Thursday, January 8, 2009
Around The Horn vol.1, 3
Alerts
Jan 7, 2009 (18 hours ago)
Cisco Global Site Selector Appliances DNS Vulnerability
from Cisco Security Advisories
The Cisco Application Control Engine Global Site Selector (GSS) contains a vulnerability when processing specific Domain Name System (DNS) requests that may lead to a crash of the DNS service on the GSS.
Jan 7, 2009 (17 hours ago)
An Israeli patriot program or a trojan, (Wed, Jan 7th)
from SANS Internet Storm Center, InfoCON: green
Recently we have been witnessing a rise of politically motivated hacking attacks by supporters both ...(more)...
9:31 PM (9 hours ago)
BIND 9.x security patch - resolves potentially new DNS poisoning vector, (Wed, Jan 7th)
from SANS Internet Storm Center, InfoCON: green
The Internet Systems Consortium [http://www.isc ...(more)...
Security News
Jan 7, 2009 (12 hours ago)
Microsoft Security Advisory (961509): Research proves feasibility of collision attacks against MD5
from Microsoft Security Content: Comprehensive Edition
Revision Note: Advisory publishedSummary: Microsoft is aware that research was published at a security conference proving a successful attack against X.509 digital certificates signed using the MD5 hashing algorithm. This attack method would allow an attacker to generate additional digital certificates with different content that have the same digital signature as an original certificate. The MD5 algorithm had previously shown a vulnerability, but a practical attack had not yet been demonstrated.
Jan 7, 2009 (18 hours ago)
Twitter hacked via weak passwords to admin system
from CGISecurity - Website and Application Security News by Robert
"A teenage hacker, known in the digital underground as GMZ, claims he obtained access to the micro-blogging site’s admin controls using a brute force dictionary attack. After guessing the login identity of an administrator, in part based on the large number of people she followed, GMZ ran an automated password guessing...
Jan 7, 2009 (17 hours ago)
Sacked Croydon hacker spied on former colleagues' e-mails
from CGISecurity - Website and Application Security News by Robert
"An IT expert sacked for lying on his CV hacked into his company's computer system to spy on his former colleagues - and deleted vital information which led to the loss of jobs. Julius Oladiran, 46, was dismissed from after his employers discovered his boasts of a master's degree, and top...
Jan 7, 2009 (17 hours ago)
Google code project abused by spammers
from McAfee Avert Labs by Chris Barton, Research Scientist and Artemis Geek
Google’s code hosting project is the latest free service to be abused by web spammers. We’ve seen one or two previously but over the holidays the situation appears to have got much worse. They are creating lots of new projects with the following type of website on:
Jan 7, 2009 (20 hours ago)
Weak sigs found on one in seven SSL sites
from The Register - Security
Survey highlights serious spoofability
One in seven digital certificates that stamp the authenticity of secure web sites use a vulnerable signature algorithm, according to a new survey. The shortcoming underlines the need to drop the insecure signing mechanism before its shortcomings are exploited in more convincing phishing attacks.…
Jan 7, 2009 (18 hours ago)
Password guessing attack exposed in Twitter pwn
from The Register - Security
The pursuit of 'happiness'
Miscreants broke into Twitter's admin system on Sunday night using a simple password guessing hack, it has emerged.…
Jan 7, 2009 (23 hours ago)
Researchers poke holes in Intel's anti-tampering tech
from The Register - Security
Unlocked and loaded
A practical attack on Intel's trusted execution technology (TXT) is due to be demonstrated at a hacking conference next month.…
Jan 7, 2009 (13 hours ago)
Sacked IT admin sentenced for hacking ex-employer
from The Register - Security
The telltale cursor
A British IT admin was ordered to pay more than £3,000 and given a three-months jail sentence after being accused of hacking into his former employer's computer system so he could install spyware and delete emails.…
Jan 7, 2009 (22 hours ago)
Symantec Altiris SecurityExpressions - Voted WindowSecurity.com Readers' Choice Award Winner - Network Auditing
from WindowSecurity.com by info@WindowSecurity.com (The Editor)
Symantec Altiris SecurityExpressions was selected the winner in the Network Auditing category of the WindowSecurity.com Readers' Choice Awards. Karalon Traffic IQ Professional was first runner-up and i-Sprint Enterprise AdminGuard and Stealthbits StealthAUDIT were second runners-up.
