Last updated:
Wed Apr 23 19:07:23 2014 GMT
  2014 FIRST Annual Conference in Boston - Register now


Recent bugs
via SecurityFocus,
Linux Kernel CVE-2013-3229 Local Information Disclosure Vulnerability
QEMU CVE-2014-0146 NULL Pointer Dereference Local Denial of Service Vulnerability
QEMU CVE-2014-0144 Multiple Buffer Overflow Vulnerabilities
QEMU CVE-2014-0145 Multiple Buffer Overflow Vulnerabilities
QEMU 'vhdx' Block Driver Local Denial of Service Vulnerability
WebKit CVE-2014-1307 Unspecified Memory Corruption Vulnerability
WebKit CVE-2014-1305 Unspecified Memory Corruption Vulnerability
Apple Mac OS X CoreGraphics PDF Handling Buffer Overflow Vulnerability
Rsync CVE-2014-2855 Infinite Loop Denial of Service Vulnerability
Oracle Java SE CVE-2013-5806 Remote Security Vulnerability
Recent advisories
via Secunia, US-CERT,
TA12-073A: Microsoft Updates for Multiple Vulnerabilities
TA12-045A: Microsoft Updates for Multiple Vulnerabilities
TA12-024A: "Anonymous" DDoS Activity
TA12-010A: Microsoft Updates for Multiple Vulnerabilities
TA12-006A: Wi-Fi Protected Setup (WPS) Vulnerable to Brute-Force Attack
TA11-350A: Adobe Updates for Multiple Vulnerabilities
TA11-347A: Microsoft Updates for Multiple Vulnerabilities
TA11-312A: Microsoft Updates for Multiple Vulnerabilities
TA11-286A: Apple Updates for Multiple Vulnerabilities
TA11-284A: Microsoft Updates for Multiple Vulnerabilities
TA11-256A: Microsoft Updates for Multiple Vulnerabilities
TA11-222A: Adobe Updates for Multiple Vulnerabilities
TA11-221A: Microsoft Updates for Multiple Vulnerabilities
TA11-201A: Oracle Updates for Multiple Vulnerabilities
TA11-200A: Security Recommendations to Prevent Cyber Intrusions
TA11-193A: Microsoft Updates for Multiple Vulnerabilities
TA11-165A: Microsoft Updates for Multiple Vulnerabilities
TA11-166A: Adobe Updates for Multiple Vulnerabilities
TA11-130A: Microsoft Updates for Multiple Vulnerabilities
TA11-102A: Microsoft Updates for Multiple Vulnerabilities
Bugtraq Topics
via SecurityFocus,
[security bulletin] HPSBMU02995 rev.5 - HP Software HP Service Manager, Asset Manager, UCMDB Browser, UCMDB Configuration Manager, Executive Scorecard, Server Automation, Diagnostics, LoadRunner, and Performance Center, running OpenSSL, Remote Di
[security bulletin] HPSBMU02997 rev.2 - HP Smart Update Manager (SUM) running OpenSSL, Remote Disclosure of Information
CVE-2014-2383 - Arbitrary file read in dompdf
CVE-2014-1217 - Unauthenticated access to sensitive information and functionality in Livetecs Timelive
CVE-2014-2042 - Unrestricted file upload in Livetecs Timelive
AirPhoto WebDisk v4.1.0 iOS - Code Execution Vulnerability
APPLE-SA-2014-04-22-1 Security Update 2014-002
APPLE-SA-2014-04-22-2 iOS 7.1.1
APPLE-SA-2014-04-22-3 Apple TV 6.1.1
[SECURITY] [DSA 2911-1] icedove security update
Top Worms and Viruses
via Sophos,
Troj/Invo-Zip
W32/Netsky
Mal/EncPk-EI
Troj/Pushdo-Gen
Troj/Agent-HFU
Mal/Iframe-E
Troj/Mdrop-BTV
Troj/Mdrop-BUF
Troj/Agent-HFZ
Troj/Agent-HGT
Latest MS bulletins
via Microsoft,
MS11-703 - Important: Test MNP bulletin #3 (test0703)
MS11-702 - Moderate: Test MNP bulletin #2 (test0702)
MS11-701 - Low: Test MNP bulletin #1 (test0701)
MS11-069 - Moderate: Vulnerability in .NET Framework Could Allow Information Disclosure (2567951)
MS11-068 - Moderate: Vulnerability in Windows Kernel Could Allow Denial of Service (2556532)
MS11-067 - Important: Vulnerability in Microsoft Report Viewer Could Allow Information Disclosure (2578230)
MS11-066 - Important: Vulnerability in Microsoft Chart Control Could Allow Information Disclosure (2567943)
MS11-065 - Important: Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (2570222)
MS11-064 - Important: Vulnerabilities in TCP/IP Stack Could Allow Denial of Service (2563894)
MS11-063 - Important: Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2567680)
Stock Watch
via Yahoo! Finance
Updated 4/23/2014
NASDAQ 4129.268 -32.19
JNPR 24.70 -1.19
SYMC 20.60 unch
CSCO 23.475 -0.045
CKP 12.62 -0.19
MSFT 39.70 -0.29
IBM 191.679 -0.471
INTC 26.784 -0.056
AMD 4.24 -0.06
CIC.TO 10.60 -0.06
CA 30.60 +0.07
BCSI 0.00 N/A
VRSN 49.87 -0.97
INTC 26.785 -0.055
CUDA 27.755 -0.055
SPLK 61.90 -3.84
FEYE 47.065 -3.505
QLYS 21.305 -0.325
PANW 68.42 -2.77
HPQ 31.775 +0.005
IMPV 26.32 -0.45
PFPT 30.66 -1.13

