Wednesday, January 7, 2009
Around The Horn, Volume One, Number Two
Alerts
Cisco IOS Exploitation Technique and Defense In Depth, (Tue, Jan 6th)
from SANS Internet Storm Center, InfoCON: green
As many of you have seen, The Register and other main stream media sources are starting to discuss a ...(more)...
Tools on my Christmas list., (Fri, Jan 2nd)
from SANS Internet Storm Center, InfoCON: green
Every year I create a list of things I would like to do with my spare time over the holiday break.n ...(more)...
Security News
CheckFree warns 5 million customers after DNS hack
from CGISecurity - Website and Application Security News by Robert
"Tolley wouldn't say what banks were affected by the hack, but the majority of these five million customers were CheckFree's own users, she said. In total, about 42 million customers access CheckFree's bill payment site, she said. Customers who went to CheckFree's Web sites between 12:35 a.m. and 10:10 a.m. on...
Building a Web Application Security Program, Part 8: Putting It All Together
from CGISecurity - Website and Application Security News by Robert
"Whew! This is our final post in this series on Building a Web Application Security Program (Part 1, Part 2, Part 3, Part 4, Part 5, Part 6, Part 7), and it’s time to put all the pieces together. Here are our guidelines for designing a program that meets the needs...
Hackers Post Faked Report of Steve Jobs's Death
from CGISecurity - Website and Application Security News by Robert
"MacRumors, one of the many sites which cover Apple's annual Macworld product launches, has had its live coverage infiltrated, with someone adding the false news of Steve Jobs's death to the blow-by-blow reports."Here's the very amusing screenshot of the incident.http://cache.gawker.com/assets/images/gawker/2009/01/macrumorshacked.jpgRead more: http://valleywag.gawker.com/5124580/hackers-post-faked-report-of-steve-jobss-death
Pak hackers plan attack on Indian cyber networks: Intel
from CGISecurity - Website and Application Security News by Robert
"After the Mumbai terror strikes, anti-India elements in Pakistan are now planning an attack on Indian computer networks, intelligence agencies have warned. Already Pakistani hackers are trying out a dry run against Indian networks through popular websites registered there after the Mumbai terror strikes, Home Ministry sources told PTI here today....
Paper: Security Assessment of the Internet Protocol
from CGISecurity - Website and Application Security News by Robert
The following was sent to the Full Disclosure mailing list last yesterday."In August 2008 the UK CPNI (United Kingdom's Centre for the Protection ofNational Infrastructure) published the document "Security Assessment of theInternet Protocol". The motivation of the aforementioned document isexplained in the Preface of the document itself. (The paper is availableat:...
Israel hacks Arab TV station
from CGISecurity - Website and Application Security News by Robert
"Israeli military forces have reportedly hacked into a Hamas-run TV station to broadcast propaganda. The hijack of the Al-Aqsa television station last weekend represents the latest phase in a war in cyberspace that has accompanied the ongoing conflict in Gaza. Al-Aqsa is known for featuring allegedly antisemitic childrens' cartoons as part...
Rogue LinkedIn Profiles Lead To Malware
from McAfee Avert Labs by Micha Pekrul
LinkedIn is a popular social networking site where you can manage business contacts online. Since you can set up a profile with links to your own website, it seems to attract criminals’ attention as well. A Google search reveals that several hundred fake LinkedIn profiles from nude “Kirsten Dunst” to nude “Hulk Hogan” exist already. The rogue profiles look all alike, with a picture of the celebrity and three links to the parts of the “nude video” like shown in the following picture
Google picks up third spot in spam-friendly shame list
from The Register - Security
Blogspot exploits and Gmail scams slammed
Google has leapfrogged Microsoft to reach third place in a blacklist of spam-friendly ISPs and hosting firms, compiled by anti-spam organisation Spamhaus.org.…
Bogus LinkedIn profiles punt malware to fools
from The Register - Security
Beyoncé's not your friend, you berk
Bogus profiles on social networking website LinkedIn are punting malware to the credulous and starstruck.…
Pranksters inflitrate live Macworld feed
from The Register - Security
Blasphemy on Jobsian high holy day
As unfounded as they may be, reports of Steve Jobs's demise have spread to a live feed of Macworld Expo provided by Apple gossip site MacRumors after griefers managed to breach the website's security.…
Twitter Hack: How It Happened and What's Being Done
from Network World on Security
Twitter is tackling a series of security issues, starting with a hack that hit some well-known celebrity accounts. Someone broke into Twitter accounts belonging to President-elect Barack Obama, CNN anchor Rick Sanchez, and Britney Spears over the weekend. At the same time, a phishing scam is trying to trick regular users into handing over their passwords and compromising their profiles.
