Last updated:
Sat Jul 26 10:07:47 2014 GMT
  2014 FIRST Annual Conference in Boston - Register now


Recent bugs
via SecurityFocus,
Oracle Java SE CVE-2014-4265 Remote Security Vulnerability
Barracuda Networks Web Firewall Multiple HTML Injection Vulnerabilities
Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
Cisco WebEx Meetings Server CVE-2014-3301 Information Disclosure Vulnerability
ppc64-diag CVE-2014-4038 Multiple Race Condition Vulnerabilities
Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
IBM WebSphere DataPower XC10 Appliance CVE-2013-5403 Unauthorized Access Vulnerability
JSON-C Weak Hash Function CVE-2013-6371 Denial of Service Vulnerability
JSON-C 'printbuf' API CVE-2013-6370 Denial of Service Vulnerability
libvirt XML Entity Expansion CVE-2014-0179 Information Disclosure Vulnerability
Recent advisories
via Secunia, US-CERT,
TA12-073A: Microsoft Updates for Multiple Vulnerabilities
TA12-045A: Microsoft Updates for Multiple Vulnerabilities
TA12-024A: "Anonymous" DDoS Activity
TA12-010A: Microsoft Updates for Multiple Vulnerabilities
TA12-006A: Wi-Fi Protected Setup (WPS) Vulnerable to Brute-Force Attack
TA11-350A: Adobe Updates for Multiple Vulnerabilities
TA11-347A: Microsoft Updates for Multiple Vulnerabilities
TA11-312A: Microsoft Updates for Multiple Vulnerabilities
TA11-286A: Apple Updates for Multiple Vulnerabilities
TA11-284A: Microsoft Updates for Multiple Vulnerabilities
TA11-256A: Microsoft Updates for Multiple Vulnerabilities
TA11-222A: Adobe Updates for Multiple Vulnerabilities
TA11-221A: Microsoft Updates for Multiple Vulnerabilities
TA11-201A: Oracle Updates for Multiple Vulnerabilities
TA11-200A: Security Recommendations to Prevent Cyber Intrusions
TA11-193A: Microsoft Updates for Multiple Vulnerabilities
TA11-165A: Microsoft Updates for Multiple Vulnerabilities
TA11-166A: Adobe Updates for Multiple Vulnerabilities
TA11-130A: Microsoft Updates for Multiple Vulnerabilities
TA11-102A: Microsoft Updates for Multiple Vulnerabilities
Bugtraq Topics
via SecurityFocus,
Security advisory for Bugzilla 4.5.5, 4.4.5, 4.2.10, and 4.0.14
[SECURITY] [DSA 2989-1] apache2 security update
Easy file sharing web server - persist XSS in forum msgs
Barracuda Networks Firewall 6.1.5 - Filter Bypass & Persistent Vulnerabilities
[slackware-security] httpd (SSA:2014-204-01)
[slackware-security] mozilla-firefox (SSA:2014-204-02)
[slackware-security] mozilla-thunderbird (SSA:2014-204-03)
Barracuda Networks Firewall 6.1.2 #36 - Filter Bypass & Exception Handling Vulnerability + PoC Video BNSEC-2398
Multiple Vulnerabilities in Parallels Plesk Sitebuilder
[oCERT-2014-005] LPAR2RRD input sanitization errors
Top Worms and Viruses
via Sophos,
Troj/Invo-Zip
W32/Netsky
Mal/EncPk-EI
Troj/Pushdo-Gen
Troj/Agent-HFU
Mal/Iframe-E
Troj/Mdrop-BTV
Troj/Mdrop-BUF
Troj/Agent-HFZ
Troj/Agent-HGT
Latest MS bulletins
via Microsoft,
MS11-703 - Important: Test MNP bulletin #3 (test0703)
MS11-702 - Moderate: Test MNP bulletin #2 (test0702)
MS11-701 - Low: Test MNP bulletin #1 (test0701)
MS11-069 - Moderate: Vulnerability in .NET Framework Could Allow Information Disclosure (2567951)
MS11-068 - Moderate: Vulnerability in Windows Kernel Could Allow Denial of Service (2556532)
MS11-067 - Important: Vulnerability in Microsoft Report Viewer Could Allow Information Disclosure (2578230)
MS11-066 - Important: Vulnerability in Microsoft Chart Control Could Allow Information Disclosure (2567943)
MS11-065 - Important: Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (2570222)
MS11-064 - Important: Vulnerabilities in TCP/IP Stack Could Allow Denial of Service (2563894)
MS11-063 - Important: Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2567680)
Stock Watch
via Yahoo! Finance
Updated 7/25/2014
NASDAQ 4449.564 -22.543
JNPR 23.25 +0.04
SYMC 23.83 -0.04
CSCO 25.97 +0.14
CKP 12.71 -0.15
MSFT 44.50 +0.10
IBM 194.40 -0.84
INTC 34.25 unch
AMD 3.76 +0.03
CIC.TO 11.31 +0.10
CA 29.53 -0.11
BCSI 0.00 N/A
VRSN 55.59 +5.76
INTC 34.25 unch
CUDA 28.93 +0.50
SPLK 47.88 -0.04
FEYE 37.15 +0.19
QLYS 24.54 -0.17
PANW 83.04 -1.09
HPQ 35.43 +0.39
IMPV 23.63 +0.03
PFPT 37.73 +1.08

