Saturday, January 10, 2009
Around The Horn vol.1,5
Alerts
Jan 9, 2009 (15 hours ago)
Infocon: green
from SANS Internet Storm Center, InfoCON: green
A Worm Triggering Autolock - Another Sighting of W32.Downadup?
Jan 9, 2009 (yesterday)
A Worm Triggering Autolock - Another Sighting of W32.Downadup?, (Fri, Jan 9th)
from SANS Internet Storm Center, InfoCON: green
An ISC reader asked us about reports of malware that's locking user accounts. According to several m ...(more)...
Jan 9, 2009 (23 hours ago)
Active Scans for Roundcube Vulnerabilities, Possible 0-Day, (Fri, Jan 9th)
from SANS Internet Storm Center, InfoCON: green
Scans for vulnerabilities in Roundcube, popular web mail software, seem to be on the rise. We report ...(more)...
Jan 9, 2009 (20 hours ago)
Executives at a Swedish Company Targeted via an Email Attachment, (Fri, Jan 9th)
from SANS Internet Storm Center, InfoCON: green
We received a report of a Swedish company that was just subjected to a targeted attack. The company' ...(more)...
Security News
Jan 9, 2009 (18 hours ago)
Human Being Firewall
from SANS Information Security Reading Room
Category: Firewalls & Perimeter Protection
Paper Added: January 9, 2009
Jan 9, 2009 (18 hours ago)
Covering the Tracks on Mac OS X Leopard
from SANS Information Security Reading Room
Category: Mac/Apple Issues
Paper Added: January 9, 2009
Jan 9, 2009 (13 hours ago)
Hackers deface Army and Nato sites
from CGISecurity - Website and Application Security News by Robert
"Hackers have taken down two high-profile targets as they continue their ongoing Web attacks in support of Palestine, defacing Web sites run by the U.S. Army and the North Atlantic Treaty Organization (NATO).The attacks on Thursday took down the Web sites for The United States Army Military District of Washington and...
Jan 9, 2009 (13 hours ago)
New DNSSEC Bind Flaw Patched
from CGISecurity - Website and Application Security News by Robert
"Security researcher Dan Kaminsky made headlines last year when he discovered a critical DNS flaw. If left unpatched it could have crippled vast parts of the Internet. As 2009 starts up, a new DNS (define) flaw has emerged, but the severity of the threat is less pronounced. ISC (Internet Systems Consortium)...
Jan 9, 2009 (17 hours ago)
Oracle to issue 41 patches on January 13th
from CGISecurity - Website and Application Security News by Robert
"Next Tuesday (13 January) promises to be a busy day for hard-pressed sys admins. Although Microsoft's regular monthly Patch Tuesday update promises only one bulletin, a critical fix for Windows1, Oracle's quarterly batch weighs in at 41 fixes. The updates fix vulnerabilities across "hundreds of Oracle products", an alert from Oracle...
Jan 9, 2009 (20 hours ago)
How to Suck at Information Security
from CGISecurity - Website and Application Security News by Robert
Lenny Zeltser from dshield has posted an amusing list of ways to suck at information security broken upin the following categories.- Security Policy and Compliance- Security Tools- Risk Management- Security Practices- Password ManagementHere's a snippet"Security Tools Deploy a security product out of the box without tuning it. Tune the IDS to...
Jan 9, 2009 (20 hours ago)
Crafting a Security RFP
from CGISecurity - Website and Application Security News by Robert
"Creating RFPs for security solutions and processing the responses is not an easy task. Having responded to a fair number of such RFPs, I found that many of them are created hastily, and don’t allow the issuer to benefit from quality responses. Here's my list of the top 10 mistakes organizations...