The 4 Security Rules Employees Love to Break
from Network World on Security
Most CSOs and security managers know employees are taking risks everyday that could set their company up for a breach. What some of the biggest offenses? And what can be done to nip that risky behavior in the bud? John Stewart, CSO of Cisco, offers his take on 4 rules people love to break and offers advice on getting them to stop.
The CAN-SPAM Act as a warning
from Network World on Security by Scott Bradner
It is widely expected that the new Congress and administration will be passing a lot of regulations to deal with all sorts of perceived problems.
Rogue SSL certificate exploit puts VeriSign on the spot
from Network World on Security by Ellen Messmer
Following the success of researchers last week in creating a false SSL certificate based on VeriSign's RapidSSL brand, the company is scrambling to explain how it happened, how it's preventing it from reoccurring, and whether its other SSL certificate-generation services are at risk.
Google comes in fourth on top 10 list of spam enablers
from Network World on Security
Google has yet to stop a rising number of spammers from abusing Google Docs, its Web-based collaboration and spreadsheet application, according to junk mail watchdog Spamhaus
3 Ways a Twitter Hack Can Hurt You
from Network World on Security
Just days after popular social networking tool Twitter was hit was a phishing scam, the company is now trying to clean up a mess surrounding a separate hacking attack.
Digital Gangster Take Credit for Twitter Hacks
from Network World on Security
Members of the online forum Digital Gangster may have been behind Monday's Twitter hack. On Monday, hacker's gained access to, and posted messages from, 33 Twitter accounts including those of Bill O'Reilly, Britney Spear and CNN's Rick Sanchez
The Five Most Dangerous Security Myths: Myth #2
from Network World on Security
Sure, the Web is today's Wild West, with digital guns blazing and no sheriff in sight. But as long as you use a good antivirus program, you're completely safe, right?
CheckFree warns 5 million customers after hack
from Network World on Security by Robert McMillan
CheckFree and some of the banks that use its electronic bill payment service are notifying more than 5 million customers after criminals took control of several of the company's Internet domains and redirected customer traffic to a malicious Web site hosted in the Ukraine.
Cisco Vulnerability Given ‘Write Once, Run Anywhere’ Treatement
from Darknet - The Darkside by Darknet
This is an interesting development in router security, Cisco bugs have been popping up now and then - not that often - but usually when they do they are quite serious. The problem with them was you needed so many variations unless you were just targeting one specific router, with that specific version of IOS and [...]
Brief: Researchers claim flaws in Intel's trusted platform
from SecurityFocus News
Researchers claim flaws in Intel's trusted platform
Brief: Celebrities mask malware on Twitter, LinkedIn
from SecurityFocus News
Celebrities mask malware on Twitter, LinkedIn
-- Aurora Report says thats the roundup for today.
Subscribe to:
Post Comments (Atom)
My Blog List
-
-
Oxford Uni student data pwned yet again - this time via career platform breach - Totally different attack from the break-in last month. Oh so that's OK then1 day ago
-
Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts - The Instagram accounts for the Obama White House and the Chief Master Sergeant of the U.S. Space Force were briefly defaced with pro-Iranian images and mes...6 days ago
-
Mandiant Global Median Dwell Time Deteriorates from 11 to 14 Days - Oh snap. My single most important cybersecurity metric deteriorated again. In the M-Trends report for calendar year 2024, Mandiant’s global median dwe...
