Alerts
Feb 25, 2009 (18 hours ago)
Cisco Unified MeetingPlace Web Conferencing Authentication Bypass Vulnerability
from Cisco Security Advisories
Cisco Unified MeetingPlace Web Conferencing servers may contain an authentication bypass vulnerability that could allow an unauthenticated user to gain administrative access to the MeetingPlace application. Cisco has released free software updates that address this vulnerability.
Feb 25, 2009 (18 hours ago)
Cisco ACE Application Control Engine Device Manager and Application Networking Manager Vulnerabilities
from Cisco Security Advisories
Multiple vulnerabilities exist in the Cisco Application Networking Manager (ANM) and Cisco Application Control Engine (ACE) Device Manager applications. These vulnerabilities are independent of each other. Successful exploitation of these vulnerabilities may result in unauthorized system or host operating system access.
Feb 25, 2009 (18 hours ago)
Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine
from Cisco Security Advisories
The Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine Cisco ACE Module and Cisco ACE 4710 Application Control Engine contain multiple vulnerabilities that, if exploited, can result in any of the following impacts:
Security News
6:46 PM (11 hours ago)
Microsoft Security Advisory (968272): Vulnerability in Microsoft Office Excel Could Allow Remote Code Execution
from Microsoft Security Content: Comprehensive Edition
Revision Note: February 25, 2009: Added Open XML File Format Converter for Mac to the affected software listed in the Overview section. Also, corrected the mitigating factors for the Web-based attack scenario.Summary: Microsoft is investigating new public reports of a vulnerability in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file. At this time, we are aware only of limited and targeted attacks that attempt to use this vulnerability.
6:46 PM (11 hours ago)
Microsoft Security Advisory (967940): Update for Windows Autorun
from Microsoft Security Content: Comprehensive Edition
Revision Note: Advisory publishedSummary: Microsoft is announcing the availability of an update that corrects a functionality feature that can help customers in keeping their systems protected. The update corrects an issue that prevents the NoDriveTypeAutoRun registry key from functioning as expected.
Feb 25, 2009 (12 hours ago)
Fuzzing for Fun and Profit
from CGISecurity - Website and Application Security News by Robert A.
"Many different resources define fuzzing many different ways. I believe this definition is more suiting than most: "Fuzzing is targeting input and delivering data that is handled by a target with the intent of identifying bugs."Fuzzing can occur theoretically where ever input is possible.There are two kinds of fuzzing: "dumb" and...
Feb 25, 2009 (13 hours ago)
Apple goes public with security in Safari 4
from CGISecurity - Website and Application Security News by Robert A.
"Apple announced on Tuesday the public availability of its next browser, Safari 4, seemingly adding a host of new security features to the program along with speedier Javascript processing and additional eye candy, such as cover flow. The security features are not new, however. The company quietly added anti-malware and phishing...
6:47 PM (11 hours ago)
Google Trends Abused to Serve Malware
from McAfee Avert Labs by Craig Schmugar
The other day a worm, often referred to as “Error Check System” was spreading on Facebook. In fact if you searched for information on this threat, your search results were poisoned to lead unsuspecting victims to a site that attempts to install a rogue anti-spyware Trojan. Some folks blogged that this search connection was “too much of a coincidence“, and that the Facebook part of the threat was a “red herring“. I do not believe this is the case, and here’s why.
9:34 PM (8 hours ago)
Hacking contest offers $10,000 for iPhone exploit
Pwn2Own your smartphone
An annual hacker competition planned for next month has setting its sights on Apple's iPhone and four other smart phones in a contest that will pay cash prizes of $10,000 to anyone who can break in to the mobile devices.…
Feb 25, 2009 (12 hours ago)
Microsoft aims 'non-security' update at gaping security hole
Disabling Autorun once and for all
Microsoft is delivering a Windows software update designed to quash once and for all the difficulty of disabling Autorun, a feature that allows the spread of malware through CDs, USB, and other removable media.…
Feb 25, 2009 (17 hours ago)
Fraud linked to US payment processor breach
Malware on servers to blame (again)
US credit unions are reporting a security breach affecting credit and debit card numbers involving a payment processor firm. Neither the name of the company at the centre of the snafu nor how many records might be involved has been disclosed.…
Feb 25, 2009 (21 hours ago)
Gmail phishing attack hits on heels of outage
Oh the humanity
Gmail users, still swooning from the extended outage on Tuesday, were hit with a widespread phishing attack hours after the blackout.…
Feb 25, 2009 (23 hours ago)
What are the security threats?