Jan 9, 2009 (14 hours ago)
Pro-Palestine vandals deface Army, NATO sites
from The Register - Security
Protest Israeli Gaza attacks
Online vandals protesting Israel's military action in Gaza have defaced thousands of websites, including high-profile sites belonging to the US Army, the North Atlantic Treaty Organization, and a Washington-based group that oversees homeland security.…
Jan 9, 2009 (17 hours ago)
New York mulls terrorist cell phone jamming
from The Register - Security
Not as simple as it sounds
New York Police officials are studying whether it's possible to disrupt cell phone communications among terrorists during an attack on the city following reports that gunmen in Mumbai used hand-held devices during a deadly rampage in November.…
Jan 9, 2009 (21 hours ago)
Email snafu gifts federal informants' names to press
from The Register - Security
Witless protection
An email error inadvertently disclosed the names of more than 20 confidential informants in a federal investigation to reporters.…
Jan 9, 2009 (22 hours ago)
Hacktivist tool targets Hamas
from The Register - Security
DDoS street protest covers both side of Gaza conflict
Israeli cyberactivists are inviting pro-Israeli surfers to install a tool that attacks websites associated with Hamas.…
Jan 9, 2009 (yesterday)
Oracle patch batch eclipses Microsoft Patch Tuesday
from The Register - Security
41 to one
Next Tuesday (13 January) promises to be a busy day for hard-pressed sys admins.…
4:52 AM (5 hours ago)
Intego updates Mac security, antivirus tools
from Network World on Security
Intego rolled out a spate of updates to its line of Internet security offerings at Macworld Expo, including a significant update to its Internet-filtering software and a new version of its server-side virus protection programs.
Jan 9, 2009 (20 hours ago)
Oracle to issue 41 security patches
from Network World on Security
Oracle will issue 41 security patches next Tuesday addressing vulnerabilities across "hundreds" of its products, the company said in a pre-release announcement .
4:52 AM (5 hours ago)
10 Things That WON'T Happen in 2009
from Network World on Security
Predicting the future is a futile exercise but there are some things that never seem to change year after year even though every effort is made by security professionals to raise awareness and reduce the risk. The list below is not unfamiliar to IT administrators and it is really a checklist of those security issues that resurface every year and are never completely dealt with.
4:52 AM (5 hours ago)
Apimac intros file-encryption software
from Network World on Security
Apimac introduced Protect Files, a new file and folder encryption application. Protect Files 1.0 creates a password-locked encrypted space for files and folders on hard drives, external disks, or a USB drive.
4:52 AM (5 hours ago)
Auditor: IRS still vulnerable to cyber breaches
from Network World on Security by Grant Gross
The U.S. Internal Revenue Service remains vulnerable to a wide range of cybersecurity problems, and the agency has fixed less than half of the vulnerabilities identified in a November audit, according to a report by the U.S. Government Accountability Office released Friday.
4:52 AM (5 hours ago)
Hackers deface NATO, US Army Web sites
from Network World on Security by Robert McMillan
Hackers have taken down two high-profile targets as they continue their ongoing Web attacks in support of Palestine, defacing Web sites run by the U.S. Army and the North Atlantic Treaty Organization (NATO).
4:52 AM (5 hours ago)
Securing your Mac
from Network World on Security
When you think of security for the Mac, you're usually talking about firewalls, encryption products, and (most controversially) antivirus apps. But there are some much more brass-tacks security products on the Macworld Expo show-floor that have nothing to do with hackers or malware.
4:52 AM (5 hours ago)
Fry's VP indicted for wire fraud, money laundering
from Network World on Security
A vice president at Fry's Electronics Inc. was indicted this week by a grand jury on five counts of wire fraud and four counts of money laundering in connection with an alleged kickback scheme that pulled in tens of millions of dollars.
Jan 9, 2009 (17 hours ago)
Brief: Army, NATO sites defaced by Mideast protesters
from SecurityFocus News
Army, NATO sites defaced by Mideast protesters
Jan 9, 2009 (16 hours ago)
Mark Rasch: The Drew Verdict Makes Us All Hackers
from SecurityFocus News
The Drew Verdict Makes Us All Hackers
-- Aurora Report says never a dull Saturday.
