Compromising web content served over SSL via malicious proxies
By Robert A. on Vulns
Microsoft research has published an excellent paper describing many browser flaws. The use case primary involves an attacker hijacking the explicitly configured proxy used by the user and via HTTP code trickery they can access the content on an HTTPS established connection. It also outlines browser flaws involving caching of SSL...
Tech Insight: How To Protect Your Organization From Malicious Insiders
New report offers insights on how to prevent malicious insiders from stealing or damaging enterprise data
Adware Stalks Torrents, Social Networks
In Spam
New adware programs are piggybacking on file-sharing services to creep over into everything from users' browsers to their social networks.
Standard updated for reporting suspicious activity
The government has updated its standard for reporting suspicious activity that could be linked to terrorism to deal with issues raised by civil liberties groups and police.
Rolling Review: Trust Digital Enterprise Mobility Management
Platform centralizes management for diverse smartphone environments.
Tech Road Map: 3G Security Is Getting Better, But It's Still Incomplete
Safeguarding wireless traffic in transit is only part of the equation. Pay attention to devices and endpoints, too.
Army Deploying Vista On Hundreds Of Thousands Of Computers
The migration is driven by the better security offered in Windows Vista and Office 2007.
President Clinton Data On Hard Drive Lost By National Archives
The drive contains snapshots of the hard drives of departing administration officials, information that had been stored on 113 4-mm tape cartridges.
Verizon Beefs Up Handset Security
The over-the-air authentication service enables workers to securely access business networks from handsets nearly anywhere in the world.
YouTube Launches U.S. Government Portal
The channel aggregates videos from the White House, CDC, NASA, and other federal agencies using a player that complies with government privacy regulations.
Mac OS X Users Warned About Java Vulnerability
SoyLatte, an X11-based port of the FreeBSD Java 1.6 "patchset" to Mac OS X Intel machines, is also reportedly vulnerable.
Interop 2009 Show Winners
This year's champs come from every corner of IT -- cloud computing, virtualization, network management, security, wireless -- and more. Judges also handed out a green award, and picked a favorite startup before announcing the coveted Best Of Interop winner.
Microsoft Issues IIS Security Advisory
An exploit of the vulnerability could give an attacker access to a directory that normally requires authentication.
Schools' Cybersecurity Needs Improvement
While more than half of surveyed schools reported a breach last year, 75% say their security infrastructure is adequate.
Facebook Users Targeted By Another Phishing Attack
Two weeks after a similar attack, hackers successfully gathered passwords from some of Facebook's 200 million users.
U.S. Defense Department Official Charged With Espionage
A civilian employee at the Pentagon has been charged with conspiring to provide classified information to an agent with ties to the People's Republic of China.
DHS Disaster Recovery Plans Lacking, Report Finds
Eight of the Department of Homeland Security's 27 critical systems don't have an identified alternate processing site.
Apple Mac OS X Update Has Nearly 70 Security Fixes
Version 10.5.7 addresses several issues with Apple's iCal and Mail applications, as well as its Parental Controls control panel.
Microsoft Patches PowerPoint Flaws, But Not For Mac
One of the 14 Patch Tuesday bulletins is rated "critical" and the rest are rated "important." All of them could lead to remote code execution.
Google Morocco Not Hacked, Company Insists
Internet users trying to reach Google Morocco were, for a few hours, sent to a Web site unaffiliated with Google.
Viral Art: A Gallery Of Security Threats
Visually, online threats such as viruses, worms, and Trojans can be as beautiful as they are menacing to individual PC users, enterprises, and IT security professionals.
Data Loss Prevention Rolling Review: Safend Safeguards At The Endpoint
Low-cost endpoint specialist gets the job done -- most of the time.
UC Berkeley Health Service Data Stolen By Overseas Criminals
The breach went undiscovered for six months, during which time Social Security numbers and health insurance information were stolen.
Air Traffic Control System Repeatedly Hacked
A security audit finds a total of 763 high-risk, 504 medium-risk, and 2,590 low-risk vulnerabilities, such as weak passwords and unprotected folders.
Mass. Criminal Database Deemed Public Safety Risk
The 25-year-old system cannot reconcile arrests with court dispositions or use fingerprints to verify criminal history, state auditor Joe DeNucci finds.
Google Chrome Update Scheme Beats Firefox, Safari, Opera
By automatically updating the browser every five hours, Google Chrome provides greater security than its competitors, according to a new study.
EU Consumer Guide Seeks To Spur, Protect Web Users
An Internet consumers' bill of rights for citizens of the EU aims to promote online shopping and address security concerns.
Windows 7 Retains Windows Explorer Security Risk
A feature in Windows Explorer, the operating system's file management application, enables virus writers to disguise executable files, security researcher says.
NoScript Developer Apologizes For Meddling With AdBlock
His methods caused a furor in the Mozilla community over the weekend because he did not provide clear notification about what his software was doing.
Virginia Health Data Potentially Held Hostage
An extortion demand seeks $10 million to return more than 8 million patient records allegedly stolen from Virginia Department of Health Professions.
Cyberchief Needs To Be In White House
No date has been set for when, or if, such an appointment would be made.
Facebook Expands Security Tools While Combating Phishing Attack
The site has come under siege this week by FBaction.net, which has delivered messages among Facebook friends, telling them to check out a link.
Twitter Employee Account Hijacked
A security breach of a Yahoo Mail account let one hacker peer at info about Barack Obama, Britney Spears, and others.
