Last updated:
Fri Apr 18 13:08:21 2014 GMT
  2014 FIRST Annual Conference in Boston - Register now


Recent bugs
via SecurityFocus,
HP LoadRunner Virtual User Generator CVE-2013-4839 Remote Code Execution Vulnerability
HP LoadRunner Virtual User Generator CVE-2013-4837 Remote Code Execution Vulnerability
HP LoadRunner Virtual User Generator CVE-2013-6213 Remote Code Execution Vulnerability
Qemu 'virtio-net.c' Local Integer Overflow Vulnerability
OpenSSL 'ssl3_release_read_buffer()' Use-After-Free Memory Corruption Vulnerability
Oracle Java SE CVE-2014-2398 Remote Security Vulnerability
Oracle Java SE CVE-2014-0429 Remote Security Vulnerability
Oracle Java SE CVE-2014-0452 Remote Security Vulnerability
Oracle Java SE CVE-2013-5906 Remote Security Vulnerability
Linux Kernel 'ping_init_sock()' Local Privilege Escalation Vulnerability
Recent advisories
via Secunia, US-CERT,
TA12-073A: Microsoft Updates for Multiple Vulnerabilities
TA12-045A: Microsoft Updates for Multiple Vulnerabilities
TA12-024A: "Anonymous" DDoS Activity
TA12-010A: Microsoft Updates for Multiple Vulnerabilities
TA12-006A: Wi-Fi Protected Setup (WPS) Vulnerable to Brute-Force Attack
TA11-350A: Adobe Updates for Multiple Vulnerabilities
TA11-347A: Microsoft Updates for Multiple Vulnerabilities
TA11-312A: Microsoft Updates for Multiple Vulnerabilities
TA11-286A: Apple Updates for Multiple Vulnerabilities
TA11-284A: Microsoft Updates for Multiple Vulnerabilities
TA11-256A: Microsoft Updates for Multiple Vulnerabilities
TA11-222A: Adobe Updates for Multiple Vulnerabilities
TA11-221A: Microsoft Updates for Multiple Vulnerabilities
TA11-201A: Oracle Updates for Multiple Vulnerabilities
TA11-200A: Security Recommendations to Prevent Cyber Intrusions
TA11-193A: Microsoft Updates for Multiple Vulnerabilities
TA11-165A: Microsoft Updates for Multiple Vulnerabilities
TA11-166A: Adobe Updates for Multiple Vulnerabilities
TA11-130A: Microsoft Updates for Multiple Vulnerabilities
TA11-102A: Microsoft Updates for Multiple Vulnerabilities
Bugtraq Topics
via SecurityFocus,
[security bulletin] HPSBMU02995 rev.3 - HP Software HP Service Manager, Asset Manager, UCMDB Browser, UCMDB Configuration Manager, Executive Scorecard, Server Automation, Diagnostics, LoadRunner, and Performance Center, running OpenSSL, Remote Di
[security bulletin] HPSBMU02998 rev.2 - HP System Management Homepage (SMH) running OpenSSL on Linux and Windows, Remote Disclosure of Information, Denial of Service (DoS)
[security bulletin] HPSBMU02935 rev.2 - HP LoadRunner Virtual User Generator, Remote Code Execution, Disclosure of information
D-Link DAP-1320 Wireless Range Extender Directory Traversal and XSS Vulnerabilities
[ MDVSA-2014:079 ] json-c
[security bulletin] HPSBGN03010 rev.1 - HP Software Server Automation, "HeartBleed" OpenSSL Vulnerability, Remote Disclosure of Information
CVE-2014-2597 - Denial of Service in PCNetSoftware RAC Server
Buggy insecure "security" software executes rogue binary during installation and uninstallation
[ MDVSA-2014:078 ] asterisk
[CORE-2014-0003] - SAP Router Password Timing Attack
Top Worms and Viruses
via Sophos,
Troj/Invo-Zip
W32/Netsky
Mal/EncPk-EI
Troj/Pushdo-Gen
Troj/Agent-HFU
Mal/Iframe-E
Troj/Mdrop-BTV
Troj/Mdrop-BUF
Troj/Agent-HFZ
Troj/Agent-HGT
Latest MS bulletins
via Microsoft,
MS11-703 - Important: Test MNP bulletin #3 (test0703)
MS11-702 - Moderate: Test MNP bulletin #2 (test0702)
MS11-701 - Low: Test MNP bulletin #1 (test0701)
MS11-069 - Moderate: Vulnerability in .NET Framework Could Allow Information Disclosure (2567951)
MS11-068 - Moderate: Vulnerability in Windows Kernel Could Allow Denial of Service (2556532)
MS11-067 - Important: Vulnerability in Microsoft Report Viewer Could Allow Information Disclosure (2578230)
MS11-066 - Important: Vulnerability in Microsoft Chart Control Could Allow Information Disclosure (2567943)
MS11-065 - Important: Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (2570222)
MS11-064 - Important: Vulnerabilities in TCP/IP Stack Could Allow Denial of Service (2563894)
MS11-063 - Important: Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2567680)
Stock Watch
via Yahoo! Finance
Updated 4/17/2014
NASDAQ 4095.516 +9.291
JNPR 25.17 +0.12
SYMC 20.71 +0.03
CSCO 23.21 +0.18
CKP 12.41 +0.09
MSFT 40.01 -0.39
IBM 190.01 -6.39
INTC 27.04 +0.11
AMD 3.69 -0.07
CIC.TO 10.52 -0.07
CA 30.41 +0.09
BCSI 0.00 N/A
VRSN 50.66 +0.08
INTC 27.04 +0.11
CUDA 27.07 -0.79
SPLK 65.84 +1.07
FEYE 47.11 -0.50
QLYS 21.04 +0.57
PANW 69.96 +0.12
HPQ 31.93 -0.56
IMPV 26.92 -0.03
PFPT 29.61 +1.62

