Last updated:
Sat Oct 10 01:07:25 2015 GMT
  2014 FIRST Annual Conference in Boston - Register now

Recent bugs
via SecurityFocus,
IBM SDK Java Security Components CVE-2015-1931 Local Information Disclosure Vulnerability
OpenSLP 'SLPIntersectStringList()' Function Denial of Service Vulnerability
Linux Kernel 'perf_callchain_user_64()' Function Denial of Service Vulnerability
Symantec Endpoint Protection Manager CVE-2015-1487 Arbitrary File Write Vulnerability
Elasticsearch CVE-2015-5531 Directory Traversal Vulnerability
Elasticsearch CVE-2015-5377 Remote Code Execution Vulnerability
Apple Mac OS X Multiple Privilege Escalation Vulnerabilities
Oracle Java SE CVE-2015-2625 Remote Security Vulnerability
Apple Mac OS X Prior to 10.10.5 Multiple Security Vulnerabilities
Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
Recent advisories
via Secunia, US-CERT,
TA12-073A: Microsoft Updates for Multiple Vulnerabilities
TA12-045A: Microsoft Updates for Multiple Vulnerabilities
TA12-024A: "Anonymous" DDoS Activity
TA12-010A: Microsoft Updates for Multiple Vulnerabilities
TA12-006A: Wi-Fi Protected Setup (WPS) Vulnerable to Brute-Force Attack
TA11-350A: Adobe Updates for Multiple Vulnerabilities
TA11-347A: Microsoft Updates for Multiple Vulnerabilities
TA11-312A: Microsoft Updates for Multiple Vulnerabilities
TA11-286A: Apple Updates for Multiple Vulnerabilities
TA11-284A: Microsoft Updates for Multiple Vulnerabilities
TA11-256A: Microsoft Updates for Multiple Vulnerabilities
TA11-222A: Adobe Updates for Multiple Vulnerabilities
TA11-221A: Microsoft Updates for Multiple Vulnerabilities
TA11-201A: Oracle Updates for Multiple Vulnerabilities
TA11-200A: Security Recommendations to Prevent Cyber Intrusions
TA11-193A: Microsoft Updates for Multiple Vulnerabilities
TA11-165A: Microsoft Updates for Multiple Vulnerabilities
TA11-166A: Adobe Updates for Multiple Vulnerabilities
TA11-130A: Microsoft Updates for Multiple Vulnerabilities
TA11-102A: Microsoft Updates for Multiple Vulnerabilities
Bugtraq Topics
via SecurityFocus,
[SECURITY] [DSA 3371-1] spice security update
PayPal Inc Bug Bounty #119 - URL Redirect Web Vulnerability
W150D Wireless N 150 ADSL2 Modem Router - Cross Site Request Forgery Vulnerability
FreeYouTubeToMP3 Converter 4.0.1 - Buffer Overflow Vulnerability
Advanced Information Security Corporation, Security Advisory (MYSQL v5.6.24 Buffer Overflows)
[RT-SA-2015-006] Buffalo LinkStation Authentication Bypass
Potential vulnerabilites in PayPal Beacons
[REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities
Advanced Information Security Corporation, Security Advisory (Oracle's MYSQL v5.6.24 Latest - Buffer Overflows) Repost
Re: Local RedHat Enterprise Linux DoS ?? RHEL 7.1 Kernel crashes on invalid USB device descriptors (usbvision driver)
Top Worms and Viruses
via Sophos,
Latest MS bulletins
via Microsoft,
MS11-703 - Important: Test MNP bulletin #3 (test0703)
MS11-702 - Moderate: Test MNP bulletin #2 (test0702)
MS11-701 - Low: Test MNP bulletin #1 (test0701)
MS11-069 - Moderate: Vulnerability in .NET Framework Could Allow Information Disclosure (2567951)
MS11-068 - Moderate: Vulnerability in Windows Kernel Could Allow Denial of Service (2556532)
MS11-067 - Important: Vulnerability in Microsoft Report Viewer Could Allow Information Disclosure (2578230)
MS11-066 - Important: Vulnerability in Microsoft Chart Control Could Allow Information Disclosure (2567943)
MS11-065 - Important: Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (2570222)
MS11-064 - Important: Vulnerabilities in TCP/IP Stack Could Allow Denial of Service (2563894)
MS11-063 - Important: Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2567680)
Stock Watch
via Yahoo! Finance
Updated 10/9/2015
^ixic 4830.47 +19.68
jnpr 29.40 -0.40
symc 21.00 -0.04
csco 27.91 +0.00
ckp 7.76 -0.15
msft 47.11 -0.34
ibm 152.39 +0.11
intc 32.14 -0.38
amd 1.96 +0.03 10.2800 +0.0400
ca 29.00 +0.22
bcsi N/A N/A
vrsn 75.07 +0.36
intc 32.14 -0.38
CUDA 19.47 +0.46
splk 58.21 +1.84
feye 31.89 +0.39
qlys 32.92 -0.18
panw 171.88 +2.29
hpq 29.30 +0.12
impv 67.06 +1.50
pfpt 60.65 +0.34


