Alerts
5:59 PM (11 hours ago)
TA09-022A: Apple QuickTime Updates for Multiple Vulnerabilities
from US-CERT Technical Cyber Security Alerts
Apple QuickTime Updates for Multiple Vulnerabilities
10:05 PM (7 hours ago)
iWork 2009 Trojan, (Fri, Jan 23rd)
from SANS Internet Storm Center, InfoCON: green
It's already pretty widely reported in the media, take for instance here and here. First reported b ...(more)...
Jan 22, 2009 (19 hours ago)
Unexpected mass reboots are worth investigating, (Thu, Jan 22nd)
from SANS Internet Storm Center, InfoCON: green
An ISC reader told us that his company observed a large number of their PCs unexpectedly reboot at a ...(more)...
Security News
Jan 22, 2009 (15 hours ago)
Security metrics on flaws detected during architectural review?
from CGISecurity - Website and Application Security News by Robert A.
I recently attended a private event where there was a talk on security metrics. Security metrics can be used to determine if action x is reducing risk y. Software security metrics typically involve counting the number of defects discovered over time to see if things are getting better. Most of these...
Jan 22, 2009 (15 hours ago)
PCI Is Meaningless, But We Still Need It
from CGISecurity - Website and Application Security News by Robert A.
There's a good rant at informationweek on PCI."The Heartland Payment Systems breach demonstrates that PCI is bunk. Unfortunately, unless something better comes along, bunk is better than nothing. The PCI compliance program is like a Zen koan: it's a proposition that can't be understood rationally. Unlike a koan, however, pondering on...
Jan 22, 2009 (15 hours ago)
British hacker gang 'tried to steal £229m from Japanese bank'
from CGISecurity - Website and Application Security News by Robert A.
"A six-strong hacker gang attempted to plunder £229million from a Japanese bank in an audacious high-tech scam, a court heard. A crooked security guard at Japanese bank Sumitomo Mitsui let alleged computer hackers into the building in the dead of night where they installed spy software on computers used for multi-million...
Jan 22, 2009 (13 hours ago)
Mac malware piggybacks on pirated iWork
from The Register - Security
Over 20,000 served
Malware masquerading as part of Apple's iWork 09 productivity suite is targeting unsuspecting Mac users foolish enough to install pirated software downloaded on warez sites.…
Jan 22, 2009 (14 hours ago)
Obama unfurls master plan for US cybersecurity
from The Register - Security
Here comes the cyber czar
On his first full-day as US President, Barack Obama on Wednesday outlined plans to declare the country's computer infrastructure a national asset that will be protected by a cyber advisor who will report directly to the president.…
Jan 22, 2009 (22 hours ago)
OcUK puts £10K bounty on the heads of DDoS varmints
from The Register - Security
Wild West response to week-long hack attack
Overclockers.co.uk is offering a £10,000 ($13,830) reward for information leading to the conviction of attackers who have targeted the technology enthusiast site in a DDoS lasting over a week.…
Jan 22, 2009 (13 hours ago)
PBX phone phreakers ring up huge bills in Oz
from The Register - Security
Security loophole allows bad nattering
Phreakers are using security loopholes in PBX systems to make international calls at the expense of businesses in Western Australia.…
5:07 AM (55 minutes ago)
Obama plan says cyber infrastructure is 'strategic'
from Network World on Security by Robert McMillan
The Obama administration has published a high-level plan to protect U.S. computer networks, saying it considers cyber infrastructure "a strategic asset" and will appoint a cyber adviser who will report directly to the president.
5:07 AM (55 minutes ago)
Unisys: Customer convenience key to future IT security
from Network World on Security
Asia Pacific governments and businesses will face pressure during 2009 to 'put the customer first' with their information security strategies, according to information services company Unisys.
5:07 AM (55 minutes ago)
Place your bets against malware
from Network World on Security by Mark Gibbs
The response to my recent Gearhead and Backspin columns on malware has been amazing! And the range of suggestions has ranged from admit defeat, wipe the system, and start again to fight the good fight and don't give in.
5:07 AM (55 minutes ago)
Microsoft Security Response Center gets new boss
from Network World on Security by Robert McMillan
The point man for security bug fixes at Microsoft has stepped down as director of the Microsoft Security Response Center (MSRC).
5:07 AM (55 minutes ago)
Bugs in tech documentation continue to rise
from Network World on Security by Grant Gross
The number of bugs in technical documentation for Microsoft communication protocols continues to grow, according to court documents filed for ongoing antitrust oversight of the company in the U.S.
