Friday, January 9, 2009
Around The Horn vol.1,4
Alerts
8:58 PM (9 hours ago)
How to Suck at Information Security, (Fri, Jan 9th)
from SANS Internet Storm Center, InfoCON: green
The following list presents common information security mistakes and misconceptions, so you can avoi ...(more)...
7:55 PM (10 hours ago)
BIND OpenSSL follow-up, (Thu, Jan 8th)
from SANS Internet Storm Center, InfoCON: green
As a follow-up to the story from yesterday on the BIND DNS server updates (as a result of the OpenSS ...(more)...
Security News
Jan 8, 2009 (16 hours ago)
Microsoft Security Bulletin Advance Notification for January 2009
from Microsoft Security Content: Comprehensive Edition
Revision Note: Advance Notification publishedSummary: This advance notification lists security bulletins to be released for January 2009.
Jan 8, 2009 (16 hours ago)
TJX Maxx hacker sentenced to 30 years
from CGISecurity - Website and Application Security News by Robert
We've previously covered the TJX compromise. It appears one of the attackers involved is going to prison."Maksym Yastremskiy, the Ukrainian accused of being a key figure in the infamous TJX Maxx Wi-Fi hack of 2005, has been sentenced to 30-years in prison by a Turkish court. Yastremskiy - or 'Maksik' as...
8:11 PM (10 hours ago)
VeriSign remedies massive SSL blunder (kinda, sorta)
from The Register - Security
Rolling the dice with the internet's future
Analysis After being publicly outed issuing web credentials that were vulnerable to attacks that could allow criminals to spoof the encryption certificates of any website on the internet, VeriSign has issued assurances it has neutralized any real-world threat.…
Jan 8, 2009 (13 hours ago)
Hackers, insiders blamed for US data breach growth
from The Register - Security
Taking a leak
US organisations lost even more sensitive data in a greater number of information security screw-ups last year, according to a new survey.…
Jan 8, 2009 (15 hours ago)
Major League Baseball pitches visitors foul ads
from The Register - Security
Website admins go AWOL
Once again, Major League Baseball's website has been caught serving ads designed to infect its considerable base of visitors with malware that trashes their machines.…
Jan 8, 2009 (16 hours ago)
Carder linked to TJX hack jailed for 30 years by Turkish court
from The Register - Security
Ukrainian boards Midnight Express
A Ukrainian fraudster linked to the infamous TJX hack was sentenced to a 30 year prison sentence in Turkey on unrelated charges this week.…
Jan 8, 2009 (19 hours ago)
Virus peddlers set up shop on Google code project
from The Register - Security
Skin-flick codec scams follow MSN Spaces abuse
Internet scoundrels have begun abusing Google code hosting projects to distribute malware and promote smut. The assault follows a bout of the same kind of abuse against Microsoft's comparable MSN Spaces beta site dating back a year, net security firm McAfee reports.…
Jan 8, 2009 (20 hours ago)
HMRC warns over tax email scams
from The Register - Security
Death and taxes and crime
The Treasury has taken the unusual step of warning UK taxpayers of a phishing scam doing the rounds, which looks to ensnare frantic last-minute tax return filers.…
Jan 8, 2009 (22 hours ago)
Take a hammer to your hard drive, shrieks Which?
from The Register - Security
Wiping-tech confidence collapse insanity
Which? Computing has lost faith in wiping technology and advised punters to take a hammer to hard discs they intend to get rid of. Reg readers and experts have slammed the advice as misguided and irresponsible.…
Jan 8, 2009 (17 hours ago)
TJX Maxx hacker banged up for 30 years
from Network World on Security
Maksym Yastremskiy, the Ukrainian accused of being a key figure in the infamous TJX Maxx Wi-Fi hack of 2005, has been sentenced to 30-years in prison by a Turkish court.
Jan 8, 2009 (17 hours ago)
Destroy discarded hard drives, warn researchers
from Network World on Security
Here's the next essential item in a sysadmin's equipment - a hammer. Too many PCs are still dumped with confidential data intact according to Which? Computing, information that would be very tempting to identity thieves.
4:57 AM (1 hour ago)
E-mail snafu exposes names of confidential witnesses
from Network World on Security
From the how-not-to-keep-a-secret department comes the tale of an official at U.S Attorney Patrick Fitzgerald's office in Chicago who inadvertently e-mailed a document containing the names of more than 20 confidential witnesses in a federal probe to the media.
4:57 AM (1 hour ago)
Fake CNN malware attack spins Gaza angle
from Network World on Security
Hackers have launched a large-scale spam attack masquerading as CNN.com news notifications about the Israeli invasion of Gaza, security researchers said Thursday, in a repeat of a massive campaign last summer that also posed as CNN alerts.
4:57 AM (1 hour ago)
The 5 Most Dangerous Security Myths: Myth #4
from Network World on Security
It's a beloved phrase, used by the wise and the lazy alike in response to everything from potential construction to technical work: "If it ain't broke, don't fix it."
4:57 AM (1 hour ago)
The 5 Most Dangerous Security Myths: Myth #5
from Network World on Security
You've cleared away most of the web of myth. You know that today's evil viruses and other malware exist to make money, that antivirus alone is no guarantee of safety, and that neither is your own good sense (as important as that is). And you know that some of the best protection comes from keeping your software and your operating system up-to-date.
4:57 AM (1 hour ago)
Microsoft slates single Windows patch for Tuesday
from Network World on Security
Microsoft Thursday said it will issue just one security update next week, down dramatically from last month's record-setting eight updates that patched 28 vulnerabilities.
4:57 AM (1 hour ago)
Microsoft to kick off 2009 with single security fix
from Network World on Security by Robert McMillan
After being forced to rush out an emergency patch for its Internet Explorer browser last month, Microsoft plans to release just one security update in its first patch release of 2009.