 

Recent News

Apple iPhones allow extraction of deep personal data, researcher finds
Yahoo! News: Security News

DAYS from end of life as we know it: Boffins tell of solar storm near-miss
The Register - Security: Anti-Virus

'We'd still be picking up the pieces now'

Two years ago this week the Sun let off one of its periodic solar flares, and a new analysis of its force shows that human civilization had a very near miss indeed.


How long is too long to wait for a security fix?
The Register - Security: Anti-Virus

Synology finally patches OpenSSL bugs in Trevor's NAS

Sysadmin blog Synology quietly released version 4.2-3250 of its DiskStation Manager (DSM) operating system thi

Mystery 'Onion/Critroni' ransom Trojan evolves to use more sophisticated encryption
Techworld.com Security News
Kaspersky Lab has added more detail on the fiendish ‘Onion’ (aka 'Critroni') ransom Trojan that uses the Tor anonymity service to hide its command and control (C&C;) as well as displaying a level of thoughtfulness about its encryption design

Python Commandline Symlink Attack Vulnerability
SecuriTeam.com
Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 uses the names of temporary files on the command line, which makes it easier for local users to conduct symlink attacks by listing the processes.

Oracle Supply Chain Products Suite 9.3.3.0 Information Disclosure Vulnerability
SecuriTeam.com
Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.3.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Security.

Microsoft Debug Interface Access SDK 'msdia.dll' Memory Corruption Vulnerability
SecuriTeam.com
Microsoft Debug Interface Access SDK is prone to a memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the current process. Failed attacks will cause denial-of-service conditions.

IBM WebSphere Service Registry And Repository Cross-Site Scripting Vulnerability
SecuriTeam.com
Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.2, 6.3 before 6.3.0.6, 7.0 before 7.0.0.6, 7.5 before 7.5.0.5, and 8.0 before 8.0.0.3 allows remote attackers to inject arbitrary web script o

IBM Maximo Asset Management SQL Injection Vulnerability
SecuriTeam.com
IBM Maximo Asset Management is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.

F-Secure Anti-Virus Remote Code Execution Vulnerability
SecuriTeam.com
SQL injection vulnerability in an unspecified DLL in the FSDBCom ActiveX control in F-Secure Anti-Virus for Microsoft Exchange Server before HF02, Anti-Virus for Windows Servers 9.00 before HF09, Anti-Virus for Citrix Servers 9.00 before HF09, and F-Secur

Dell SonicWall EMail Security Multiple Cross-Site Scripting (XSS) Vulnerability
SecuriTeam.com
The Dell SonicWall EMail Security Appliance is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the a

Cisco IOS SSH Session Based Device Reload Denial Of Service Vulnerability
SecuriTeam.com
Cisco IOS before 15.1(1)SY allows local users to cause a denial of service (device reload) by establishing an outbound SSH session

Bitrix Site Manager Cookie User Identity Spoofing Vulnerability
SecuriTeam.com
Bitrix Site Manager is prone to an user identity spoofing vulnerability. Attackers can exploit this issue to spoof the user identity and view or manipulate another user's sensitive information. Successfully exploiting this issue may aid in other attacks.

Apple Secure Transport Man In The Middle(MITM) Vulnerability
SecuriTeam.com
Secure Transport in Apple iOS before 7.1.1, Apple OS X 10.8.x and 10.9.x through 10.9.2, and Apple TV before 6.1.1 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-m

Apache Archiva Cross-Site Scripting (XSS) Vulnerability
SecuriTeam.com
Cross-site scripting (XSS) vulnerability in Apache Archiva 1.2 through 1.2.2 and 1.3 before 1.3.8 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to the home page.