 

Recent News

Highly sophisticated malware stole credit card data from 3M Michaels customers
Yahoo! News: Security News

Vigil@nce - Drupal Printer, email and PDF versions: Cross Site Scripting, analyzed on 03/04/2014
Vigil@nce - public vulnerabilities
An attacker can trigger a Cross Site Scripting of Drupal Printer, email and PDF versions, in order to execute JavaScript code in the context of the web site.

Vigil@nce - Drupal Custom Search: Cross Site Scripting, analyzed on 03/04/2014
Vigil@nce - public vulnerabilities
An attacker can trigger a Cross Site Scripting of Drupal Custom Search, in order to execute JavaScript code in the context of the web site.

Vigil@nce - Drupal CAS Server: ticket replay, analyzed on 03/04/2014
Vigil@nce - public vulnerabilities
An attacker, who captured a ticket, can replay it on Drupal CAS Server, in order to escalate his privileges.

Vigil@nce - WordPress Maps Marker Pro: Cross Site Scripting, analyzed on 03/04/2014
Vigil@nce - public vulnerabilities
An attacker can trigger a Cross Site Scripting of WordPress Maps Marker Pro, in order to execute JavaScript code in the context of the web site.

Netcraft tool flags websites affected by Heartbleed
Techworld.com Security News
Worried about how the Heartbleed vulnerability may affect your personal accounts? A new tool may be of help.


IT security is national security -- but you're not alone
Techworld.com Security News
National security may be at stake as private businesses try to manage a growing number of cyberthreats, but IT professionals shouldn't have to bear that burden alone.Michaels says breach at its stores affected nearly 3M payment cards
Techworld.com Security News
About 2.6 million payment cards at Michaels Stores and another 400,000 at subsidiary Aaron Brothers may have been affected in a card skimming attack that compromised its point-of-sale systems, the retailer said Thursday.DSA-2909 qemu
Debian Security
security update

DSA-2910 qemu-kvm
Debian Security
security update

ISC StormCast for Friday, April 18th 2014 http://isc.sans.edu/podcastdetail.html?id=3941, (Fri, Apr 18th)
SANS Internet Storm Center, InfoCON: green
...(more)...

