8 years ago
-
DOJ probing claims U.S. drug agency 'collaborated' with NSA on intelligence - The U.S. Justice Dept. said it was "looking into the issues" raised by an Reuters story, that one of its law enforcement agencies collaborated with the NSA...10 years ago
-
-
-
-
-
-
-
-
-
Posts
No comments:
Post a Comment