Last updated:
Wed Aug 20 10:06:52 2014 GMT
  2014 FIRST Annual Conference in Boston - Register now


Recent bugs
via SecurityFocus,
MIT kerberos 5 'ldap_principal2.c' Buffer Overflow Vulnerability
Cisco ASR 5000 Series Software CVE-2014-3331 Denial of Service Vulnerability
Linux Kernel CVE-2014-5207 Local Security Bypass Vulnerability
Linux Kernel CVE-2014-5206 Local Security Bypass Vulnerability
QEMU L2 Table Size Validation Integer Overflow Vulnerability
QEMU Image Size Validation Integer Overflow Vulnerability
Xen '/hvm/hvm.c' Remote Denial of Service Vulnerability
FreeNAS Blank Password Authentication Bypass Vulnerability
Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
389 Directory Server CVE-2014-3562 Information Disclosure Vulnerability
Recent advisories
via Secunia, US-CERT,
TA12-073A: Microsoft Updates for Multiple Vulnerabilities
TA12-045A: Microsoft Updates for Multiple Vulnerabilities
TA12-024A: "Anonymous" DDoS Activity
TA12-010A: Microsoft Updates for Multiple Vulnerabilities
TA12-006A: Wi-Fi Protected Setup (WPS) Vulnerable to Brute-Force Attack
TA11-350A: Adobe Updates for Multiple Vulnerabilities
TA11-347A: Microsoft Updates for Multiple Vulnerabilities
TA11-312A: Microsoft Updates for Multiple Vulnerabilities
TA11-286A: Apple Updates for Multiple Vulnerabilities
TA11-284A: Microsoft Updates for Multiple Vulnerabilities
TA11-256A: Microsoft Updates for Multiple Vulnerabilities
TA11-222A: Adobe Updates for Multiple Vulnerabilities
TA11-221A: Microsoft Updates for Multiple Vulnerabilities
TA11-201A: Oracle Updates for Multiple Vulnerabilities
TA11-200A: Security Recommendations to Prevent Cyber Intrusions
TA11-193A: Microsoft Updates for Multiple Vulnerabilities
TA11-165A: Microsoft Updates for Multiple Vulnerabilities
TA11-166A: Adobe Updates for Multiple Vulnerabilities
TA11-130A: Microsoft Updates for Multiple Vulnerabilities
TA11-102A: Microsoft Updates for Multiple Vulnerabilities
Bugtraq Topics
via SecurityFocus,
ESA-2014-071: RSA Archer GRC Platform Multiple Vulnerabilities
ESA-2014-059: EMC Documentum Multiple Cross-Site Scripting Vulnerabilities
ESA-2014-067: EMC Documentum D2 Privilege Escalation Vulnerability
ESA-2014-079: EMC Documentum Content Server Multiple Vulnerabilities
[CVE-2014-0232] Apache OFBiz Cross-site scripting (XSS) vulnerability
[SECURITY] [DSA 3006-1] xen security update
CVE-2014-5289 - Kolibri WebServer 2.0 Vulnerable to RCE via Overly Long POST Request
Outlook.com for Android fails to validate server certificates
Beginners error: Windows Live Mail 2011 runs rogue C:\Program.exe when opening associated URLs
Beginners error: Apple's Software Update runs rogue program C:\Program.exe (and some more)
Top Worms and Viruses
via Sophos,
Troj/Invo-Zip
W32/Netsky
Mal/EncPk-EI
Troj/Pushdo-Gen
Troj/Agent-HFU
Mal/Iframe-E
Troj/Mdrop-BTV
Troj/Mdrop-BUF
Troj/Agent-HFZ
Troj/Agent-HGT
Latest MS bulletins
via Microsoft,
MS11-703 - Important: Test MNP bulletin #3 (test0703)
MS11-702 - Moderate: Test MNP bulletin #2 (test0702)
MS11-701 - Low: Test MNP bulletin #1 (test0701)
MS11-069 - Moderate: Vulnerability in .NET Framework Could Allow Information Disclosure (2567951)
MS11-068 - Moderate: Vulnerability in Windows Kernel Could Allow Denial of Service (2556532)
MS11-067 - Important: Vulnerability in Microsoft Report Viewer Could Allow Information Disclosure (2578230)
MS11-066 - Important: Vulnerability in Microsoft Chart Control Could Allow Information Disclosure (2567943)
MS11-065 - Important: Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (2570222)
MS11-064 - Important: Vulnerabilities in TCP/IP Stack Could Allow Denial of Service (2563894)
MS11-063 - Important: Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2567680)
Stock Watch
via Yahoo! Finance
Updated 8/19/2014
NASDAQ 4527.514 +19.202
JNPR 23.69 +0.44
SYMC 24.24 -0.14
CSCO 24.64 +0.01
CKP 13.85 -0.03
MSFT 45.33 +0.22
IBM 190.07 +0.71
INTC 34.34 -0.07
AMD 4.27 +0.06
CIC.TO 11.43 +0.11
CA 28.30 -0.12
BCSI 0.00 N/A
VRSN 55.915 -0.095
INTC 34.34 -0.07
CUDA 26.67 -0.06
SPLK 44.18 +0.70
FEYE 28.06 -0.75
QLYS 25.39 -0.67
PANW 85.39 -0.19
HPQ 35.48 +0.14
IMPV 29.80 +2.28
PFPT 39.69 +0.19