Sophisticated Malware or just People?
"Security", as the first article in this series points out, can always be found near the top of the list of concerns of every IT manager and IT director. Unfortunately the same subject can also manage to not quite make it onto the more important list of things to do something about now.…
Feb 25, 2009 (20 hours ago)
Controlling Service Security Using Windows Server 2008 (Part 2)
from WindowSecurity.com by (Derek Melber)
Expanding on the previous article, this time focusing on security settings as well as real time updating of the services and their accounts.
Feb 25, 2009 (19 hours ago)
Using Group Policy to Negate Conflicker on Windows
from WindowSecurity.com by (Derek Melber)
Different methods you can use to help secure a desktop from being infected with the ConFlicker worm.
4:53 AM (1 hour ago)
Bluetooth is not a dental condition
from Network World on Security by M. E. Kabay
Computer scientists Karen Scarfone of the Computer Security Division of the Information Technology Laboratory at the NIST has collaborated with John Padgette, an associate at Booz Allen Hamilton to write a new Special Publication entitled "Guide to Bluetooth Security," which summarizes the security issues and provides recommendations for protecting sensitive information carried via these wireless systems.
4:53 AM (1 hour ago)
ConSentry's new correlation features help spot trouble
from Network World on Security by Tim Greene
Recently, ConSentry added more analysis tools to management software for its intelligent switches that make them more of a general troubleshooting tool than just NAC devices.
4:53 AM (1 hour ago)
FCC threatens fines on data protection rules
from Network World on Security by Nancy Gohring
The U.S. Federal Communications Commission may fine 600 operators for failing to properly file annual reports proving that they protect customer data.
4:53 AM (1 hour ago)
SEC, FTC investigating Heartland after data theft
from Network World on Security by Robert McMillan
Federal agencies, including the U.S. Federal Trade Commission and the U.S. Securities and Exchange Commission, have begun investigating Heartland Payment Systems following a massive data breach at the payment processing company.
Feb 25, 2009 (17 hours ago)
Sneaky New Virus Spreads via Ads
from Network World on Security by Brennon Slattery
Hackers infiltrated popular tech business site eWeek.com yesterday using Google's DoubleClick banner ads as a vehicle. Websense caught the malicious coding and published its results, which spurred eWeek to scour its code and remove all phony advertisements.
4:53 AM (1 hour ago)
Gmail's one-two punch: Phishers attack after outage
from Network World on Security by Sharon Gaudin
Gmail users were hit with a double whammy Tuesday.
4:53 AM (1 hour ago)
WiMax system warns drivers of dense fog on dangerous roads
from Network World on Security by Matt Hamblen
A 12-mile stretch of highway in California's Central Valley that has been the scene of deadly car crashes due to thick fog now has a wireless warning system to alert drivers.
Feb 25, 2009 (17 hours ago)
Adobe patches Flash vulnerabilities for three platforms
from Network World on Security by Jeremy Kirk
Adobe Systems has updated its Flash multimedia software to eliminate five flaws affecting Windows, OS X and Linux systems.
Feb 25, 2009 (17 hours ago)
Fight Malware on the Smartphone
from Network World on Security by Robert Vamosi
As more and more people bring personal technology into the workplace-most often smartphones--malicious code writers are beginning to take notice and target these weak points of entry. In its 2009 Cyber Threat Report, the Georgia Tech Information Security Center cited the possibility of botnets moving from the desktop to the smartphone within the year. A few enterprise security vendors are not waiting.
Feb 25, 2009 (17 hours ago)
Survey: Economy Forces Many to Slash, Freeze Security Staff
from Network World on Security by Joan Goodchild
Current economic conditions are having a negative impact on the majority of security budgets, according to a survey conducted by CSO. Many respondents indicated hiring freezes or staff reductions were necessary due to the financial crisis.
Feb 25, 2009 (17 hours ago)
PCI council ranks security risks, milestones
from Network World on Security by Tim Greene
Businesses shouldn't let financial pressures put PCI-security compliance on the back burner, and the PCI Security Standards Council has devised has devised a 12-step program to help merchants get there.
Feb 25, 2009 (17 hours ago)
Microsoft renews Vista anti-crack campaign
from Network World on Security by Gregg Keizer
Starting this week, Microsoft Corp. will feed Windows Vista Ultimate users an update that sniffs out pirated copies, a company manager said Tuesday.