5:07 AM (55 minutes ago)
Trojan takes 'Office Space' approach to stealing
from Network World on Security by Paul McNamara
Russian security vendor Kaspersky Lab last week began sounding the alarm about an overseas mobile-phone scam that smacks of the movie "Office Space" and may portend future dangers for global users.
5:07 AM (55 minutes ago)
Symbian malware takes money from phone
from Network World on Security by Robert McMillan
Hackers have discovered a new way to steal your money: texting it out of your phone.
Jan 22, 2009 (17 hours ago)
Clerical error foiled Sumitomo bank hack
from Network World on Security
The largest near heist in banking history failed because the men accused of trying to carry it out didn't properly fill in a single field in an electronic transfer form.
5:07 AM (55 minutes ago)
Heartland breach raises questions about PCI standard's effectiveness
from Network World on Security by Ellen Messmer
While it's not yet known if Heartland Payment Systems' data breach will count as the largest card heist ever, some analysts say what is clear is that the Payment Card Industry (PCI) data security standard isn't sufficient.
5:07 AM (55 minutes ago)
Data breach sparks security concerns in payment industry
from Network World on Security
The lack of details surrounding the potentially massive data breach that Heartland Payment Systems Inc. disclosed this week is fueling questions and concerns within the payment processing industry about the exact nature of the security compromise.
Jan 22, 2009 (17 hours ago)
Pirated iWork '09 installer may contain trojan horse
from Network World on Security
Intego, makers of VirusBarrier and other security software for the Macintosh, issued a security alert for Mac users on Thursday, advising them about the existence of a new Trojan Horse, which they've named OSX.Trojan.iServices.A. This new Trojan Horse can be found in pirated copies of Apple's iWork '09 application suite, has been downloaded over 20,000 times, according to Intego's numbers.
Jan 22, 2009 (17 hours ago)
Mac Trojan Horse found in pirated Apple iWork '09
from Network World on Security
Intego, a maker of anti-virus and firewall software, has issued an alert to warn Mac users not to download Apple iWork '09 installers from sites offering pirated software.
Jan 22, 2009 (17 hours ago)
Sophos may lay off up to 5% of staff
from Network World on Security
Security vendor Sophos plans to lay off up to 5% of its staff, the company said Thursday.
3:06 AM (2 hours ago)
CeWL - Custom Word List Generator Tool for Password Cracking
from Darknet - The Darkside by Darknet
It seems to be trendy lately to make tools which can create custom or more specific word lists for password cracking, just last week we posted about the web application The Associative Word List Generator (AWLG), which crawls the whole web to look for associated words with a given topic. This application is more towards creating [...]Read the full post at darknet.org.uk
Jan 22, 2009 (21 hours ago)
Using Twitter for Data Mining and Information Gathering
from Darknet - The Darkside by Darknet
We’ve mentioned Twitter a few times lately as it has become a larger and larger part of the social web and the premier ‘micro-blogging’ platform. There was a recent Phishing issue on Twitter and before that Twitter Jacking and a CSRF bug that allowed auto-following. Due to the large update of Twitter, the amount of datable...Read the full post at darknet.org.uk
Jan 22, 2009 (18 hours ago)
Brief: Apple quashes eight QuickTime flaws
from SecurityFocus News
Apple quashes eight QuickTime flaws
Jan 22, 2009 (18 hours ago)
News: Mac OS X research warns of stealthier attacks
from SecurityFocus News
Mac OS X research warns of stealthier attacks
12:02 AM (6 hours ago)
US cybersecurity ills will be a tough nut for Obama to crack
from Ars Technica by segphault@arstechnica.com (Ryan Paul)
The Obama administration's agenda for boosting homeland security includes a number of issues that relate to cybersecurity. Although the plan reflects an awareness of key security issues posed by emerging technologies, its proposed solutions still need some work.
Jan 22, 2009 (17 hours ago)
An odd choice to help government with open source strategy
from Ars Technica by segphault@arstechnica.com (Ryan Paul)
Obama has asked Sun cofounder Scott McNealy to prepare a paper about the potential cost benefits of adopting open source software in government IT. Although open source adoption would be a smart cost-cutting move, McNealy isn't exactly a fount of wisdom on the subject.
10:13 PM (8 hours ago)
Obama Plan Says Cyber Infrastructure Is 'strategic'
from PC World Latest Technology News
In a new position paper, the Obama administration says it will consider cyber infrastructure a strategic asset.
7:12 PM (11 hours ago)
Symbian Malware Takes Money From Phone
from PC World Latest Technology News
Kaspersky Lab warns that a new mobile-phone Trojan spotted in Indonesia uses SMS messages to steal money.