 

Recent News

Vigil@nce - NetIQ Sentinel: code execution via NQMcsVarSet, analyzed on 20/05/2014
Vigil@nce - public vulnerabilities
An attacker can create a web page calling NQMcsVarSet of NetIQ Sentinel, to traverse directories and create a malicious program on victim's computer, in order to execute code.

Vigil@nce - WordPress MyBand Theme: Cross Site Scripting, analyzed on 05/08/2014
Vigil@nce - public vulnerabilities
An attacker can trigger a Cross Site Scripting of WordPress MyBand Theme, in order to execute JavaScript code in the context of the web site.

Vigil@nce - WordPress Spider Video Player plugin: Cross Site Scripting, analyzed on 05/08/2014
Vigil@nce - public vulnerabilities
An attacker can trigger a Cross Site Scripting of WordPress Spider Video Player plugin, in order to execute JavaScript code in the context of the web site.

Many Chrome browser extensions do sneaky things
Techworld.com Security News
An analysis by security researchers of 48,000 extensions for Google's Chrome browser uncovered many that are used for fraud and data theft, actions that are mostly undetectable to regular users.'Reveton' ransomware upgraded with powerful password stealer
Techworld.com Security News
A type of malware called Reveton, which falsely warns users they've broken the law and demands payment of a fine, has been upgraded with powerful password stealing functions, according to Avast.Brother, can you spare a DIME for holy grail of secure webmail?
The Register - Security: Anti-Virus

Lavabit man's new project: One of security's thorniest problems

Feature Lavabit founder Ladar Levison promised attendees at security conference DefCon that he'd carve out a secure messaging service from the wreckage of the ema

Lazy sys admins rooted in looming Mozilla cert wipeout
The Register - Security: Anti-Virus

CA maintainer warns 'check your infrastructure'

Mozilla is about to revoke some weak X.509 PKI certs, and has warned that system admins it'll affect the Firefox browser and they'll need to assess their infrastructure.


Malware married to software in undetectable attack
The Register - Security: Anti-Virus

Boffins demo how traffic redirect can endanger code downloads

Be thankful it's only a proof-of-concept of a hack: German researchers have shown that Internet software distribution mechanisms can be turned into virus vectors, without modifying

U.S. hospital breach biggest yet to exploit Heartbleed bug: expert
Yahoo! News: Security News

Cryptolocker flogged on YouTube
The Register - Security: Anti-Virus

Cat video encrypts all the things

Cryptolocker is being flogged over YouTube by vxers who have bought advertising space, researchers Vadim Kotov and Rahul Kashyap have found.