Recent News

FBI boss: No encryption backdoor law (but give us backdoors anyway)
The Register - Security: Anti-Virus

Let's keep this little matter private, eh, says Uncle Sam

President Obama will not push for laws requiring tech companies to cripple their encryption systems with backdoors, FBI boss James Comey has said.

Crypto cadre cloud-cracks SHA-1 with just US$75k of compute cost
The Register - Security: Anti-Virus

Plans to retire cipher in 2017 may need to be brought forward

A crypto cadre has busted the SHA-1 security standard after using $US75,000 of cloud computing resources, handily undercutting conservative crypto cracking estimates and putting suc had 'classic' XSS flaw in authentication engine
The Register - Security: Anti-Virus

Redmond pays $25k to hacker who spotted flaw allowing anyone to own your email

Synack senior security researcher Wesley Wineberg has received US$25,000 from Microsoft for quietly disclosing a bug that allows any Hotmail account to be hijacked.

Who hacked Uber's driver database not our CTO, says rival Lyft
The Register - Security: Anti-Virus

Exec's IP address used to eyeball leaked security key, but not the addy used to snatch info

Uber's sleuthing to find out who hacked its database of drivers has turned up an interesting snippet regarding its chief competitor, Lyft.

Australian Prime Minister runs private email server
The Register - Security: Anti-Virus

Every hacker that's heard of Australia just pointed their weapons at CloudFlare

Australia's newly minted prime minister Malcolm Turnbull has admitted to running a private email server.

Video shows why Apple has only scratched the surface of 3D Touchs potential
Yahoo! News: Security News
3D Touch is undoubtedly the most intriguing feature added to the iPhone 6s since it opens up a whole new realm of interaction with the device. While its uses are fairly limited so far, it doesnt take too much imagination to see how 3D Touch could be used

Phone-fondling docs, nurses sling patient info around willy-nilly
The Register - Security: Anti-Virus

Anyone ever heard of encryption?

UK doctors and nurses routinely share sensitive patient information via their smartphones, we're told.

PGP Zimmerman: 'You want privacy? Well privacy costs MONEY'
The Register - Security: Anti-Virus

And no, I can't beat the NSA or GCHQ for you

IP EXPO 2015 Delivering a keynote in London today, the famous inventor of PGP complained that consumers want privacy for free, forcing his company Silent Circle to focus on selling

Webcam spyware voyeur sentenced to community service
The Register - Security: Anti-Virus

Nabbed in operation targeting 'low-skilled' crooks

A UK voyeur who hacked webcams to spy on victims has avoided going to prison for his crimes.