DSA-2908 openssl
Debian Security
security update

Arts and crafts store Michaels says 3 million credit cards exposed in breach
The Register - Security: Anti-Virus

Meanwhile, Target investigators prepare for long process in nabbing hackers

As the officials investigating the Target data breach are settling in for what they believe will be a long and complex process of catching the hackers behind the heist

Netcraft adds Heartbleed sniffing to site-scanning browser tool
The Register - Security: Anti-Virus

Checks if sites were vulnerable and what they've done about it

Internet stats clearinghouse Netcraft has released a new tool aimed at letting consumers know when the sites they visit might have been compromised by the Heartbleed encryption bug

Scary Android malware uses Facebook to bypass two-factor authentication
Yahoo! News: Security News

Retailer Michaels Stores confirms payment card data breach
Yahoo! News: Security News

Michaels confirms breach of as many as 2.6M cards
Yahoo! News: Security News
Michaels Stores Inc. says Thursday that about 2.6 million cards used at its namesake stores may have been affected in a security breach but it has received "limited" reports of fraud. The nation's ...

Looking for malicious traffic in electrical SCADA networks - part 2 - solving problems with DNP3 Secure Authentication Version 5, (Thu, Apr 17th)
SANS Internet Storm Center, InfoCON: green

I received this week a very valuable e-mail from the DNP Technical Committee Chair, Mr. Adrew Wes ...(more)...


Tor anonymity network to shrink as a result of Heartbleed flaw
Techworld.com Security News
The Tor Project has flagged 380 Tor relays vulnerable to the critical Heartbleed flaw to be rejected from the Tor anonymity network, reducing the network's entry and exit capacity.DSA-2907 long term support for Debian oldstable
Debian Security
announcement of long term support for Debian oldstable

Putin tells Snowden: Russia conducts no US-style mass surveillance
The Register - Security: Anti-Virus

Gov't is too broke for that, Russian prez says

Vladimir Putin has said that Russia has no mass telephone and internet surveillance programs to compare with those in the United States.


Cyber cops: Target hackers may take years to find
Yahoo! News: Security News

Hackers make Siri vastly more useful by modifying it to control Nest, Spotify
Yahoo! News: Security News

Canadians arrest a Heartbleed hacker
LinuxSecurity.com - Latest News
LinuxSecurity.com: Canadian mounties have arrested a teenager who, they say, used the Heartbleed Internet bug to hack into the country's tax agency.

Facebook users targeted by iBanking Android trojan app
Techworld.com Security News
Cybercriminals have started using a sophisticated Android Trojan app designed for e-banking fraud to target Facebook users, possibly in an attempt to bypass the two-factor authentication protection on the social network.OpenSSL Heartbleed bug sniff tools are 'BUGGY' what becomes of the broken hearted?
The Register - Security: Anti-Virus

Hayter's gonna hate

Software that claims to detect the presence of OpenSSL's Heartbleed bug in servers, PCs and other gear may falsely report a system to be safe when users are actually in danger, according to a security consultancy.


Police charge Canadian in Internet privacy breach
Yahoo! News: Security News
OTTAWA, Ontario (AP) Police have charged a 19-year-old Canadian man in connection with the loss of taxpayer data from Canada's tax agency website.

Researcher finds flaw in Samsung fingerprint check
Yahoo! News: Security News
BERLIN (AP) A Berlin-based researcher says he has managed to fool the fingerprint-based security system on Samsung's new Galaxy S5 smartphone using wood glue and a picture of the original print.

Vigil@nce - Linux kernel: NULL pointer dereference via mac80211, analyzed on 02/04/2014
Vigil@nce - public vulnerabilities
An attacker can dereference a NULL pointer in the mac80211 module of the Linux kernel, in order to trigger a denial of service.

Vigil@nce - OpenSSL: data injection via OPENSSL_NO_BUF_FREELIST, analyzed on 14/04/2014
Vigil@nce - public vulnerabilities
An attacker can establish a connection with a multi-thread application linked to OpenSSL with OPENSSL_NO_BUF_FREELIST, in order to potentially inject data in the session of another user.

Court rejects Lavabit appeal, cites improper procedural handling
Techworld.com Security News
A U.S. federal court has affirmed contempt charges against Lavabit, rejecting an attempt by company attorneys to argue new issues on appeal.

Teen arrested in Heartbleed attack against Canadian tax site
Techworld.com Security News
Canadian police have arrested a 19-year-old man for allegedly using the Heartbleed bug to steal data about taxpayers.