 

Recent News

Vigil@nce - Windows: code execution via BAT/CMD, analyzed on 08/04/2014
Vigil@nce - public vulnerabilities
An attacker can invite the victim to open a remote BAT/CMD file on Windows, in order to execute code.

Criminals have noticed the cloud: attacks on providers on the rise
Techworld.com Security News
The number of cyberattacks directed at cloud infrastructure is still below that experienced by on-premises data centres but will probably reach parity at some point, an analysis by security-as-a-service provider Alert Logic has suggested.

Life after Heartbleed: The Internet will never be 100% safe
Yahoo! News: Security News

Google Maps Now Lets You Time Travel Through Its Street View Archives
Yahoo! News: Security News

Vigil@nce - WebSphere MQ: multiple vulnerabilities, analyzed on 08/04/2014
Vigil@nce - public vulnerabilities
An attacker can use several vulnerabilities of WebSphere MQ.

Vigil@nce - Linux kernel: denial of service via cma_req_handler, analyzed on 08/04/2014
Vigil@nce - public vulnerabilities
An attacker can send an InfiniBand RDMA packet, in order to generate an error in the cma_req_handler() function of the Linux kernel, in order to trigger a denial of service.

UK businesses fail to prepare for upcoming changes to EU data laws
Techworld.com Security News
UK businesses are unprepared for next year's changes to EU data laws, a survey has found.


State of the Hack: 43% of all DDoS attacks in Q4 originated in China
Yahoo! News: Security News

Watch Live: NASA Astronauts Take a Spacewalk to Repair the ISS
Yahoo! News: Security News

Special Edition of OUCH: Heartbleed - Why Do I Care? http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-2014-special_en.pdf, (Wed, Apr 23rd)
SANS Internet Storm Center, InfoCON: green
...(more)...

Vigil@nce - SAP Router: password disclosure via Brute Force, analyzed on 08/04/2014
Vigil@nce - public vulnerabilities
An attacker can use a brute force on SAP Router, in order to progressively obtain the password.

Web Browser Security Revisited (Part 7)
WindowSecurity.com
For the past 6 articles, weve been talking about the current state of web browser security, both in general and as it applies to different popular browsers. Weve covered specifics for the Big Three, Internet Explorer, Chrome and Firefox. In this, Part 7,

Apple splats 'new' SSL snooping bug in iOS, OS X - but it's no Heartbleed
The Register - Security: Anti-Virus

Triple-handshake flaw stalks Macs and iThings

Apple has squashed a significant security bug in its SSL engine for iOS and OS X as part of a slew of patches for iThings and Macs.


China's Huawei to spend $300 million on global marketing in 2014
Yahoo! News: Security News

While Heartbleed distracts, hackers hit US universities
Techworld.com Security News
The panic over the Heartbleed bug is proving to be a convenient distraction for hackers using standard techniques in a fresh wave of attacks targeting at least 18 U.S. universities, according to a computer security researcher.