Jan 22, 2009 (14 hours ago)
Confirmed: Obama gets his BlackBerry, no Sectera Edge in sight
from Engadget by Joshua Topolsky
8:40 PM (10 hours ago)
White House Confirms: President Keeps His Blackberry
from Techdirt by Michael Masnick
There were some stories yesterday saying that, despite earlier worries he'd be forced to give it up, President Obama was able to keep his Blackberry -- and now the White House has confirmed it.
-- Aurora Report says The President has spoken http://www.whitehouse.gov/agenda/homeland_security/.
Subscribe to:
Post Comments (Atom)
My Blog List
-
-
Oxford Uni student data pwned yet again - this time via career platform breach - Totally different attack from the break-in last month. Oh so that's OK then1 day ago
-
Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts - The Instagram accounts for the Obama White House and the Chief Master Sergeant of the U.S. Space Force were briefly defaced with pro-Iranian images and mes...6 days ago
-
Mandiant Global Median Dwell Time Deteriorates from 11 to 14 Days - Oh snap. My single most important cybersecurity metric deteriorated again. In the M-Trends report for calendar year 2024, Mandiant’s global median dwe...
2 months ago -
MSSQLand – Lightweight MS-SQL Interaction Tool for Lateral Movement and Post-Exploitation - MSSQLand enables red teams to interact with MS-SQL servers and linked instances in restricted environments without complex T-SQL queries. Assembly-ready to...2 months ago
-
Today's NYT Mini Crossword Answers for Tuesday, Oct. 7 - Here are the answers for The New York Times Mini Crossword for Oct. 7.
8 months ago -
Today's NYT Mini Crossword Answers for Tuesday, Oct. 7 - Here are the answers for The New York Times Mini Crossword for Oct. 7.
8 months ago
-
Announcing SecTemplates.com release #6: Security Partner Program Pack v1 - I have built several security partner programs at companies such as Box Inc. and Coinbase, with over 8 years of experience leading them. I have consistentl...1 year ago
-
Anybody knows that this URL is about? Maybe Balena API request?, (Wed, Feb 7th) - Yesterday, I noticed a new URL in our honeypots: /v5/device/heartbeat. But I have no idea what this URL may be associated with. Based on some googleing, I ...2 years ago
-
Comic for March 12, 2023 - Dilbert readers - Please visit Dilbert.com to read this feature. Due to changes with our feeds, we are now making this RSS feed a link to Dilbert.com.3 years ago
-
87% of Container Images in Production Have Critical or High-Severity Vulnerabilities - At the inaugural CloudNativeSecurityCon, DevSecOps practitioners discussed how to shore up the software supply chain.3 years ago
-
Vulnerability Summary for the Week of November 29, 2021 - Original release date: December 6, 2021 High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info abb -- rtu50...4 years ago
-
AA21-336A: APT Actors Exploiting CVE-2021-44077 in Zoho ManageEngine ServiceDesk Plus - Original release date: December 2, 2021 Summary *This joint Cybersecurity Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (AT...4 years ago
-
Ransomware: Why one city chose to the pay the ransom after falling victim - Posted by InfoSec News on Aug 12 https://www.zdnet.com/article/ransomware-why-one-city-chose-to-the-pay-the-ransom-after-falling-victim/ By Danny Palmer Z...5 years ago
-
What the newly released Checkra1n jailbreak means for iDevice security - There are reasons to embrace it. There are reasons to be wary of it. Here's the breakdown.6 years ago
-
Privacy and Mobile Device Apps - Original release date: July 9, 2019 | Last revised: November 15, 2019 What are the risks associated with mobile device apps? Applications (apps) on your sm...6 years ago
-
44CON 2018 - 12th-14th September, London (UK) - Posted by Steve on Feb 28 44CON 2018 is the UK's best annual Security Conference and Training event. The conference spans 2.5 days with training on the 1...8 years ago
-
Cryptopp Crypto++ 5.6.4 octets Remote Code Execution Vulnerability - Crypto++ (aka cryptopp and libcrypto++) 5.6.4 contained a bug in its ASN.1 BER decoding routine. The library will allocate a memory block based on the leng...8 years ago
-
V2V Communications security considerations - The future of vehicles, road infrastructure and driving are changing. We are progressing with vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) ...9 years ago
-
vTech – ignorance is no defence (and neither are weasel words) - This morning, Troy Hunt published a blog post alerting to a recent change in the Terms & Conditions published by children’s toy manufacturer vTech. The cha...10 years ago
-
DOJ probing claims U.S. drug agency 'collaborated' with NSA on intelligence - The U.S. Justice Dept. said it was "looking into the issues" raised by an Reuters story, that one of its law enforcement agencies collaborated with the NSA...12 years ago
-
-
-
-
-
-
-
-
-
Posts
No comments:
Post a Comment