Last updated:
Wed Jul 30 22:54:57 2014 GMT
  2014 FIRST Annual Conference in Boston - Register now


Recent bugs
via SecurityFocus,
CMSimple 'required_classes.php' Remote File Include Vulnerability
ol-commerce Multiple SQL Injection and Multiple Cross Site Scripting Vulnerabilities
Concrete5 Cross Site Scripting and Path Disclosure Vulnerabilities
IP.Board Cross Site Scripting Vulnerability
MyConnection Server 'test.php' Multiple Cross Site Scripting Vulnerabilities
Moodle CVE-2014-3543 XML External Entity Information Disclosure Vulnerability
Moodle Shibboleth Plugin CVE-2014-3552 Authentication Bypass Vulnerability
Moodle Quiz CVE-2014-3545 Remote Code Execution Vulnerability
Moodle Repositories CVE-2014-3541 PHP Code Injection Vulnerability
Drupal Multiple Remote Security Vulnerabilities
Recent advisories
via Secunia, US-CERT,
TA12-073A: Microsoft Updates for Multiple Vulnerabilities
TA12-045A: Microsoft Updates for Multiple Vulnerabilities
TA12-024A: "Anonymous" DDoS Activity
TA12-010A: Microsoft Updates for Multiple Vulnerabilities
TA12-006A: Wi-Fi Protected Setup (WPS) Vulnerable to Brute-Force Attack
TA11-350A: Adobe Updates for Multiple Vulnerabilities
TA11-347A: Microsoft Updates for Multiple Vulnerabilities
TA11-312A: Microsoft Updates for Multiple Vulnerabilities
TA11-286A: Apple Updates for Multiple Vulnerabilities
TA11-284A: Microsoft Updates for Multiple Vulnerabilities
TA11-256A: Microsoft Updates for Multiple Vulnerabilities
TA11-222A: Adobe Updates for Multiple Vulnerabilities
TA11-221A: Microsoft Updates for Multiple Vulnerabilities
TA11-201A: Oracle Updates for Multiple Vulnerabilities
TA11-200A: Security Recommendations to Prevent Cyber Intrusions
TA11-193A: Microsoft Updates for Multiple Vulnerabilities
TA11-165A: Microsoft Updates for Multiple Vulnerabilities
TA11-166A: Adobe Updates for Multiple Vulnerabilities
TA11-130A: Microsoft Updates for Multiple Vulnerabilities
TA11-102A: Microsoft Updates for Multiple Vulnerabilities
Bugtraq Topics
via SecurityFocus,
Vulnerabilities in Facebook and Facebook Messenger for Android [STIC-2014-0529]
[Onapsis Security Advisory 2014-026] Missing authorization check in function modules of BW-SYS-DB-DB4
[security bulletin] HPSBMU03078 rev.1 - HP CloudSystem Foundation and HP CloudSystem Enterprise Software running OpenSSL, Remote Unauthorized Access or Disclosure of Information
[ MDVSA-2014:141 ] java-1.7.0-openjdk
Kunena Forum Extension for Joomla Multiple SQL Injection Vulnerabilities
Kunena Forum Extension for Joomla Multiple Reflected Cross-Site Scripting Vulnerabilities
Re: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account
[ MDVSA-2014:140 ] owncloud
[security bulletin] HPSBGN02936 rev.1 - HP and H3C VPN Firewall Module Products, Remote Denial of Service (DoS)
[SECURITY] [DSA 2991-1] modsecurity-apache security update
Top Worms and Viruses
via Sophos,
Troj/Invo-Zip
W32/Netsky
Mal/EncPk-EI
Troj/Pushdo-Gen
Troj/Agent-HFU
Mal/Iframe-E
Troj/Mdrop-BTV
Troj/Mdrop-BUF
Troj/Agent-HFZ
Troj/Agent-HGT
Latest MS bulletins
via Microsoft,
MS11-703 - Important: Test MNP bulletin #3 (test0703)
MS11-702 - Moderate: Test MNP bulletin #2 (test0702)
MS11-701 - Low: Test MNP bulletin #1 (test0701)
MS11-069 - Moderate: Vulnerability in .NET Framework Could Allow Information Disclosure (2567951)
MS11-068 - Moderate: Vulnerability in Windows Kernel Could Allow Denial of Service (2556532)
MS11-067 - Important: Vulnerability in Microsoft Report Viewer Could Allow Information Disclosure (2578230)
MS11-066 - Important: Vulnerability in Microsoft Chart Control Could Allow Information Disclosure (2567943)
MS11-065 - Important: Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (2570222)
MS11-064 - Important: Vulnerabilities in TCP/IP Stack Could Allow Denial of Service (2563894)
MS11-063 - Important: Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2567680)
Stock Watch
via Yahoo! Finance
Updated 7/30/2014
NASDAQ 4462.902 +20.204
JNPR 23.72 +0.01
SYMC 24.00 +0.22
CSCO 25.63 -0.08
CKP 12.58 +0.04
MSFT 43.5785 -0.3065
IBM 194.00 -0.57
INTC 34.35 +0.16
AMD 3.82 +0.03
CIC.TO 11.47 +0.16
CA 29.58 +0.10
BCSI 0.00 N/A
VRSN 54.33 +0.54
INTC 34.35 +0.16
CUDA 29.17 +0.25
SPLK 50.39 +2.63
FEYE 36.13 +0.25
QLYS 25.53 +0.46
PANW 84.21 +2.11
HPQ 36.11 +0.17
IMPV 23.43 +0.70
PFPT 37.08 +0.38