Re: Disk-sniffing dogs find thumb drives, DVDs?
RISKS Digest

Re: Unix "*" wildcards considered harmful
RISKS Digest

When is a fire not a fire?
RISKS Digest

iOS devices are still safe -- from everybody except Apple and NSA
RISKS Digest

Russian government offers huge reward for help unmasking anonymous Tor users
RISKS Digest

Black Hat conference Tor presentation canceled
RISKS Digest

Re: How Hackers Hid a Money-Mining Botnet in Amazon's Cloud
RISKS Digest

How Hackers Hid a Money-Mining Botnet in Amazon's Cloud
RISKS Digest

Smart grid hack worries to raise insurance rates?
RISKS Digest

How Big Telecom came to fear one Tennessee town
RISKS Digest

Something ... wrong with US Passport computers
RISKS Digest

Vigil@nce - Cisco Unified Communications Manager: directory traversal of RTMT, analyzed on 10/07/2014
Vigil@nce - public vulnerabilities
An attacker can traverse directories in RTMT of Cisco Unified Communications Manager, in order to read a file outside the service root path.

Vigil@nce - Citrix XenDesktop: privilege escalation via Pooled Random Desktop Groups, analyzed on 10/07/2014
Vigil@nce - public vulnerabilities
An attacker can use a Pooled Random Desktop Group of Citrix XenDesktop, in order to escalate his privileges.

New guide aims to remove the drama of reporting software flaws
Techworld.com Security News
Handling a software flaw can be messy, both for a security researcher who found it and for the company it affects. But a new set of guidelines aims to make that interaction less mysterious and confrontational.Roll out the welcome mat to hackers and crackers
The Register - Security: Anti-Virus

Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s

A clear and easy to read policy is key to developing a good internal bug bounty program, according to BugCrowd which has Four fake Google haxbots hit YOUR WEBSITE every day
LinuxSecurity.com - Latest News
LinuxSecurity.com: One in every 24 Googlebots is a imitation spam-flinging denial of service villain that masquerades as Mountain View to sneak past web perimeter defences, according to security chaps at Incapsula. Villains spawn the "evil twins"

Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
LinuxSecurity.com - Latest News
LinuxSecurity.com: Mozilla has released a bug-and-security update for Firefox, with 11 security fixes, three of them critical. Chief among the security patches is a use-after-free bug the organisation says was discovered by one James Kitchener.

The Barnaby Jack Few Knew: Celebrated Hacker Saw Spotlight as 'Necessary Evil'
LinuxSecurity.com - Latest News
LinuxSecurity.com: When celebrated computer hacker Barnaby Jack died suddenly a year ago at the age of 35, headlines around the world touted the Steve Jobs-style pizazz he brought to cyber-security conferences and his show-stopping stunts such as b

What I Learned from Edward Snowden at the Hacker Conference
LinuxSecurity.com - Latest News
LinuxSecurity.com: It was 1 PM last Saturday and Edward Snowden was about to be televised. His audience was the crowd at the Hackers On Planet Earth conference, a group of people no one would ever mistake for attendees at a political convention. A

Vigil@nce - ruby-lz4: memory corruption, analyzed on 10/07/2014
Vigil@nce - public vulnerabilities
An attacker can generate a memory corruption of ruby-lz4, in order to trigger a denial of service, and possibly to execute code.

Vigil@nce - Junos: denial of service via SIP ALG, analyzed on 10/07/2014
Vigil@nce - public vulnerabilities
An attacker can send a malicious SIP packet to SRX Series with SIP ALG enabled, in order to trigger a denial of service.

Vigil@nce - Junos: privilege escalation via CLI Command, analyzed on 10/07/2014
Vigil@nce - public vulnerabilities
A local attacker can use several CLI commands of Junos, in order to escalate his privileges.

Vigil@nce - Junos: denial of service via NAT IPv4/IPv6, analyzed on 10/07/2014
Vigil@nce - public vulnerabilities
An attacker can send a malicious IPv4 packet to SRX Series with the IPv4/IPv6 NAT enabled, in order to trigger a denial of service.

Vigil@nce - Junos: denial of service via PIM, analyzed on 10/07/2014
Vigil@nce - public vulnerabilities
An attacker can send a malicious PIM packet to Junos, in order to trigger a denial of service.

Vigil@nce - Junos: Cross Site Scripting of SRX Web Authentication, analyzed on 10/07/2014
Vigil@nce - public vulnerabilities
An attacker can trigger a Cross Site Scripting in SRX Web Authentication of Junos, in order to execute JavaScript code in the context of the web site.

Vigil@nce - Junos: denial of service via NAT IPv4/IPv6, analyzed on 10/07/2014
Vigil@nce - public vulnerabilities
An attacker can send a malicious IPv4 packet to SRX Series with the IPv4/IPv6 NAT enabled, in order to trigger a denial of service.