GPS Evidence Too Unreliable For Legal Purposes
GPS devices can be easily jammed and their data can be spoofed, particularly when tied to cellular systems, experts argue.
Bill Would Shift Government Cybersecurity Requirements
The U.S. Information and Communications Enhancement Act of 2009 would require more continuous monitoring of systems and effectiveness of agencies' cybersecurity measures.
Panda Security Offers Free 'Cloud Antivirus'
The antivirus company says its approach protects against malware 100 times faster than traditional signature-based solutions.
More Companies Requiring IT Security Certification
The study reflects responses from more than 1,000 IT employees.
Swine Flu Fears Fanned By Spammers
Some of these messages contain no malware or malicious links and appear to be information harvesting campaigns.
Microsoft Releases Office 2007 SP2
The productivity suite update adds built-in support for Open Document Format and a slew of other tweaks, including improved Outlook performance.
Q & A: Gen. Colin Powell On Leadership In Times Of Change
Former Secretary of State Colin Powell speaks with <i>InformationWeek</i> about "commander's risk," cybersecurity, H1-B visas, Facebook, and his most immediate concerns for the United States.
InformationWeek Analytics: Endpoint Security And DLP
A smart mix of policies, education, and new technologies like data loss prevention can help IT balance access and protection.
Cybersecurity Balancing Act
Government IT pros struggle to meet mandates as computer system threats keep growing.
Facebook Users Approve Terms Of Use
The changes increase user control while improving account deletion and limiting sublicenses and reducing data exchanges between application developers.
Report For Obama To Say No Quick Cybersecurity Fix
In one instance, 130 automated teller machines in 49 cities around the world were emptied in a 30-minute period last November.
Pentagon Creating Cyber Warfare Command
The Defense Department will unify information security for all the military branches under a command focused on waging cyberwarfare.
Urban ‘Attack’ on Infrastructure
By Francois Paget on Web and Internet Safety
Supervisory Control and Data Acquisition, or SCADA, stands for large-scale distributed remote processing systems that gather data in real time to control critical industrial, infrastructure, or facility processes and equipment. SCADA is used in power plants as well as in oil and gas refining, telecommunications, transportation, and water and waste control. Stories about intruders who damage [...]
Insurers keep an eye on cloud security threats
Data loss is possible anywhere, including in the networks of cloud computing providers, but the unique challenges there are significant enough that they are getting a special look from insurers.
Insider at Cal Water steals $9M and runs
On the night of April 27, 2009, hours after he had resigned from his job as an auditor at the California Water Services Company, Abdirahman Ismail Abdi used his still active electronic key card to steal over more than $9 million electronically.
Phishing using scary bait
Job offers in phishing e-mail are designed to trick users into revealing confidential personally identifiable information (PII); they may also be hoping to fool victims into sending criminals some money.
Yuuguu adds Skype to conferencing app
Web conferencing newcomer Yuuguu has added Skype integration to a roster of features that already lists instant messaging (IM) integration and screen sharing.
US military shows off hack-by-numbers battlefield gadget
Cyber warfare made easier
As the US military strives to boost its ability to wage cyber warfare, it's looking for ways to make it easier for non-expert soldiers on the front lines to wreak havoc on enemy networks.…
Dodgy McAfee update slaps viral warning on Spotify
Was someone listening to Phil Collins again?
Security software from McAfee wrongly identified the Spotify application as a virus, following a misfiring update published on Thursday.…
FBI and US Marshals laid low by mystery virus
Tommy Lee Jones' paperwork delayed
A mystery viral infection forced the FBI and US Marshals Service to pull the plug on parts of their respective computer networks on Thursday, AP reports.…
E-trade scammer pleads guilty to Office Space scam
We're not going to white-collar resort prison. No, no, no
A Californian man who raked in $50,000 after opening thousands of bogus accounts with online brokers, sometimes in the name of cartoon characters, has pleaded guilty to fraud.…
AppSec - Cross Site Request Forgery: What Attackers Don't Want You to Know
Category: Application/Database Sec
Paper Added: May 22, 2009
AppSec - Protecting Your Web Apps: Two Big Mistakes and 12 Practical Tips to Avoid Them
Category: Application/Database Sec
Paper Added: March 3, 2009
Patching and Apple - Java issue, (Fri, May 22nd)
At the other end of the spectrum is Apple. There is a java issue (CVE-2008-5353)which wa ...(more)...
Patching and Adobe, (Fri, May 22nd)
We all remember the beating Adobe received back in February regarding the JBIG2 issue. T ...(more)...
Google Chrome 2.0 Browser Brings More Web Security
Google Chrome 2.0 includes some new security features with which to arm itself as it competes in a browser market still dominated by Microsoft Internet Explorer. The new Chrome features include protections against cross-site request forgery and clickjacking.
- The latest update to Google Chrome came with a few new bells and whistles, and lots of talk about speed. But what about security? Browser vendors have been struggling to keep pace with the growing Web threat landscape. Internet Explorer 8 added a number of security features. In the latest release ...
News: OpenSSH chink bares encrypted data packets
OpenSSH chink bares encrypted data packets
Brief: Grumblar drive-by download attacks surge
Grumblar drive-by download attacks surge
Computer virus strikes US Marshals, FBI affected (AP)
In technology
AP - Law enforcement computers were struck by a mystery computer virus Thursday, forcing the FBI and the U.S. Marshals to shut down part of their networks as a precaution.
No comments:
Post a Comment