Alerts
Mar 5, 2009 (yesterday)
Microsoft Security Bulletin Advance Notification for March 2009
from Microsoft Security Content: Comprehensive Edition
Revision Note: Advance Notification published
Summary: This advance notification lists security bulletins to be released for March 2009.
Mar 5, 2009 (yesterday)
Microsoft Security Advisory (968272): Vulnerability in Microsoft Office Excel Could Allow Remote Code Execution
from Microsoft Security Content: Comprehensive Edition
Revision Note: V2.1 (March 5, 2009): Removed Open XML File Format Converter for Mac from the affected software listed in the Overview section. The Open XML File Format Converter for Mac is not affected by the vulnerability described in this advisory.Summary: Microsoft is investigating new public reports of a vulnerability in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file. At this time, we are aware only of limited and targeted attacks that attempt to use this vulnerability.
Security News
3:47 PM (5 hours ago)
Twitter SMS spoofing
from CGISecurity - Website and Application Security News by Robert A.
"A fix against an SMS spoofing flaw involving micro-blogging service Twitter offers only partial protection. Tests by Heise Security found that providing a user knew the number of a phone associated with a Twitter account, it would be possible to use an SMS sender faking service to post fake status updates...
1:26 PM (7 hours ago)
WarVOX 1.0.0 Released
from CGISecurity - Website and Application Security News by Robert A.
HD Moore sent the following to bugtraq this morning."WarVOX is a suite of tools for exploring, classifying, and auditingtelephone systems. Unlike normal wardialing tools, WarVOX works with theactual audio from each call and does not use a modem directly. Thismodel allows WarVOX to find and classify a wide range of interestinglines,...
12:48 PM (8 hours ago)
Building Security In Maturity Model is online
from CGISecurity - Website and Application Security News by Romain Gaucher
"The Building Security In Maturity Model (BSIMM) described on this website is designed to help you understand and plan a software security initiative. BSIMM was created through a process of understanding and analyzing real-world data from nine leading software security initiatives. Though particular methodologies differ (think OWASP CLASP, Microsoft SDL, or...
Mar 5, 2009 (yesterday)
Dan Bernstein Confirms Security Flaw In Djbdns
from CGISecurity - Website and Application Security News by Robert A.
"Dan Bernstein has just admitted that a security issue has been found in the djbdns software, one of most popular alternatives for the BIND nameserver. As part of the djbdns security guarantee, $1000 will be paid to Matthew Dempsky, the researcher that found the bug. The bug allows a nameserver running...
Mar 4, 2009 (2 days ago)
Firefox 3.0.7 fixes multiple security flaws
from CGISecurity - Website and Application Security News by Robert A.
"Mozilla Corp. today patched eight security vulnerabilities in Firefox, half of them critical memory corruption flaws in the browser's layout and JavaScript engines. Firefox 3.0.7, the second security update this year to the open-source browser, fixes about the same number of bugs that Mozilla patched a month ago. Of the eight...
9:12 PM (13 minutes ago)
Conficker gets upgraded with defenses
Anti-cabal resistance
Researchers at Symantec have discovered what could be a significant development in the ongoing Conficker worm saga: a new module that is being pushed out to some infected systems.…
12:11 PM (9 hours ago)
Twitter SMS spoofing still undead
Micro-blogging body-snatching risk
A fix against an SMS spoofing flaw involving micro-blogging service Twitter offers only partial protection.…
8:42 AM (12 hours ago)
Gang jailed over failed Sumitomo cyberheist
Commercial software used in multi-million scam
The gang behind the failed multi-million pound cyberheist at Sumitomo bank were each sentenced to a lengthy spell behind bars on Thursday.…
5:40 AM (15 hours ago)
March patch Tuesday omits Excel fix
Zero-day, nada relief
Microsoft forthcoming patch Tuesday will bring no relief from an unpatched Excel flaw that's the target of active malware attacks.…
Mar 5, 2009 (yesterday)
Suit seeks close of Craigslist's red-light district
Chicago sheriff's resources stretched thin
Chicago's sheriff on Thursday filed a lawsuit against Craigslist, saying the site may be the No. 1 source of prostitution in the United States and is straining his department's ability to enforce the law.…
Mar 5, 2009 (yesterday)
Web maven gives convicted botmaster keys to new kingdom
Mahalo.com embraces Acidstorm
For the past four or five months, Mahalo.com has entrusted its site to a security consultant who stole hundreds of thousands of bank passwords with a massive botnet, which he sometimes administered from his former employer's premisis.…
Mar 5, 2009 (yesterday)
Zero-day Adobe PDF peril goes click free
Thumbnail preview threat
An unpatched flaw in Adobe Acrobat and Reader might be exploited without even needing to trick a surfer into opening a maliciously constructed file.…
Mar 5, 2009 (yesterday)
Firefox went ton up in bugs in 2008
Secunia stats inflame browser beef
Firefox had more vulnerabilities than Internet Explorer last year, but zero-day threats to the Mozilla browser were fixed more quickly than those affecting IE.…
Mar 5, 2009 (yesterday)
One in 20 corporate PCs infested by bots
Zombies, faasands of 'em
Between three to five per cent of corporate systems are infected by bots, according to a study by security firm Damballa.…
Mar 5, 2009 (yesterday)
Firefox update tackles critical memory bugs
We can remember it for you wholesale
Mozilla has released a new version of Firefox in response to the discovery of several security flaws in the browser software.…
3:49 AM (17 hours ago)
Botnet ringleader gets 4 years in prison for stealing data
from Network World on Security by Jaikumar Vijayan
The first person to be charged under federal wiretap statutes for using a botnet to steal data and commit fraud was sentenced to four years in prison this week.