 

Recent News

Re: Disk-sniffing dogs find thumb drives, DVDs?
RISKS Digest

Re: Smart grid hack worries to raise insurance rates?
RISKS Digest

Thousands of sites compromised through WordPress plug-in vulnerability
RISKS Digest

Broadband bullies: Cable companies, lawmakers gang up on local providers
RISKS Digest

"Oracle's new database patch could cost you $23,000 per processor"
RISKS Digest

Spain's 'Google tax' could kill Facebook and Twitter
RISKS Digest


RISKS Digest

"Another botched Microsoft patch: Office 365 ProPlus says 'Something went wrong' ''
RISKS Digest

Built for Speed: Designing Exascale Computers
RISKS Digest

Lawful Hacking: Using Existing Vulnerabilities for Wiretapping n the Internet
RISKS Digest

Software engineering and the lack thereof
RISKS Digest

Comcast Used This 'Spooky' Propaganda to Kill Off a Local Internet Competitor
RISKS Digest

Right to be forgotten: Wikipedia chief enters Internet censorship row
RISKS Digest

Harry R. Lewis, The Internet and Hieronymus Bosch
RISKS Digest

Antivirus products riddled with security flaws, researcher says
Techworld.com Security News
It's generally accepted that antivirus programs provide a necessary protection layer, but organizations should audit such products before deploying them on their systems because many of them contain serious vulnerabilities, a researcher warned.

Samsung to unveil the metal smartphone weve been waiting for on August 4th
Yahoo! News: Security News

Vigil@nce - Cisco IOS XR: denial of service via MPLS, analyzed on 15/07/2014
Vigil@nce - public vulnerabilities
An attacker can send MPLS packets to a BVI of Cisco IOS XR on ASR 9000, in order to trigger a denial of service.

Tor attack nodes RIPPED MASKS off users for 6 MONTHS
The Register - Security: Anti-Virus

Traffic confirmation attack bared users' privates - but to whom?

The Tor Project has warned users about a subtle attack aimed at partially uncloaking their activities on the anonymising network.


New app brings free encrypted voice calling to your iPhone
Yahoo! News: Security News

Microsoft spreads Cortana abroad in Windows Phone
Yahoo! News: Security News

Vigil@nce - WordPress Compfight: Cross Site Scripting, analyzed on 15/07/2014
Vigil@nce - public vulnerabilities
An attacker can trigger a Cross Site Scripting of WordPress Compfight, in order to execute JavaScript code in the context of the web site.

Managing AppLocker in Windows Server 2012 and Windows 8/8.1 (Part 4)
WindowSecurity.com
In this Part 4, well wrap up the series by discussing how to enable the DLL rule collection, how to create exceptions to rules, how to edit and delete rules, and how to import and export AppLocker policies between computers.

iWallet: No BONKING PLEASE, we're Apple
The Register - Security: Anti-Virus

BLE-ding iPhones, not NFC bonkers, will drive trend - marketeers

Apple's iWallet mobile money app could be the start of a more general trend that sees web giants such as Facebook pushing into the payment industry, according to online payment e

Vigil@nce - WordPress BookX: directory traversal, analyzed on 15/07/2014
Vigil@nce - public vulnerabilities
An attacker can traverse directories of WordPress BookX, in order to read a file outside the service root path.