Jan 7, 2009 (22 hours ago)
Troubleshooting Kerberos in a SharePoint environment (Part 1)
from WindowSecurity.com by blue@jinx.dk (Jesper M. Christensen)
Creating a test environment to show which error-messages come from configuration problems.
Jan 7, 2009 (17 hours ago)
Best practices for removable media encryption
from Network World on Security
USB flash drives, iPods and other portable storage devices are pervasive in the workplace and a real threat. They can introduce viruses or malicious code to the network and be used to store sensitive corporate information. While IT has responded with policies and audits, the best way to safeguard data taken outside of a managed envrionment is encryption.
Australian Tax Office again the target of phishing scam
from Network World on Security
Just like it did this time last year, the Australian Tax Office is again warning taxpayers of a fraudulent email being circulated that claims to offer citizens a tax refund.
Jan 7, 2009 (17 hours ago)
Data breaches rose sharply in 2008, says study
from Network World on Security
More than 35 million data records were breached in 2008 in the U.S., a figure that underscores continuing difficulties in securing information, according to the Identity Theft Resource Center (ITRC).
Jan 7, 2009 (17 hours ago)
Recession Be Damned! IT Security Spending Up For Some
from Network World on Security
The economy may be in tatters, along with legions of IT security budgets. But a new report from Forrester Research suggests security spending is actually on the rise in some enterprises.
Will Microsoft Corner the Desktop Security Market?
from Network World on Security
Microsoft plans to offer a free antivirus product, code-named "Morro," in the second half of this year, when the company removes Windows Live OneCare from the retail market. But cautious consumers may want to keep their current antivirus programs, given Microsoft's dubious track record with antivirus apps.
4:49 AM (1 hour ago)
Kerio unveils Mac client for its VPN
from Network World on Security
Messaging and security vendor Kerio in March will release a Mac-based VPN client for its WinRoute Firewall.
4:49 AM (2 hours ago)
Hack Forces Twitter Into 'Full Security Review'
from Network World on Security
Twitter Inc. has launched a comprehensive review of the defenses in its popular social network and microblogging service after hackers last week hijacked the accounts of several high-profile users.
4:49 AM (2 hours ago)
Social networks link terrorists
from Network World on Security
A new breed of terrorists are using online forums to recruit people who align themselves with the mission of Al Qaeda, creating global networks of would-be terrorists who pose a growing threat, a senior cyberterrorist researcher warned this week.
4:49 AM (2 hours ago)
Fake LinkedIn profiles promise pics, send malware instead
from Network World on Security
Hackers have seeded LinkedIn , the business networking service, with bogus celebrity profiles that link to malicious sites serving up attack code, a security researcher said Wednesday.
4:49 AM (1 hour ago)
Pocket Credit Card Reader Takes Transactions on the Go
from Network World on Security
Taking credit card payments on the road--whether it's door-to-door or on a trade show floor--can be a frustrating task. Old-fashioned mechanical readers (known as addressographs) are insanely bulky, and leave you with a mass of paper to contend with at the end of each day. Dedicated electronic card readers, meanwhile, tend to be even bulkier, and often require a power source and Internet connection to function. These hassles make the ProPay MicroSecure Card Reader look pretty inviting.
4:49 AM (1 hour ago)
Kerio unveils Mac client for its VPN
from Network World on Security
Messaging and security vendor Kerio in March will release a Mac-based VPN client for its WinRoute Firewall.
4:49 AM (1 hour ago)
Clock ticking for gas stations to pump up data security
from Network World on Security
Lower gas prices aren't the only thing that's new at the pumps these days. Data encryption tools are also becoming part of the picture.
Jan 7, 2009 (20 hours ago)
Root inside: researchers claim crack for Intel's vPro
from Ars Technica by jon@arstechnica.com (Jon Stokes)
A pair of security researchers claim to have cracked Intel's trusted execution technology (TXT), a critical part of the vPro platform. Few details on the attack are available, so it's hard to suss out what, if anything, this means for the chip giant's plans.
Jan 6, 2009 (2 days ago)
Constable HaX0r loose in the UK? Well, yes and no
from Ars Technica by julian.sanchez@arstechnica.com (Julian Sanchez)
ZOMG, did you hear about how British cops are elite haxx0rz in ur base killing all ur d00dz!!!1! Let's all take a deep breath, shall we?
Jan 5, 2009 (3 days ago)
Israel/Hamas battle goes Web 2.0
from Ars Technica by nate@arstechnica.com (Nate Anderson)
Forget the Iraqi Information Minister; governments are now turning to Twitter, YouTube, and blogs to shape public opinion about war, and the Israel/Gaza conflict looks to be one of the most wired yet.