Vigil@nce - Cisco Unified Communications Manager: directory traversal of /dna/viewfilecontents.do, analyzed on 10/07/2014
Vigil@nce - public vulnerabilities
An attacker can traverse directories in /dna/viewfilecontents.do of Cisco Unified Communications Manager, in order to read a file outside the service root path.

Vigil@nce - Cisco Unified Communications Manager: denial of service via DNA, analyzed on 10/07/2014
Vigil@nce - public vulnerabilities
An attacker can delete files via DNA of Cisco Unified Communications Manager, in order to trigger a denial of service.

Vigil@nce - Cisco Unified Communications Manager: file upload via DNA, analyzed on 10/07/2014
Vigil@nce - public vulnerabilities
An attacker can upload a malicious file via DNA on Cisco Unified Communications Manager, in order for example to upload a Trojan.

Vigil@nce - Cisco Unified Communications Manager: Cross Site Scripting of DNA viewfilecontents.do, analyzed on 10/07/2014
Vigil@nce - public vulnerabilities
An attacker can trigger a Cross Site Scripting in DNA viewfilecontents.do of Cisco Unified Communications Manager, in order to execute JavaScript code in the context of the web site.

Older News

Vigil@nce - Drupal LoginToboggan: Cross Site Scripting, analyzed on 10/07/2014
Vigil@nce - public vulnerabilities

Four fake Google haxbots hit YOUR WEBSITE every day
The Register - Security: Anti-Virus

Google devs: Tearing Chrome away from OpenSSL not that easy
The Register - Security: Anti-Virus

Putin: Crack Tor for me and I'll make you a MILLIONAIRE
The Register - Security: Anti-Virus

Sony tries to make PlayStation Network hack row go away with $15m in cash and games
The Register - Security: Anti-Virus

Homeland Security gets into software security
LinuxSecurity.com - Latest News

Vigil@nce - WordPress BSK PDF Manager: SQL injection, analyzed on 09/07/2014
Vigil@nce - public vulnerabilities

Thousands of sites compromised through WordPress plug-in vulnerability
Techworld.com Security News

Nigerian 419 scammers diversifying into Trojan malware, finds Palo Alto
Techworld.com Security News

BlackBerry: Toss the server, mate... BES is in the CLOUD now
The Register - Security: Anti-Virus

Vigil@nce - syslog-ng: memory leak, analyzed on 21/07/2014
Vigil@nce - public vulnerabilities

Vigil@nce - Cisco IOS, IOS XE: bypassing NTP access-group, analyzed on 09/07/2014
Vigil@nce - public vulnerabilities

Vigil@nce - Cisco Small Business SPA300/500 IP Phones: privilege escalation, analyzed on 09/07/2014
Vigil@nce - public vulnerabilities

Vigil@nce - Cisco Small Business SPA300/500 IP Phones: Cross Site Scripting, analyzed on 09/07/2014
Vigil@nce - public vulnerabilities

Hackers steal user data from the European Central Bank website, ask for money
Techworld.com Security News

Internet Explorer vulnerabilities surge to record levels in 2014, NVD figures reveal
Techworld.com Security News

Who has your credit card data? 1 million HOLIDAY-MAKERS' RECORDS exposed
The Register - Security: Anti-Virus

How Hackers Hid a Money-Mining Botnet in Amazon's Cloud
LinuxSecurity.com - Latest News

BMW's ConnectedDrive falls over, bosses blame upgrade snafu
The Register - Security: Anti-Virus

Six charged over StubHub e-ticket heist for Elton John gigs
The Register - Security: Anti-Virus

Nokia's fortunes brighten on heavy network spending
Yahoo! News: Security News

ECB says website hacked, no sensitive data affected
Yahoo! News: Security News

Senior U.S. Homeland Security cyber official Larry Zelvin to retire
Yahoo! News: Security News

Arrests made after international cyber-ring targets StubHub
Techworld.com Security News

Firm says vulnerability in Tails contained in I2P component
Techworld.com Security News

EBay faces class action suit over data breach
Techworld.com Security News

'Unsolicited texts' outrage: Man fined 4k for DPA breach
The Register - Security: Anti-Virus

ECB says website hacked, no sensitive data affected
Yahoo! News: Security News

50,000 sites backdoored through shoddy WordPress plugin
The Register - Security: Anti-Virus


all content is copyright its respective owner or owners. the tools and components behind this page are copyright © 2003-2010 jose nazario, all rights reserved. this page is available as RSS 2.0.