Thursday, January 15, 2009
Around The Horn vol.1,10
Alerts
Jan 14, 2009 (18 hours ago)
Cisco ONS Platform Crafted Packet Vulnerability
from Cisco Security Advisories
The Cisco ONS 15300 series Edge Optical Transport Platform, the Cisco ONS 15454 Optical Transport Platform, the Cisco ONS 15454 SDH Multiservice Platform, and the Cisco ONS 15600 Multiservice Switching Platform contains a vulnerability when processing TCP traffic streams that may result in a reload of the device control card.
Jan 14, 2009 (18 hours ago)
IronPort Encryption Appliance / PostX and PXE Encryption Vulnerabilities
from Cisco Security Advisories
IronPort PXE Encryption is an e-mail encryption solution that is designed to secure e-mail communications without the need for a Public Key Infrastructure (PKI) or special agents on receiving systems.
1:25 AM (5 hours ago)
Conficker's autorun and social engineering, (Thu, Jan 15th)
from SANS Internet Storm Center, InfoCON: green
We wrote several diaries about Conficker (or Downadup, depending on the AV tool you are using). F-Se ...(more)...
Security News
Jan 14, 2009 (18 hours ago)
Security Incident Handling in Small Organizations
from SANS Information Security Reading Room
Category: Incident Handling
Paper Added: December 16, 2008
Jan 14, 2009 (18 hours ago)
CURRENT ISSUES IN DNS
from SANS Information Security Reading Room
Category: DNS Issues
Paper Added: December 30, 2008
Jan 14, 2009 (18 hours ago)
The Importance of Security Awareness Training
from SANS Information Security Reading Room
Category: Security
7:02 PM (11 hours ago)
Pop-up phishing risk points to web fraud evolution
from The Register - Security
Taking the spam out of e-banking scams
Fraudsters have the potential to develop techniques for mounting phishing attacks using pop-up dialogue boxes instead of spoofed emails, security start up Trusteer warns. Although the firm isn't able to cite example of the possible next-generation attack, which it describes as in-session phishing, that attack scenario is plausible enough to merit a closer look.…
Jan 14, 2009 (13 hours ago)
Next-gen botnet armies fill spam void
from The Register - Security
Out with the old, in with the new
The demise late last year of four of the world's biggest spam botnets was good news for anyone with an email inbox, as spam levels were cut in half - almost overnight. But the vacuum has created opportunities for a new breed of bots, some of which could be much tougher to bring down, several security experts are warning.…
Jan 14, 2009 (16 hours ago)
NY policeman plunders US terror watchlist
from The Register - Security
Cops to illegal access
A New York City Police Department sergeant has admitted he illegally obtained a name contained in an FBI terrorist watchlist and gave it to an acquaintance to use in a child custody case.…
Jan 14, 2009 (21 hours ago)
RIM squashes BlackBerry PDF peril
from The Register - Security
Purple alert over high-impact bugs
Research in Motion (RIM) has published a patch that fixes a pair of critical flaws in the way BlackBerry servers handle malformed PDF files.…
Jan 14, 2009 (23 hours ago)
Solitary MS update lances critical Windows risk
from The Register - Security
Oracle patches own January Black Tuesday
The solitary security update in the latest edition of Microsoft's monthly Patch Tuesday still poses a critical risk.…
Jan 14, 2009 (22 hours ago)
Using Certificate-Monitoring Tools with Windows Server 2008
from WindowSecurity.com by (Robert J. Shimonski)
How Windows Server 2008 works with Certificate Services as well as which tools you can use to monitor it with.
4:58 AM (2 hours ago)
Paris Hilton's Site Attacks Visitors
from Network World on Security
Paris Hilton's official Web site is serving up an unexpected surprise, according to Robert McMillan of the IDG News Service. The hacked site attempts to infect visitors with a Trojan in what sounds like a classic drive-by-download attack. As of Tuesday, the site was still attacking visitors, and you shouldn't attempt to visit the site yourself.