4:01 AM (2 hours ago)
SSLstrip - HTTPS Stripping Attack Tool
from Darknet - The Darkside by Darknet
This tool provides a demonstration of the HTTPS stripping attacks that was presented at Black Hat DC 2009. It will transparently hijack HTTP traffic on a network, watch for HTTPS links and redirects, then map those links into either look-alike HTTP links or homograph-similar HTTPS links. It also supports modes for supplying a favicon which [...]
Read the full post at darknet.org.uk
Feb 25, 2009 (23 hours ago)
Hackers Targeting Xbox Live Players with DoS Attacks
from Darknet - The Darkside by Darknet
Well the day has come when money-minded botnet owners have turned their services towards online gaming. For a small fee (USD20) you can get someone to set you up with the software to ‘boot’ people from the Xbox Live network. It’s always been a problem in gaming, if something can get hold of your IP address [...]
Read the full post at darknet.org.uk
Feb 25, 2009 (16 hours ago)
AutoRun disabling patch released, (Wed, Feb 25th)
from SANS Internet Storm Center, InfoCON: green
Microsoft released a patch to correct the disable autorun registry key enforcement. ht ...(more)...
Feb 25, 2009 (21 hours ago)
Targeted link diversion attempts, (Wed, Feb 25th)
from SANS Internet Storm Center, InfoCON: green
It's always hard to convince people of how easy well targeted attacks penetrate trough our defenses. ...(more)...
Feb 25, 2009 (14 hours ago)
Brief: Apple goes public with security in Safari 4
from SecurityFocus News
Apple goes public with security in Safari 4
Another credit card processor breached, fraud extent unknown
from Ars Technica - Front page content by jhruska@arstechnica.com (Joel Hruska)
Just last month, we covered how the payment processor Heartland Payment Systems had inadvertently exposed up to 100 million credit cards in the largest known data breach to date. In that case, the thieves were able to obtain customers' magnetic strip information; the thefts themselves were likely responsible for a surge in credit card fraud we saw last year. The Heartland problem should have been a wakeup call to all credit card payment processors, but an as-yet-unidentified company must have been asleep at the wheel. There's a growing body of evidence indicating that a second data breach has already occurred.
Feb 25, 2009 (15 hours ago)
Spammers using Yahoo to bait phishing hooks
from Ars Technica - Front page content by jhruska@arstechnica.com (Joel Hruska)
If there's an economic, social, or political event happening in the world, you can bet spammers will leap upon it as an attack vector. It therefore comes as no surprise that January's grim harvest of corporate Q4 results led to a surge in recession-themed e-mails in February. The overall volume of spam sent in February actually decreased slightly (1.3 percent) compared to January, but topics such as "Affordable brand name watches," "Get 15 percent off these," and "Cheaper than you can imagine" dominated subject fields.
Feb 25, 2009 (19 hours ago)
FCC fines telcos for blowing off data protection reports
from Ars Technica - Front page content by ml@lasarletter.net (Matthew Lasar)
It turns out that the Federal Communications Commission actually meant it when the agency warned that phone companies must regularly inform the Commission how they keep the calling records of consumers secure. On Tuesday the FCC proposed fining over 600 of them $20,000 apiece for not filing an annual report on their efforts to protect Customer Proprietary Network Information. CPNI includes the numbers subscribers call, when they call them,and the particular services they use, such as voice mail or call forwarding.
12:34 AM (5 hours ago)
How Perverse Incentives Drive Bad Security Decisions
from Wired Top Stories by Bruce Schneier
An employee of Whole Foods in Ann Arbor, Michigan, was fired in 2007 for apprehending a shoplifter. More specifically, he was fired for touching a customer, even though that customer had a backpack filled with stolen groceries and was running away with them.
Feb 25, 2009 (16 hours ago)
Microsoft Office Vulnerability Affects Excel for Mac
from PC World Latest Technology News
Microsoft is investigating a new vulnerability in Excel that could allow remote code execution if a user opens an infected...
Other News
Feb 25, 2009 (16 hours ago)
Desktops Will Move to the Cloud, VMware Exec Says
from PC World Latest Technology News
The desktop is one the areas ripe for moving into the cloud and the driver will be lower operational costs, says a VMware...
No comments:
Post a Comment