Vigil@nce - WordPress wp-rss-poster: SQL injection, analyzed on 15/07/2014
Vigil@nce - public vulnerabilities
An attacker can use a SQL injection of WordPress wp-rss-poster, in order to read or alter data.

Vigil@nce - WordPress enl-newsletter: SQL injection, analyzed on 15/07/2014
Vigil@nce - public vulnerabilities
An attacker can use a SQL injection of WordPress enl-newsletter, in order to read or alter data.

Vigil@nce - WordPress Tera-chart: directory traversal, analyzed on 15/07/2014
Vigil@nce - public vulnerabilities
An attacker can traverse directories of WordPress Tera-chart, in order to read a file outside the service root path.

Vigil@nce - WordPress cross-rss: directory traversal, analyzed on 15/07/2014
Vigil@nce - public vulnerabilities
An attacker can traverse directories of WordPress cross-rss, in order to read a file outside the service root path.

Vigil@nce - WordPress wp-easycart: information disclosure via phpinfo, analyzed on 15/07/2014
Vigil@nce - public vulnerabilities
An attacker can use WordPress wp-easycart, in order to obtain sensitive information.

Vigil@nce - FreeBSD: denial of service via TCP Reassembly, analyzed on 30/04/2014
Vigil@nce - public vulnerabilities
A remote attacker can create a TCP session, and send numerous TCP packets to be reassembled to FreeBSD, in order to trigger a denial of service. A local attacker can possibly read a fragment of the kernel memory.

Vigil@nce - Cisco ASA: denial of service via CIFS Share Enumeration, analyzed on 15/07/2014
Vigil@nce - public vulnerabilities
An attacker can send a special CIFS reply to Cisco ASA, in order to trigger a denial of service.

BlackBerry focuses on security for the enterprise
Techworld.com Security News
Now that BlackBerry has fallen significantly behind Apple and Google in the race to offer features and third-party apps for its smartphones, the company is concentrating on providing devices that, it claims, have the strongest available security -- the ki

Zero-day flaws found in Symantec's Endpoint Protection
Techworld.com Security News
Symantec's Endpoint Protection product has three zero-day flaws that could allow a logged-in user to move to a higher access level on a computer, according to a penetration testing and training company.iPhone gets first free app for encrypting voice calls
Techworld.com Security News
An open-source project has released the first free application for the iPhone that scrambles voice calls, which would thwart government surveillance or eavesdropping by hackers.Microsoft spreads Cortana abroad in Windows Phone
Yahoo! News: Security News
LOS ANGELES (AP) Microsoft is spreading its Cortana digital assistant abroad, starting with China and the U.K.

Thwarted dev sets Instasheep to graze on Facebook accounts
The Register - Security: Anti-Virus

Zuck-land tried to fix crumbling cookie with HTTPS but developer won't bite

London developer Stevie Graham has built an Instagram stealer dubbed Instasheep that can hijack accounts over public networks.


Keep your iPhone calls private, whispers Signal
The Register - Security: Anti-Virus

Marlinspike's voice crypto comes to iOS

The crew at Open Whisper Systems has announced Signal, an app offering encrypted voice calls between iPhones.


'Things' on the Internet-of-things have 25 vulnerabilities apiece
The Register - Security: Anti-Virus

Leaking sprinklers, overheated thermostats and picked locks all online

Ten of the most popular Internet of Things devices contain an average of 25 security vulnerabilities, many severe, HP researchers have found.


DDOS takes down Cirrus Communications
The Register - Security: Anti-Virus

Australian fixed wireless provider loses half its network for a day or so

Fixed wireless broadband provider Cirrus Communications has experienced a distributed denial of service (DDOS) attack that incapacitated half its network.


Firm issues soft denial against Iron Dome hack
The Register - Security: Anti-Virus

Confirmed 'Chinese hack' downgraded to 'alleged' intrusion

An Israeli defence firm linked to Israel's Iron Dome missile defence platform has denied reports it was hacked by Chinese attackers who made off with information on the military techno

Canada's boffins need A WHOLE YEAR to recover from China hack attack
The Register - Security: Anti-Virus

'State-sponsored actor' breached National Research Council network

Canada's CIO has pointed the finger at China over a security breach at the nation's National Research Council.