Coding error protects some Android apps from Heartbleed
Techworld.com Security News
Some Android apps thought to be vulnerable to the Heartbleed bug were spared because of a common coding error in the way they implemented their own native OpenSSL library.NSA spying revelations have tired out China's Huawei
Techworld.com Security News
Revelations about U.S. secret surveillance programs have left China's Huawei Technologies exhausted on the public relations front, a top company executive said Wednesday.Android, not iOS, is tops in mobile ad traffic for first time
Techworld.com Security News
Devices running Google's Android operating system have dethroned Apple's iPhones and iPads as the biggest drivers of worldwide mobile ad traffic, according to a new study from Opera Mediaworks.Cisco announces security service linked with new operations centres
Techworld.com Security News
Cisco has announced Managed Threat Defense, a set of security services for the enterprise that Cisco is providing through two new operations centres to remotely support intrusion-detection, incident response and forensics, among other services.

Patch iOS, OS X gear now: PDFs, JPEGs, URLs can pwn Macs
The Register - Security: Anti-Virus

And iThings and desktops at risk of new SSL attack flaw

Apple has released updates to its iOS and OS X operating systems that will address serious security flaws.


Sat comms kit riddled with backdoors for hackers - researcher
The Register - Security: Anti-Virus

Right, shipmate, identify yourself. LOL? What's your meaning?

Security researchers claim to have uncovered myriad security problems with satellite communication systems. But while major manufacturer Iridium said the security weaknesses identif

Japan airport staff dash to replace passcodes after security cock-up
The Register - Security: Anti-Virus

Haneda employee drops key codes ahead of Obama visit

The dangers of writing passwords down on paper were laid bare in the Japanese airport of Haneda this week after a member of staff managed to lose a note containing key security codes ahead o

Think-tank to infosec: you're doing it wrong
The Register - Security: Anti-Virus

Cyber risks 'similar to 2008 crash'

Tomorrow's Internet is a scary, scary place, according to think-tank The Atlantic Council, so much so that we're all apparently on the brink of a cyber sub-prime meltdown.


China military says faces 'complex' task keeping secrets
Yahoo! News: Security News

Kill dodgy RNG says NIST
The Register - Security: Anti-Virus

But you already knew that, right?

NIST has said what we already knew: the Dual Elliptic Curve Deterministic Random Bit Generator, Dual_EC_DRBG, is a dead duck and should be abandoned by anyone still using it.


Cisco kicks off security kit/software/cloud combo
The Register - Security: Anti-Virus

Realtime protection, apparently

Cisco has added threat management to its portfolio, announcing Managed Threat Defense which it says brings realtime security to its customers.


China's Huawei says investment in information technology to rise 14 percent in 2014
Yahoo! News: Security News

AOL Mail locks down email servers to deal with spam tsunami
The Register - Security: Anti-Virus

Security problems like it's 1995

If you've been getting a lot of spam from AOL emails recently it's not because you've fallen into a time rift and it's the nineties all over again the company has confirmed that it has been under an intensive

Apple Patches for OS X, iOS and Apple TV., (Tue, Apr 22nd)
SANS Internet Storm Center, InfoCON: green

Apple today released patches for OS X, iOS and Apple TV. The OS X patches apply for versions of O ...(more)...


Port 32764 Router Backdoor is Back (or was it ever gone?), (Tue, Apr 22nd)
SANS Internet Storm Center, InfoCON: green

Unlike announced a few month ago, the infamous "Port 32764" backdoor was not fully patched in new ...(more)...


ISC StormCast for Wednesday, April 23rd 2014 http://isc.sans.edu/podcastdetail.html?id=3947, (Wed, Apr 23rd)
SANS Internet Storm Center, InfoCON: green
...(more)...

DSA-2911 icedove
Debian Security
security update

OpenBSD founder wants to bin buggy OpenSSL library, launches fork
The Register - Security: Anti-Virus

One Heartbleed vuln was too many for Theo de Raadt

In the wake of the Heartbleed bug fiasco, members of the OpenBSD project have forked the popular OpenSSL library with the aim of creating a new version that they say will be more trustworthy.<

Video: Meet Kelsos Quest, one of the hottest-looking iOS games weve seen this year
Yahoo! News: Security News

Everything We Know (So Far) About iPhone 6
Yahoo! News: Security News

Data breaches can be traced back to nine attack 'patterns', says Verizon report
Techworld.com Security News
Almost every security incident and data breach recorded during 2013 can be traced back to a series of basic threat types or ‘patterns’, many of which are specific to industry sectors, Verizon’s bellwether 2014 Data Breach Investigatio

SMS spam rises in UK as 'accident compensation' scammers get busy
Techworld.com Security News
The volume of SMS spam being sent to UK mobile users rose 11 percent in the first quarter of 2014 thanks mainly to a sudden spike in accident compensation scams, according to messaging security firm Cloudmark.Report Shows Cyber Crime is on the Rise
Yahoo! News: Security News

Attacks on payment systems trail other cybercrimes
Yahoo! News: Security News
NEW YORK (AP) While Target's massive data breach last year caused consumers to panic and drew attention to Internet crime, a new study finds that breaches on retailer payment systems are less common than other kinds of attacks.