Google Introduces Kids to Coding Through Blockly Games Project
Hack In The Box

Government's Response To Snowden? Strip 100,000 Potential Whistleblowers Of Their Security Clearances
Hack In The Box
Why would Chinese hackers want US hospital patient data?
Hack In The Box
Xiaomi takes copying Apple to the next level with blatant iOS ripoff
Hack In The Box
Makers, Meet the New Intel Galileo Gen 2
Hack In The Box
Ferguson: Another case for public security cameras
Hack In The Box
Microsoft's Azure virtual machine, cloud services down for many
Hack In The Box
This Simple Chip Could Turn All Your Clothes Into Activity Trackers
Hack In The Box
How to Record a Phone Call on Your Android Phone
Hack In The Box
PayPal co-founder Max Levchin on a quest to outdo his own success
Hack In The Box
Ballmer steps down from Microsoft board
Hack In The Box
Hacking Traffic Lights is Apparently Really Easy
Hack In The Box
6 Strange Body Hacks That Are Actually Useful
Hack In The Box
NASA's green rocket fuel set for major space test
Hack In The Box
Facebook says most outbound email is encrypted now
Hack In The Box
British spy agency attempts mammoth hack
Hack In The Box
Web fights back against poor security
Hack In The Box
Hackers break into Nuclear Regulatory Commission computers
Hack In The Box
Think crypto hides you from spooks on Facebook? THINK AGAIN
Hack In The Box
Hackers broke into Malaysian Department of Civil Aviation ONE DAY after MH370 incident
Hack In The Box

U.S. government's nuclear watchdog victim of cyber attacks: report
Yahoo! News: Security News

Facebook says most outbound email is encrypted now
Techworld.com Security News
Nearly all of Facebook's outbound notification emails are now encrypted while traveling the Internet, a collaborative feat that comes from the technology industry's push to thwart the NSA's spying programs.Spam industry reinvented as messages containing malicious links surge
Techworld.com Security News
Spam might no longer be the gigantic overhead it once was but the number of unsolicited messages containing malicious links appears to be surging, according to figures from SaaS security firm ProofPoint.State-of-the-art spear phishing and defenses
LinuxSecurity.com - Latest News
LinuxSecurity.com: The number of phishing sites was up 10.7-percent as of Q1 this year (over last year) while at the same time almost 32.7-percent of PCs globally were infected with malware, including adware and spyware, indicating that phishing i

Linux kernel source code repositories get better security
LinuxSecurity.com - Latest News
LinuxSecurity.com: Almost three years ago, crackers broke into the kernel.org, Linux's most important site. While no damage was done, it was still worrisome. So, at the Linux Kernel Summit, the Linux Foundation announced that it was securing Linux

US won't reveal records on health website security
Yahoo! News: Security News

Now That Everyones Leaving, Things Sure Are Dull 'Under the Dome'
Yahoo! News: Security News

Vigil@nce - Dotclear: three vulnerabilities, analyzed on 19/05/2014
Vigil@nce - public vulnerabilities
An attacker can use several vulnerabilities of Dotclear.

Vigil@nce - WordPress cnhk-slideshow: file upload, analyzed on 19/05/2014
Vigil@nce - public vulnerabilities
An attacker can upload a malicious file on WordPress cnhk-slideshow, in order for example to upload a Trojan.

Senator questions airlines' data privacy practices
Techworld.com Security News
A senior U.S. senator is asking airlines about their data privacy practices, saying he's concerned about what information the companies are collecting and sharing with third parties.Why would Chinese hackers want hospital patient data?
Techworld.com Security News
The theft of personal data on 4.5 million patients of Community Health Systems by hackers in China highlights the increasing degree to which hospitals are becoming lucrative targets for information theft.Symantec folds nine Norton products into one service
Techworld.com Security News
Symantec will consolidate its cluttered Norton line of security software, folding nine products into one online service that can be used across desktop computers and mobile devices.Former employees have become 'application menace' new study claims
Techworld.com Security News
Many SME employees retain alarming levels of access to critical business applications after they've stopped working for a company, a survey for cloud services firm Intermedia has claimed.Start-up fights ambush attacks on SDN, virtual machine networks
Techworld.com Security News
Start-up GuardiCore is working on a security product that works through a 'honeypot' approach to detect and block stealthy attacks on software-defined networks (SDN) and multi-vendor virtual-machine infrastructures for enterprise customers as well as clou

Nuke regulator hacked three times in three years
The Register - Security: Anti-Virus

Phishing emails hooked dozens of staff

The US Nuclear Regulator Commission (NRC) has been hacked three times in as many years, according to documents obtained under freedom of information requests.