4:58 AM (2 hours ago)
Debunking the Patch Tuesday Hype Machine
from Network World on Security
A familiar pattern reared its ugly head in my e-mail inbox Tuesday afternoon. And while I mean no disrespect toward my PR friends, it's starting to annoy me.
4:58 AM (2 hours ago)
Former US gov't worker admits to snooping in passport files
from Network World on Security
A second former employee of the U.S. Department of State has admitted to illegally accessing hundreds of electronic files containing the confidential passport records of politicians, celebrities and even his own friends - snooping activities that were discovered early last year and described by an agency official as being motivated by "imprudent curiosity."
4:58 AM (2 hours ago)
Symantec gets good vibes from virtualized browser
from Network World on Security by Robert McMillan
Security vendor Symantec is using new virtual machine technology to protect Web surfers from online attack.
4:58 AM (2 hours ago)
Giving in to malware
from Network World on Security by Mark Gibbs
Gibbs thought he'd fixed his problem with malware on a Windows XP system, but as it turns out, he just made the malware work better. Here's the sad tale.
4:58 AM (2 hours ago)
Encryption told to stop ignoring encryption
from Network World on Security
Brocade is warning companies to reassess their security priorities for data centres and stop ignoring encryption, after a survey found that half of respondents had experienced security breaches during 2008.
4:58 AM (2 hours ago)
Financial Fraud Spam Spikes
from Network World on Security
Expect to see more of those 419 Nigerian and "You won the UK National Lottery!" bogus e-mails that prey on the especially gullible. MessageLabs, an e-mail security company now owned by Symantec, reports that the amount of such e-mail it's seeing is jumping.
Jan 14, 2009 (17 hours ago)
Biometric passports agreed to in EU
from Network World on Security
The European Parliament signed up to a plan Wednesday to introduce computerized biometric passports including people's fingerprints as well as their photographs, despite criticism from civil liberties groups and security experts who argue that the move is flawed on technical grounds.
4:58 AM (2 hours ago)
AllSecure, nee RiftVault, protects passwords and info
from Network World on Security
EdgeRift has released AllSecure 1.0, a new password and information manager for Mac OS X. It costs US$39.
Jan 14, 2009 (17 hours ago)
Network critical to business growth in '09, Gartner says
from Network World on Security by Denise Dubie
Gartner survey shows that the network continues to deliver value in a down economy and a majority of CIOs will increase their dependence on the network as a means to drive greater revenue in 2009.
10:32 PM (8 hours ago)
News: Group releases list to kill most-dangerous bugs
from SecurityFocus News
Group releases list to kill most-dangerous bugs
10:32 PM (8 hours ago)
Brief: Downadup worm infects more than 3.5 million
from SecurityFocus News
Downadup worm infects more than 3.5 million
10:32 PM (8 hours ago)
Brief: Oracle's patch overshadows Microsoft's light fix
from SecurityFocus News
Oracle's patch overshadows Microsoft's light fix
11:53 PM (7 hours ago)
GAO notes IRS security improvements; wants further action
from Ars Technica by jhruska@arstechnica.com (Joel Hruska)
In its recent audit of the Internal Revenue Service (IRS), the Government Accountability Office (GAO) found evidence that the security situation at the agency has improved, but not enough. The tax coffers and treasure room need a few more locks and guards before the government will certify them as completely safe.
-- Aurora Report says read! If for no other reason than to spark your creativity and break the rut of your normal daily routine.
Subscribe to:
Post Comments (Atom)
My Blog List
-
-
Oxford Uni student data pwned yet again - this time via career platform breach - Totally different attack from the break-in last month. Oh so that's OK then1 day ago
-
Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts - The Instagram accounts for the Obama White House and the Chief Master Sergeant of the U.S. Space Force were briefly defaced with pro-Iranian images and mes...6 days ago
-
Mandiant Global Median Dwell Time Deteriorates from 11 to 14 Days - Oh snap. My single most important cybersecurity metric deteriorated again. In the M-Trends report for calendar year 2024, Mandiant’s global median dwe...