Hackers in China, South Korea, Germany targeted Clinton's server: AP
Yahoo! News: Security News

China Cyberspying on U.S.-After No-Hacking Deal - Latest News Three days after Obama and Xi Jinping signed a historic agreement to curb online economic espionage, the FBI issued a fresh warning about Chinese spies in U.S. corporate networks.

Journalist convicted of helping Anonymous hack the LA Times - Latest News A journalist accused of helping a rogue hacking group briefly take control of the LA Times' website was convicted by a federal jury in California on Wednesday. Matthew Keys, 28, of Vacaville, California, was convicted of conspir

Fretting about Stagefright on Galaxy S5? CyanogenMod's stable release has a fix - Latest News CyanogenMod has rolled out stable builds for about 50 handsets and is including the October security fixes that Google released this week for Nexus devices. For Android users concerned about easily exploited bugs like Stagefrigh

Vigil@nce - WordPress Contact Form 7: bypassing captcah based access control, analyzed on 23/09/2015
Vigil@nce - public vulnerabilities
An attacker can automatically guess the answer of a captcha from WordPress Contact Form 7, in order to bypass access restrictions.

LoopPay hackers may have wanted magnetic card-swipe tech
The Register - Security: Anti-Virus

Backwards-compatible feature used for old cash registers

Samsungs mobile payment system supplier, LoopPay, was hacked back in March this year, it has emerged.

New mystery Windows-smashing RAT found in corporate network
The Register - Security: Anti-Virus

Tin foil VXer wraps new Trojan in cloak and evasion tricks

Malware man Yotam Gottesman has found a somewhat mysterious remote access Trojan on a corporate network that sports highly capable evasion techniques.

DDoS defences spiked by CloudPiercer tool - paper
The Register - Security: Anti-Virus

70% of sites trying to hide true IP address cough their secrets

The real IP addresses of some 70 per cent of websites protected by popular distributed denial of service attack protection providers like CloudFlare, Prolexic and Incapsula can be

Clinton subject to hack attempts from China, Korea, Germany
Yahoo! News: Security News

10 Things to Know for Today
Yahoo! News: Security News

Vigil@nce - Linux kernel: NULL pointer dereference in the WhiteHEAT driver, analyzed on 23/09/2015
Vigil@nce - public vulnerabilities
An attacker can force a NULL pointer to be dereferenced in WhiteHEAT of Linux noyau, in order to trigger a denial of service.

Talk revealing p0wnable surveillance cams pulled after legal threat
The Register - Security: Anti-Virus

Hard-coded creds, flaws galore, plague pricey peepers

Hack in the Box Swiss researcher Gianni Gnesa says the most popular network surveillance cameras currently sold on Amazon contain easy remote exploitable vulnerabilities th

Android Auto isn't slurping Porsche engine data, says Google but questions remain
The Register - Security: Anti-Virus

Just how much can the app access?

Google has flatly denied that its Android Auto car dashboard software slurps too much information from vehicle engines.

Post-Stuxnet hack group builds formidable LinkedIn phish network
The Register - Security: Anti-Virus

Iran-based 'Cleaver' team hacking its way through networks, airport security

An accomplished Iran-based attack group known as "Cleaver" has created a network of at least 25 well-developed LinkedIn profiles to assist a social engineering campai

Brad Paisley: 'God bless the Ashley Madison website hack'
Yahoo! News: Security News

Samsung Electronics says mobile payments data safe after LoopPay hack
Yahoo! News: Security News

Clinton subject to hack attempts from China, Korea, Germany
Yahoo! News: Security News

Last week's cookie-vuln won't be the last, security bod says
Hack In The Box

T-Mobile says hackers may have stolen 15 million customers' data
Hack In The Box
Apple scoops up privacy-loving A.I. company
Hack In The Box
IP camera makers pressure researcher to cancel security talk at #HITBGSEC
Hack In The Box
The BAndroid Vulnerability: Why it is serious
Hack In The Box
The ZFS File System Will be Included in Ubuntu, Says Mark Shuttleworth
Hack In The Box
Tech Companies Can Blame Snowden for Data Privacy Decision
Hack In The Box
Older News