Windows XP's retirement turns into major security project for Chinese firm
Techworld.com Security News
Microsoft may have retired Windows XP, but one of China's leading security vendors is trying to keep the OS threat-free, and rolling out protection software to hundreds of millions of users in the nation.Police charge Canadian in Internet privacy breach
Yahoo! News: Security News
Police have charged a 19-year-old Canadian man in connection with the loss of taxpayer data from Canada's tax agency website. The Royal Canadian Mounted Police said Wednesday that Stephen Arthuro Solis-Reyes ...

ISC StormCast for Thursday, April 17th 2014 http://isc.sans.edu/podcastdetail.html?id=3939, (Thu, Apr 17th)
SANS Internet Storm Center, InfoCON: green
...(more)...

Heartbleed shrinks Tor by an eighth
The Register - Security: Anti-Virus

And that's before they look at all the nodes and what version of OpenSSL they're running

Tor, the sometimes-controversial internet-traffic-anonymising service, is bleeding thanks to Heartbleed.


It Took Just Four Days to Hack the Samsung Galaxy S5's Fingerprint Scanner
Yahoo! News: Security News

Heartbleed CRL Activity Spike Found, (Wed, Apr 16th)
SANS Internet Storm Center, InfoCON: green

It looks like, as I had suspected, the CRL activity numbers we have been seeing did not reflect t ...(more)...


"Microsoft confirms it's dropping Windows 8.1 support"
RISKS Digest

Unintended Denial of Service by Banking Security
RISKS Digest

Fingerprint lock in Samsung Galaxy 5 easily defeated by whitehat hackers
RISKS Digest

Apple, Samsung, mobile carriers to debut anti-theft kill switch in 2015
RISKS Digest

"Digital Privacy Act allows companies to hand over customer information without warrant or consent"
RISKS Digest

All sent and received e-mails in Gmail will be analyzed, says Google
RISKS Digest

Vicious Heartbleed bug bites millions of Android phones, other devices
RISKS Digest

Older News

"CRA loses 900 SIN numbers through Heartbleed bug"
RISKS Digest

Re: How Heartbleed Broke the Internet, And Why It Can Happen Again
RISKS Digest

The Heartbleed Challenge
RISKS Digest

OpenSSL Mallocware = Malware
RISKS Digest

Whitehat hacker goes too far, gets raided by FBI, tells all
RISKS Digest

Spider threat fixed by software
RISKS Digest

Check for Heartbleed Vulnerabilites with Chromebleed
About Antivirus Software

DSA-2905 chromium-browser
Debian Security

Burnt out on patches this month? Oracle's got 104 MORE fixes for you
The Register - Security: Anti-Virus

Mounties get their man: Canadian Heartbleed hacker nabbed
The Register - Security: Anti-Virus

U.S. SEC releases cyber security examination blueprint
Yahoo! News: Security News

WinXP and/or Win2003 hanged systems because of SC Forefront Endpoint Protection faulty update, (Wed, Apr 16th)
SANS Internet Storm Center, InfoCON: green

Lavaboom builds encrypted webmail service to resist snooping
Techworld.com Security News

French hard-drive maker LaCie cops to YEAR LONG card data leak
The Register - Security: Anti-Virus

Not even Tor can keep you safe from Heartbleed
Yahoo! News: Security News

American Funds advises password changes, cites 'Heartbleed' risk
Yahoo! News: Security News

Why Heartbleed could be much worse for Android users
Yahoo! News: Security News

Vigil@nce - WordPress Disable Comments: Cross Site Request Forgery, analyzed on 01/04/2014
Vigil@nce - public vulnerabilities

Vigil@nce - Cisco Unity Connection: Cross Site Scripting, analyzed on 01/04/2014
Vigil@nce - public vulnerabilities

German researchers hack Galaxy S5 fingerprint login
Techworld.com Security News

'Snowden effect' has changed cloud data security assumption, survey claims
Techworld.com Security News

Hackers attempt to BLACKMAIL plastic surgeons
The Register - Security: Anti-Virus

Find NEXT Heartbleed, earn $$$: OpenSSL bug hunt needs donations
The Register - Security: Anti-Virus


all content is copyright its respective owner or owners. the tools and components behind this page are copyright © 2003-2010 jose nazario, all rights reserved. this page is available as RSS 2.0.