Subscribe to:
Post Comments (Atom)
My Blog List
-
-
Oxford Uni student data pwned yet again - this time via career platform breach - Totally different attack from the break-in last month. Oh so that's OK then1 day ago
-
Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts - The Instagram accounts for the Obama White House and the Chief Master Sergeant of the U.S. Space Force were briefly defaced with pro-Iranian images and mes...6 days ago
-
Mandiant Global Median Dwell Time Deteriorates from 11 to 14 Days - Oh snap. My single most important cybersecurity metric deteriorated again. In the M-Trends report for calendar year 2024, Mandiant’s global median dwe...
2 months ago -
MSSQLand – Lightweight MS-SQL Interaction Tool for Lateral Movement and Post-Exploitation - MSSQLand enables red teams to interact with MS-SQL servers and linked instances in restricted environments without complex T-SQL queries. Assembly-ready to...2 months ago
-
Today's NYT Mini Crossword Answers for Tuesday, Oct. 7 - Here are the answers for The New York Times Mini Crossword for Oct. 7.
8 months ago -
Today's NYT Mini Crossword Answers for Tuesday, Oct. 7 - Here are the answers for The New York Times Mini Crossword for Oct. 7.
8 months ago
-
Announcing SecTemplates.com release #6: Security Partner Program Pack v1 - I have built several security partner programs at companies such as Box Inc. and Coinbase, with over 8 years of experience leading them. I have consistentl...1 year ago
-
Anybody knows that this URL is about? Maybe Balena API request?, (Wed, Feb 7th) - Yesterday, I noticed a new URL in our honeypots: /v5/device/heartbeat. But I have no idea what this URL may be associated with. Based on some googleing, I ...2 years ago
-
Comic for March 12, 2023 - Dilbert readers - Please visit Dilbert.com to read this feature. Due to changes with our feeds, we are now making this RSS feed a link to Dilbert.com.3 years ago
-
87% of Container Images in Production Have Critical or High-Severity Vulnerabilities - At the inaugural CloudNativeSecurityCon, DevSecOps practitioners discussed how to shore up the software supply chain.3 years ago
-
Vulnerability Summary for the Week of November 29, 2021 - Original release date: December 6, 2021 High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info abb -- rtu50...4 years ago
-
AA21-336A: APT Actors Exploiting CVE-2021-44077 in Zoho ManageEngine ServiceDesk Plus - Original release date: December 2, 2021 Summary *This joint Cybersecurity Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (AT...4 years ago
-
Ransomware: Why one city chose to the pay the ransom after falling victim - Posted by InfoSec News on Aug 12 https://www.zdnet.com/article/ransomware-why-one-city-chose-to-the-pay-the-ransom-after-falling-victim/ By Danny Palmer Z...5 years ago
-
What the newly released Checkra1n jailbreak means for iDevice security - There are reasons to embrace it. There are reasons to be wary of it. Here's the breakdown.6 years ago
-
Privacy and Mobile Device Apps - Original release date: July 9, 2019 | Last revised: November 15, 2019 What are the risks associated with mobile device apps? Applications (apps) on your sm...6 years ago
-
44CON 2018 - 12th-14th September, London (UK) - Posted by Steve on Feb 28 44CON 2018 is the UK's best annual Security Conference and Training event. The conference spans 2.5 days with training on the 1...8 years ago
-
Cryptopp Crypto++ 5.6.4 octets Remote Code Execution Vulnerability - Crypto++ (aka cryptopp and libcrypto++) 5.6.4 contained a bug in its ASN.1 BER decoding routine. The library will allocate a memory block based on the leng...8 years ago
-
V2V Communications security considerations - The future of vehicles, road infrastructure and driving are changing. We are progressing with vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) ...9 years ago
-
vTech – ignorance is no defence (and neither are weasel words) - This morning, Troy Hunt published a blog post alerting to a recent change in the Terms & Conditions published by children’s toy manufacturer vTech. The cha...10 years ago
-
DOJ probing claims U.S. drug agency 'collaborated' with NSA on intelligence - The U.S. Justice Dept. said it was "looking into the issues" raised by an Reuters story, that one of its law enforcement agencies collaborated with the NSA...12 years ago
-
-
-
-
-
-
-
-
-
Posts
No comments:
Post a Comment