3:49 AM (17 hours ago)
IT pro gets four years for building botnets
from Network World on Security by Robert McMillan
An employee of search engine startup Mahalo has been sentenced to four years in prison for infecting as many as 250,000 computers with malicious botnet computer code.
11:24 AM (10 hours ago)
Security needs to be 'baked in' say experts
from Network World on Security by Tom Jowitt
A panel of security experts agreed that security needs to thought of a lot earlier in the software development lifecycle, and that the IT industry needs to start shipping "hardened" products, especially with the advent of the cloud and visualization making the location of sensitive data even more difficult to locate.
11:24 AM (10 hours ago)
Firefox Update Shores Up Security; Thunderbird Vulnerable
from Network World on Security by Erik Larkin
The latest update to the open-source browser shores up a number of security risks, including some that Mozilla says could be exploited by an attacker to run commands on a vulnerable computer. But the flaws still affect the current Thunderbird release, 2.0.0.19.
11:24 AM (10 hours ago)
Windows security patches coming next week
from Network World on Security by Robert McMillan
Microsoft will release three sets of security updates next Tuesday, fixing at least one critical bug in its Windows operating system.
11:24 AM (10 hours ago)
Microsoft: No patch for Excel zero-day flaw next week
from Network World on Security by Gregg Keizer
Microsoft Thursday said it will deliver three security updates on Tuesday, one of them marked "critical," but will not fix an Excel flaw that attackers are now exploiting.
Mar 5, 2009 (yesterday)
The Internet Protectors
from Network World on Security by M. E. Kabay
Guest writer Pat Bitton: We all know that there is a huge amount of variably accurate security information on the Web. There are many blogs, forums, bulletin boards, white papers, podcasts, and Webinars - some posted by vendors, others by enthusiastic volunteers. The trouble is, there is no coherent resource for all types of computer security information in one place that is appropriate for all levels of expertise. The arrival of social networking on the Internet provided the opportunity I'd been looking for to change this situation.
Mar 5, 2009 (yesterday)
Security Implications of the Humble Computer Clock
from Network World on Security by Simson Garfinkel
Is the clock on every computer system in your organization set to the correct time? If your answer is no, you're not alone. According to a 2007 study by Florian Buchholz and Brett Tjaden, both professors at James Madison University in Virginia, more than a quarter of the Web servers on the Internet have their clocks off by more than 10 seconds. Making sure that computers are set with the correct time is one of those seemingly petty technical things that can unfortunately have big, negative consequences if not done properly. That's because assumptions about time and its flow permeate modern computer systems-including software, hardware and networking. This is true of desktop systems, servers, mobile devices and even embedded systems like HVAC, alarm systems and electronic doorknobs.
Mar 5, 2009 (21 hours ago)
fzem - MUA (Mail User Agent) / Mail Client Fuzzer
from Darknet - The Darkside by Darknet
fzem is a MUA (mail user agent) fuzzer that fuzzes MAIL/MIME email headers as well as how clients handle SMTP, POP and IMAP responses. Purpose fzem’s purpose is to fuzz MUAs as they process email content and handle server reponses. How does it work? fzem has the three main mail protocols implemented as well as mail/mime headers. Using...
Read the full post at darknet.org.uk
Mar 5, 2009 (yesterday)
Twitter Click-Jacking Vulnerability
from Darknet - The Darkside by Darknet
Click-jacking has hit the news a few times recently with most browsers being susceptible to this kind of redirection attack. This time it’s Twitter that’s being hit, as with anything gaining popularity it’s going to become the focus of more attacks and attempts to compromise its security. It seems like click-jacking may well be...
Read the full post at darknet.org.uk
Mar 5, 2009 (yesterday)
What's up with port 445?, (Thu, Mar 5th)
from SANS Internet Storm Center, InfoCON: green
Looking at the DSHIELD data for the port 445 Shows an interesting little trend. Reports ...(more)...
Mar 5, 2009 (yesterday)
Cool combination of tools, (Sun, Mar 1st)
from SANS Internet Storm Center, InfoCON: green
I've mentioned here before that I'm a big fan of Volatility for analyzing memory images. In fa ...(more)...
Mar 5, 2009 (yesterday)
OSSEC Version 2 available!, (Sat, Feb 28th)
from SANS Internet Storm Center, InfoCON: green
A reader wrote in to inform us that OSSEC version 2.0 has been released ...(more)...
2:31 PM (7 hours ago)
Brief: White House to wrap up cyber review in April
from SecurityFocus News
White House to wrap up cyber review in April
Mar 5, 2009 (yesterday)
Brief: Bot master sentenced to four years
from SecurityFocus News
Bot master sentenced to four years
>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909
Mar 5, 2009 (yesterday)
Brief: Mozilla, Opera plug security holes
from SecurityFocus News
Mozilla, Opera plug security holes
11:23 AM (10 hours ago)
Chris Wysopal: Contracting for Secure Code
from SecurityFocus News
Contracting for Secure Code
Posts
No comments:
Post a Comment