Jan 8, 2009 (17 hours ago)
Verizon service steps up analysis of security risks
from Network World on Security by Ellen Messmer
Managed security services from Verizon Business get stronger risk-correlation capabilities
Jan 8, 2009 (19 hours ago)
Time and Attack Mapper AKA TA-Mapper - Time/Effort Estimator Tool For Blackbox Security Assessment
from Darknet - The Darkside by Darknet
Time and Attack Mapper (alternatively known as TA-Mapper) is an effort estimator tool for blackbox security assessment (or Penetration Testing) of applications. This tool provides more accurate estimation when compared to rough estimation. Penetration testers who always has hard time explaining/justifying the efforts charged (or quoted) to their...Read the full post at darknet.org.uk
6:04 AM (16 minutes ago)
Cisco Vulnerability Given ‘Write Once, Run Anywhere’ Treatement
from Darknet - The Darkside by Darknet
This is an interesting development in router security, Cisco bugs have been popping up now and then - not that often - but usually when they do they are quite serious. The problem with them was you needed so many variations unless you were just targeting one specific router, with that specific version of IOS and [...]Read the full post at darknet.org.uk
Jan 8, 2009 (18 hours ago)
Brief: Top cops urge greater focus on cybersecurity
from SecurityFocus News
Top cops urge greater focus on cybersecurity
-- Aurora Report says and that wraps up the week.
Subscribe to:
Post Comments (Atom)
My Blog List
-
-
Oxford Uni student data pwned yet again - this time via career platform breach - Totally different attack from the break-in last month. Oh so that's OK then1 day ago
-
Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts - The Instagram accounts for the Obama White House and the Chief Master Sergeant of the U.S. Space Force were briefly defaced with pro-Iranian images and mes...6 days ago
-
Mandiant Global Median Dwell Time Deteriorates from 11 to 14 Days - Oh snap. My single most important cybersecurity metric deteriorated again. In the M-Trends report for calendar year 2024, Mandiant’s global median dwe...
2 months ago -
MSSQLand – Lightweight MS-SQL Interaction Tool for Lateral Movement and Post-Exploitation - MSSQLand enables red teams to interact with MS-SQL servers and linked instances in restricted environments without complex T-SQL queries. Assembly-ready to...2 months ago
-
Today's NYT Mini Crossword Answers for Tuesday, Oct. 7 - Here are the answers for The New York Times Mini Crossword for Oct. 7.
8 months ago -
Today's NYT Mini Crossword Answers for Tuesday, Oct. 7 - Here are the answers for The New York Times Mini Crossword for Oct. 7.
8 months ago
-
Announcing SecTemplates.com release #6: Security Partner Program Pack v1 - I have built several security partner programs at companies such as Box Inc. and Coinbase, with over 8 years of experience leading them. I have consistentl...1 year ago
-
Anybody knows that this URL is about? Maybe Balena API request?, (Wed, Feb 7th) - Yesterday, I noticed a new URL in our honeypots: /v5/device/heartbeat. But I have no idea what this URL may be associated with. Based on some googleing, I ...2 years ago
-
Comic for March 12, 2023 - Dilbert readers - Please visit Dilbert.com to read this feature. Due to changes with our feeds, we are now making this RSS feed a link to Dilbert.com.3 years ago
-
87% of Container Images in Production Have Critical or High-Severity Vulnerabilities - At the inaugural CloudNativeSecurityCon, DevSecOps practitioners discussed how to shore up the software supply chain.3 years ago
-
Vulnerability Summary for the Week of November 29, 2021 - Original release date: December 6, 2021 High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info abb -- rtu50...4 years ago
-
AA21-336A: APT Actors Exploiting CVE-2021-44077 in Zoho ManageEngine ServiceDesk Plus - Original release date: December 2, 2021 Summary *This joint Cybersecurity Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (AT...4 years ago
-
Ransomware: Why one city chose to the pay the ransom after falling victim - Posted by InfoSec News on Aug 12 https://www.zdnet.com/article/ransomware-why-one-city-chose-to-the-pay-the-ransom-after-falling-victim/ By Danny Palmer Z...5 years ago
-
What the newly released Checkra1n jailbreak means for iDevice security - There are reasons to embrace it. There are reasons to be wary of it. Here's the breakdown.6 years ago
-
Privacy and Mobile Device Apps - Original release date: July 9, 2019 | Last revised: November 15, 2019 What are the risks associated with mobile device apps? Applications (apps) on your sm...6 years ago
-
44CON 2018 - 12th-14th September, London (UK) - Posted by Steve on Feb 28 44CON 2018 is the UK's best annual Security Conference and Training event. The conference spans 2.5 days with training on the 1...8 years ago
-
Cryptopp Crypto++ 5.6.4 octets Remote Code Execution Vulnerability - Crypto++ (aka cryptopp and libcrypto++) 5.6.4 contained a bug in its ASN.1 BER decoding routine. The library will allocate a memory block based on the leng...8 years ago
-
V2V Communications security considerations - The future of vehicles, road infrastructure and driving are changing. We are progressing with vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) ...9 years ago
-
vTech – ignorance is no defence (and neither are weasel words) - This morning, Troy Hunt published a blog post alerting to a recent change in the Terms & Conditions published by children’s toy manufacturer vTech. The cha...10 years ago
-
DOJ probing claims U.S. drug agency 'collaborated' with NSA on intelligence - The U.S. Justice Dept. said it was "looking into the issues" raised by an Reuters story, that one of its law enforcement agencies collaborated with the NSA...12 years ago
-
-
-
-
-
-
-
-
-
Posts
No comments:
Post a Comment