2 months ago -
MSSQLand – Lightweight MS-SQL Interaction Tool for Lateral Movement and Post-Exploitation - MSSQLand enables red teams to interact with MS-SQL servers and linked instances in restricted environments without complex T-SQL queries. Assembly-ready to...2 months ago
-
Today's NYT Mini Crossword Answers for Tuesday, Oct. 7 - Here are the answers for The New York Times Mini Crossword for Oct. 7.
8 months ago -
Today's NYT Mini Crossword Answers for Tuesday, Oct. 7 - Here are the answers for The New York Times Mini Crossword for Oct. 7.
8 months ago
-
Announcing SecTemplates.com release #6: Security Partner Program Pack v1 - I have built several security partner programs at companies such as Box Inc. and Coinbase, with over 8 years of experience leading them. I have consistentl...1 year ago
-
Anybody knows that this URL is about? Maybe Balena API request?, (Wed, Feb 7th) - Yesterday, I noticed a new URL in our honeypots: /v5/device/heartbeat. But I have no idea what this URL may be associated with. Based on some googleing, I ...2 years ago
-
Comic for March 12, 2023 - Dilbert readers - Please visit Dilbert.com to read this feature. Due to changes with our feeds, we are now making this RSS feed a link to Dilbert.com.3 years ago
-
87% of Container Images in Production Have Critical or High-Severity Vulnerabilities - At the inaugural CloudNativeSecurityCon, DevSecOps practitioners discussed how to shore up the software supply chain.3 years ago
-
Vulnerability Summary for the Week of November 29, 2021 - Original release date: December 6, 2021 High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info abb -- rtu50...4 years ago
-
AA21-336A: APT Actors Exploiting CVE-2021-44077 in Zoho ManageEngine ServiceDesk Plus - Original release date: December 2, 2021 Summary *This joint Cybersecurity Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (AT...4 years ago
-
Ransomware: Why one city chose to the pay the ransom after falling victim - Posted by InfoSec News on Aug 12 https://www.zdnet.com/article/ransomware-why-one-city-chose-to-the-pay-the-ransom-after-falling-victim/ By Danny Palmer Z...5 years ago
-
What the newly released Checkra1n jailbreak means for iDevice security - There are reasons to embrace it. There are reasons to be wary of it. Here's the breakdown.6 years ago
-
Privacy and Mobile Device Apps - Original release date: July 9, 2019 | Last revised: November 15, 2019 What are the risks associated with mobile device apps? Applications (apps) on your sm...6 years ago
-
44CON 2018 - 12th-14th September, London (UK) - Posted by Steve on Feb 28 44CON 2018 is the UK's best annual Security Conference and Training event. The conference spans 2.5 days with training on the 1...8 years ago
-
Cryptopp Crypto++ 5.6.4 octets Remote Code Execution Vulnerability - Crypto++ (aka cryptopp and libcrypto++) 5.6.4 contained a bug in its ASN.1 BER decoding routine. The library will allocate a memory block based on the leng...8 years ago
-
V2V Communications security considerations - The future of vehicles, road infrastructure and driving are changing. We are progressing with vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) ...9 years ago
-
vTech – ignorance is no defence (and neither are weasel words) - This morning, Troy Hunt published a blog post alerting to a recent change in the Terms & Conditions published by children’s toy manufacturer vTech. The cha...10 years ago
-
DOJ probing claims U.S. drug agency 'collaborated' with NSA on intelligence - The U.S. Justice Dept. said it was "looking into the issues" raised by an Reuters story, that one of its law enforcement agencies collaborated with the NSA...12 years ago
-
-
-
-
-
-
-
-
-
Posts
No comments:
Post a Comment