-- Aurora Report says that'll do donkey - ya gotta love Shrek.
Subscribe to:
Post Comments (Atom)
My Blog List
-
-
Oxford Uni student data pwned yet again - this time via career platform breach - Totally different attack from the break-in last month. Oh so that's OK then1 day ago
-
Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts - The Instagram accounts for the Obama White House and the Chief Master Sergeant of the U.S. Space Force were briefly defaced with pro-Iranian images and mes...6 days ago
-
Mandiant Global Median Dwell Time Deteriorates from 11 to 14 Days - Oh snap. My single most important cybersecurity metric deteriorated again. In the M-Trends report for calendar year 2024, Mandiant’s global median dwe...
2 months ago -
MSSQLand – Lightweight MS-SQL Interaction Tool for Lateral Movement and Post-Exploitation - MSSQLand enables red teams to interact with MS-SQL servers and linked instances in restricted environments without complex T-SQL queries. Assembly-ready to...2 months ago
-
Today's NYT Mini Crossword Answers for Tuesday, Oct. 7 - Here are the answers for The New York Times Mini Crossword for Oct. 7.
8 months ago -
Today's NYT Mini Crossword Answers for Tuesday, Oct. 7 - Here are the answers for The New York Times Mini Crossword for Oct. 7.
8 months ago
-
Announcing SecTemplates.com release #6: Security Partner Program Pack v1 - I have built several security partner programs at companies such as Box Inc. and Coinbase, with over 8 years of experience leading them. I have consistentl...1 year ago
-
Anybody knows that this URL is about? Maybe Balena API request?, (Wed, Feb 7th) - Yesterday, I noticed a new URL in our honeypots: /v5/device/heartbeat. But I have no idea what this URL may be associated with. Based on some googleing, I ...2 years ago
-
Comic for March 12, 2023 - Dilbert readers - Please visit Dilbert.com to read this feature. Due to changes with our feeds, we are now making this RSS feed a link to Dilbert.com.3 years ago
-
87% of Container Images in Production Have Critical or High-Severity Vulnerabilities - At the inaugural CloudNativeSecurityCon, DevSecOps practitioners discussed how to shore up the software supply chain.3 years ago
-
Vulnerability Summary for the Week of November 29, 2021 - Original release date: December 6, 2021 High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info abb -- rtu50...4 years ago
-
AA21-336A: APT Actors Exploiting CVE-2021-44077 in Zoho ManageEngine ServiceDesk Plus - Original release date: December 2, 2021 Summary *This joint Cybersecurity Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (AT...4 years ago
-
Ransomware: Why one city chose to the pay the ransom after falling victim - Posted by InfoSec News on Aug 12 https://www.zdnet.com/article/ransomware-why-one-city-chose-to-the-pay-the-ransom-after-falling-victim/ By Danny Palmer Z...5 years ago
-
What the newly released Checkra1n jailbreak means for iDevice security - There are reasons to embrace it. There are reasons to be wary of it. Here's the breakdown.6 years ago
-
Privacy and Mobile Device Apps - Original release date: July 9, 2019 | Last revised: November 15, 2019 What are the risks associated with mobile device apps? Applications (apps) on your sm...6 years ago
-
44CON 2018 - 12th-14th September, London (UK) - Posted by Steve on Feb 28 44CON 2018 is the UK's best annual Security Conference and Training event. The conference spans 2.5 days with training on the 1...8 years ago
-
Cryptopp Crypto++ 5.6.4 octets Remote Code Execution Vulnerability - Crypto++ (aka cryptopp and libcrypto++) 5.6.4 contained a bug in its ASN.1 BER decoding routine. The library will allocate a memory block based on the leng...8 years ago
-
V2V Communications security considerations - The future of vehicles, road infrastructure and driving are changing. We are progressing with vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) ...9 years ago
-
vTech – ignorance is no defence (and neither are weasel words) - This morning, Troy Hunt published a blog post alerting to a recent change in the Terms & Conditions published by children’s toy manufacturer vTech. The cha...10 years ago
-
DOJ probing claims U.S. drug agency 'collaborated' with NSA on intelligence - The U.S. Justice Dept. said it was "looking into the issues" raised by an Reuters story, that one of its law enforcement agencies collaborated with the NSA...12 years ago
-
-
-
-
-
-
-
-
-
Posts
No comments:
Post a Comment