Wednesday, March 4, 2009

Around The Horn vol.1,55

Alerts

12:08 PM (7 hours ago)

Cisco 7600 Series Router Session Border Controller Denial of Service Vulnerability

from Cisco Security Advisories

A denial of service (DoS) vulnerability exists in the Cisco Session Border Controller (SBC) for the Cisco 7600 series routers. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.

12:08 PM (7 hours ago)

Cisco Unified MeetingPlace Web Conferencing Authentication Bypass Vulnerability

from Cisco Security Advisories

Cisco Unified MeetingPlace Web Conferencing servers may contain an authentication bypass vulnerability that could allow an unauthenticated user to gain administrative access to the MeetingPlace application. Cisco has released free software updates that address this vulnerability.

12:08 PM (7 hours ago)

Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine

from Cisco Security Advisories

The Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine Cisco ACE Module and Cisco ACE 4710 Application Control Engine contain multiple vulnerabilities that, if exploited, can result in any of the following impacts:

12:08 PM (7 hours ago)

Cisco ACE Application Control Engine Device Manager and Application Networking Manager Vulnerabilities

from Cisco Security Advisories

Multiple vulnerabilities exist in the Cisco Application Networking Manager (ANM) and Cisco Application Control Engine (ACE) Device Manager applications. These vulnerabilities are independent of each other. Successful exploitation of these vulnerabilities may result in unauthorized system or host operating system access.

Security News

Mar 3, 2009 (20 hours ago)

Data Security Best Practices - SSL keys for communicating with Virtual Center and other applications (1008166)

from VMware RSS Feed by vmtn@vmware.com (VMTN)

Data Security Best Practices - SSL keys for communicating with Virtual Center and other applications (1008166)

SSL keys are used in the communication between ESX Server, VMware Server, and VMware ACE on one side and management applications like...

5:08 PM (2 hours ago)

FRHack threatens to sue person using screenshots to criticize them

from CGISecurity - Website and Application Security News by Robert A.

I found the following post fairly amusing and had to link it here. "A few days ago I complained about the incredibly awkward IT Security Girl of the Year award that will be dished out later this year at the French IT security conference FRHACK. Apparently the FRHACK organizers did not...

1:09 PM (6 hours ago)

The return of L0phtCrack

from CGISecurity - Website and Application Security News by Robert A.

"More than two years after Symantec pulled the plug on L0phtCrack, the venerable password cracking tool is being prepped for a return to the spotlight. The original creators of L0phtCrack has reacquired the tool with plans to release a new version at next week’s SOURCE Boston conference. A teaser post on...

12:42 PM (6 hours ago)

Renamed Notepad.exe Plagues Removable Drives

from McAfee Avert Labs by Vinoo Thomas

During the last couple of years we have seen malware authors increasingly incorporate the autorun.inf infection vector into malware families–with stunning success. In addition to traditional autorun worms that use this feature, pure-play backdoors, bots, password stealers, and even parasitic viruses that previously required a user to click on an executable file to infect the system have incorporated this technique. While the autorun functionality in operating systems does provide some convenience (it saves a couple of clicks), it has single-handedly revived the 1980s model of hand-carried malware propagation.

3:47 PM (3 hours ago)

Brit pair convicted for high-tech bank heist gone bad

from The Register - Security

Botched £229m USB stick plot

Two men have been convicted for trying to steal £229m from the London branch of a Japanese bank in an elaborate, high-tech scheme that would have been Britain's biggest bank heist.…

1:46 PM (5 hours ago)

Spotify breach creates password hack risk

from The Register - Security

Radio ga-ga

Popular online music service Spotify has warned of a security breach that may have exposed user passwords and other sensitive data.…

12:46 PM (6 hours ago)

German cops bust cybercrime forum

from The Register - Security

Trojan scammer trouncing

German police have arrested several members of a hacking forum linked to the distribution of Trojan horse software that infected 80,000 computers.…

10:46 AM (8 hours ago)

Opera lances 'extremely severe' jpg bug

from The Register - Security

Norwegian browser update guards against pillaging

Opera has published an update to its flagship browser software that addresses a raft of security bugs.…

8:46 AM (10 hours ago)

MPs told PGP 'incompatible' with Parliament network

from The Register - Security

Cryptographic conundrum

MPs have been told that although they are free to install PGP on their parliamentary machines the technology is not compatible with Parliament’s remote access software, making its use impractical.…

7:01 AM (12 hours ago)

Social Networking: Latest, Greatest Business Tool or Security Nightmare?

from WindowSecurity.com by deb@shinder.net (Deb Shinder)

The good, the bad and the ugly of using popular social networking tools in the business environment.

7:01 AM (12 hours ago)

Controlling Service Security Using Windows Server 2008 (Part 2)

from WindowSecurity.com by (Derek Melber)

Expanding on the previous article, this time focusing on security settings as well as real time updating of the services and their accounts.

5:07 AM (14 hours ago)

The fantasy and reality of government security

from Network World on Security by Andreas M. Antonopoulos

In the movies the government has always got the best toys, the cutting edge technology and the tightest security standards. Those who have worked on security projects within the government know that in real life government security standards and implementations can vary all across the range from quite serious to laughable.

12:41 PM (6 hours ago)

Secure Electronic Medical Records: Fact or Fiction?

from Network World on Security by Bill Brenner

Healthcare organizations still nursing the scars of HIPAA compliance and data breaches have gotten behind a new security framework to address potential headaches brought on by the American Recovery and Reinvestment Act of 2009.

12:41 PM (6 hours ago)

Catbird tightens security of virtual machines

from Network World on Security by Tim Greene

Catbird is upgrading its virtual security software platform to better track virtual machines as they replicate themselves and to make sure the proper security policies follow them wherever they go.

Security Pros Warm to Web 2.0 Access

from Network World on Security by Joan Goodchild

Facebook, LinkedIn and Twitter, once viewed as high-risk, productivity-sucking applications, seem to have wiggled their way into the hearts of security teams nationwide. In fact, most organizations no longer block the popular web sites and allow employees to access these Web 2.0 applications at work, according to a new survey from the Security Executive Council.

3:09 AM (16 hours ago)

Medusa v1.5 Released - Parallel, Modular Login Brute Forcing Tool

from Darknet - The Darkside by Darknet

Finally an update to Medusa! Version 1.5 of Medusa is now available for public download. Medusa 1.4 was released quite some time back in November 2007 and before that Medusa 1.3 showed up November 2006. You would have thought version 1.5 would have been released in November 2008! Looks like they missed by a few months. What [...]
Read the full post at darknet.org.uk

5:56 PM (1 hour ago)

Firefox Releases version 3.0.7, (Wed, Mar 4th)

from SANS Internet Storm Center, InfoCON: green

http://www.mozilla ...(more)...

4:56 PM (2 hours ago)

Wireshark 1.0.6 Released, (Wed, Mar 4th)

from SANS Internet Storm Center, InfoCON: green

It looks like a new version of Wireshark has been released. In this release they have fixed th ...(more)...

2:11 PM (5 hours ago)

Brief: War dialing gets an upgrade

from SecurityFocus News

War dialing gets an upgrade

No comments:

Post a Comment

My Blog List