2 months ago -
MSSQLand – Lightweight MS-SQL Interaction Tool for Lateral Movement and Post-Exploitation - MSSQLand enables red teams to interact with MS-SQL servers and linked instances in restricted environments without complex T-SQL queries. Assembly-ready to...2 months ago
-
Today's NYT Mini Crossword Answers for Tuesday, Oct. 7 - Here are the answers for The New York Times Mini Crossword for Oct. 7.
8 months ago -
Today's NYT Mini Crossword Answers for Tuesday, Oct. 7 - Here are the answers for The New York Times Mini Crossword for Oct. 7.
8 months ago
-
Announcing SecTemplates.com release #6: Security Partner Program Pack v1 - I have built several security partner programs at companies such as Box Inc. and Coinbase, with over 8 years of experience leading them. I have consistentl...1 year ago
-
Anybody knows that this URL is about? Maybe Balena API request?, (Wed, Feb 7th) - Yesterday, I noticed a new URL in our honeypots: /v5/device/heartbeat. But I have no idea what this URL may be associated with. Based on some googleing, I ...2 years ago
-
Comic for March 12, 2023 - Dilbert readers - Please visit Dilbert.com to read this feature. Due to changes with our feeds, we are now making this RSS feed a link to Dilbert.com.3 years ago
-
87% of Container Images in Production Have Critical or High-Severity Vulnerabilities - At the inaugural CloudNativeSecurityCon, DevSecOps practitioners discussed how to shore up the software supply chain.3 years ago
-
Vulnerability Summary for the Week of November 29, 2021 - Original release date: December 6, 2021 High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info abb -- rtu50...4 years ago
-
AA21-336A: APT Actors Exploiting CVE-2021-44077 in Zoho ManageEngine ServiceDesk Plus - Original release date: December 2, 2021 Summary *This joint Cybersecurity Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (AT...4 years ago
-
Ransomware: Why one city chose to the pay the ransom after falling victim - Posted by InfoSec News on Aug 12 https://www.zdnet.com/article/ransomware-why-one-city-chose-to-the-pay-the-ransom-after-falling-victim/ By Danny Palmer Z...5 years ago
-
What the newly released Checkra1n jailbreak means for iDevice security - There are reasons to embrace it. There are reasons to be wary of it. Here's the breakdown.6 years ago
-
Privacy and Mobile Device Apps - Original release date: July 9, 2019 | Last revised: November 15, 2019 What are the risks associated with mobile device apps? Applications (apps) on your sm...6 years ago
-
44CON 2018 - 12th-14th September, London (UK) - Posted by Steve on Feb 28 44CON 2018 is the UK's best annual Security Conference and Training event. The conference spans 2.5 days with training on the 1...8 years ago
-
Cryptopp Crypto++ 5.6.4 octets Remote Code Execution Vulnerability - Crypto++ (aka cryptopp and libcrypto++) 5.6.4 contained a bug in its ASN.1 BER decoding routine. The library will allocate a memory block based on the leng...8 years ago
-
V2V Communications security considerations - The future of vehicles, road infrastructure and driving are changing. We are progressing with vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) ...9 years ago
-
vTech – ignorance is no defence (and neither are weasel words) - This morning, Troy Hunt published a blog post alerting to a recent change in the Terms & Conditions published by children’s toy manufacturer vTech. The cha...10 years ago
-
DOJ probing claims U.S. drug agency 'collaborated' with NSA on intelligence - The U.S. Justice Dept. said it was "looking into the issues" raised by an Reuters story, that one of its law enforcement agencies collaborated with the NSA...12 years ago
-
-
-
-
-
-
-
-
-
Posts
No comments:
Post a Comment