Whats in a Boarding Pass Barcode? A Lot
Hack In The Box

Average Cost of Cyber-crime in the U.S. Rises to $15 Million
Hack In The Box

What The EUs Safe Harbor Ruling Means For Data Privacy In The Cloud
Hack In The Box

Microsoft expands Windows 10 to Lumia phones, new Surface Book laptop
Hack In The Box

Canceled #HITBGSEC Talk Re-Ignites Controversy Over Legitimate Security Research
Hack In The Box

The road less travelled: Hacker Lyon Yangs penetration tales
Hack In The Box

Journalist found guilty for aiding computer hackers
Yahoo! News: Security News

Ad-slinging rootkit nasty permanently drills into Android mobes, tabs
The Register - Security: Anti-Virus

Vigil@nce - OpenSAML Java: incomplete certificate validation, analyzed on 07/08/2015
Vigil@nce - public vulnerabilities

8 awesome paid iPhone apps on sale for free right now save $34!
Yahoo! News: Security News

Microsoft Ignites a new Focus on Security (Part 5)

Alleged Anonymous-aiding journo's brief tells jury nowt's been proven
The Register - Security: Anti-Virus

Factory settings FAIL: Data easily recovered from eBayed smartphones, disks
The Register - Security: Anti-Virus

Scout Association's shelved database won't be back until next year
The Register - Security: Anti-Virus

Shuttle bus firm Terravision belatedly adopts https for credit card sales
The Register - Security: Anti-Virus

Kremlin sets out to extend control over the Russian Internet
Yahoo! News: Security News

Who will take the fall for Pirate Bay piracy? Case heads back to court - Latest News

Alcatel's strategic undersea cables unit to be swallowed by Nokia
Yahoo! News: Security News

Now it's the security industry's turn to be burned by cloud
The Register - Security: Anti-Virus

Remote code exec hijack hole found in Huawei 4G USB modems
The Register - Security: Anti-Virus

AssangeTM offered 'plans for escape by flying fox to Harrods'
The Register - Security: Anti-Virus

Samsung 3Q operating profit surges, shares jump 7 percent
Yahoo! News: Security News

Hillary 'spear fish' more 'drag net' flung to 11,000 others in one day
The Register - Security: Anti-Virus

Samsung's 3Q profit surges thanks to components, weak won
Yahoo! News: Security News

Journalist who allegedly helped hackers makes final pitch to jury
Yahoo! News: Security News

Samsung Electronics sees third quarter profit boost despite smartphone woes
Yahoo! News: Security News

3D Touch functionality could hit Android devices as soon as 2016
Yahoo! News: Security News

Subrion CMS SQL Injection Vulnerabilities

Simple Ads Manager Plugin Unrestricted File Upload Vulnerabilities

SearchBlox Contains Unrestricted File Upload Vulnerabilities

PivotX Session Fixation And Arbitrary File Upload Vulnerabilities

PfSense Arbitrary File Deletion And Multiple Cross Site Scripting Vulnerabilities

Orchard Up To 1.8.2/1.9.0 Users Module Username Cross Site Scripting Vulnerabilities

OpenAFS Out-Of-Bounds Read And Crash Vulnerabilities

Novius OS 5.0.1-Elche Open Redirect Vulnerabilities

Mozilla Firefox OS Application Crash Vulnerabilities

Microsoft Windows TrueType Fonts Remote Arbitrary Code Execution Vulnerabilities

Microsoft System Center Operations Manager Cross Site Scripting Vulnerabilities

IBM WebSphere DataPower Obtain Sensitive Information Vulnerabilities

Apple Safari WebKit PDF Information Disclosure Vulnerabilities

all content is copyright its respective owner or owners. the tools and components behind this page are copyright © 2003-2010 jose nazario, all rights reserved. this page is available as RSS 2.0.