Vigil@nce - Cisco NX-OS: commande execution via TACACS+, analyzed on 22/01/2014
Vigil@nce - public vulnerabilities
An attacker can serialize several TACACS+ commands on Cisco NX-OS, in order to execute certain commands.

Despite your fancy-schmancy security tech, passwords still weakest link in IT defences
The Register - Security: Anti-Virus

So concludes Verizon's new global data-breach probe

The use of stolen login credentials continues to be the most common way for network intruders to access sensitive information. Two out of three breaches were the result of weak or swiped pass

How Valuable Is Your Idea, Really? Guidelines As To When You Can And Should Share Your Ideas
Yahoo! News: Security News
I can't count the number of times I've heard the phrase "I have a great idea that is going to make me millions, but I can't tell you what it is. Can you give me advice on what to do with it?" ...

Fixing OpenSSL's Heartbleed flaw will take MONTHS, warns Secunia
LinuxSecurity.com - Latest News
LinuxSecurity.com: Expunging the Heartbleed bug from vulnerable computers and gadgets is likely to take months, according to a leading vuln research firm. The cautionary assessment by Secunia comes as more and more products are judged to be vulnera

Even the most secure cloud storage may not be so secure, study finds
LinuxSecurity.com - Latest News
LinuxSecurity.com: Some cloud storage providers who hope to be on the leading edge of cloud security adopt a "zero-knowledge" policy in which says it is impossible for customer data to be snooped on. But a recent study by computer scientists at Joh

Targeted Attack Uses Heartbleed to Hijack VPN Sessions
LinuxSecurity.com - Latest News
LinuxSecurity.com: A targeted attack against an unnamed organization exploited the Heartbleed OpenSSL vulnerability to hijack web sessions conducted over a virtual private network connection.

Older News

Vigil@nce - Websense Web Filter/Security: password disclosure, analyzed on 07/04/2014
Vigil@nce - public vulnerabilities

Vigil@nce - Cisco Unity Connection: directory traversal, analyzed on 07/04/2014
Vigil@nce - public vulnerabilities

Mysterious malware steals Apple credentials from jailbroken iOS devices
Techworld.com Security News

How To Change The World With Your Social Likes
The Best Article Every day

CloudFlare launches bug bounty program
Techworld.com Security News

Web apps and point-of-sale were leading hacker targets in 2013, says Verizon
Techworld.com Security News

NEC launches face-recognition protection for PCs
Techworld.com Security News

Even the most secure cloud storage may not be so secure, study finds
Techworld.com Security News

Google to refund buyers of 'fake' anti-virus app
The Register - Security: Anti-Virus

Fixing OpenSSL's Heartbleed flaw will take MONTHS, warns Secunia
The Register - Security: Anti-Virus

Health care site flagged in Heartbleed review
Yahoo! News: Security News

Insight: At Mt. Gox bitcoin hub, 'geek' CEO sought both control and escape
Yahoo! News: Security News

Google boffins beat own Captchas
The Register - Security: Anti-Virus

ISC StormCast for Tuesday, April 22nd 2014 http://isc.sans.edu/podcastdetail.html?id=3945, (Tue, Apr 22nd)
SANS Internet Storm Center, InfoCON: green

Allow us to leave!, (Mon, Apr 21st)
SANS Internet Storm Center, InfoCON: green

Facebook ads are about to invade mobile apps from other developers
Yahoo! News: Security News

Finding the bleeders, (Mon, Apr 21st)
SANS Internet Storm Center, InfoCON: green

Safety you can bank on: Chromebook, Linux, phone
LinuxSecurity.com - Latest News

iPhone malware exists, but the risk is nothing like it is with Android
Yahoo! News: Security News


all content is copyright its respective owner or owners. the tools and components behind this page are copyright © 2003-2010 jose nazario, all rights reserved. this page is available as RSS 2.0.