Last updated:
Tue Mar 31 13:06:49 2015 GMT
  2014 FIRST Annual Conference in Boston - Register now


Recent bugs
via SecurityFocus,
Oracle Java SE CVE-2015-0406 Remote Java SE Vulnerability
Oracle Java SE CVE-2014-6549 Remote Java SE Vulnerability
media Mall Factory Joomla! Component 'category' Parameter SQL Injection Vulnerability
Love Factory Component for Joomla! 'controller' Parameter Local File Include Vulnerability
Rosoft Audio Converter Buffer Overflow Vulnerability
eWebquiz 'QuizType' Parameter SQL Injection Vulnerability
EZPX Photoblog 'commentform.php' Remote File Include Vulnerability
RSS Feed Reader WordPress Plugin 'rss_url' Parameter Cross Site Scripting Vulnerability
Look 'n' Stop Firewall 'lnsfw1.sys' Driver IOCTL Handling Local Denial of Service Vulnerability
OpenSSL CVE-2014-3572 Security Bypass Vulnerability
Recent advisories
via Secunia, US-CERT,
TA12-073A: Microsoft Updates for Multiple Vulnerabilities
TA12-045A: Microsoft Updates for Multiple Vulnerabilities
TA12-024A: "Anonymous" DDoS Activity
TA12-010A: Microsoft Updates for Multiple Vulnerabilities
TA12-006A: Wi-Fi Protected Setup (WPS) Vulnerable to Brute-Force Attack
TA11-350A: Adobe Updates for Multiple Vulnerabilities
TA11-347A: Microsoft Updates for Multiple Vulnerabilities
TA11-312A: Microsoft Updates for Multiple Vulnerabilities
TA11-286A: Apple Updates for Multiple Vulnerabilities
TA11-284A: Microsoft Updates for Multiple Vulnerabilities
TA11-256A: Microsoft Updates for Multiple Vulnerabilities
TA11-222A: Adobe Updates for Multiple Vulnerabilities
TA11-221A: Microsoft Updates for Multiple Vulnerabilities
TA11-201A: Oracle Updates for Multiple Vulnerabilities
TA11-200A: Security Recommendations to Prevent Cyber Intrusions
TA11-193A: Microsoft Updates for Multiple Vulnerabilities
TA11-165A: Microsoft Updates for Multiple Vulnerabilities
TA11-166A: Adobe Updates for Multiple Vulnerabilities
TA11-130A: Microsoft Updates for Multiple Vulnerabilities
TA11-102A: Microsoft Updates for Multiple Vulnerabilities
Bugtraq Topics
via SecurityFocus,
[ MDVSA-2015:182 ] tcpdump
[CORE-2015-0007] - Schneider Vampset Stack and Heap Buffer Overflow
[ MDVSA-2015:183 ] wireshark
[ MDVSA-2015:184 ] setup
[ MDVSA-2015:131 ] rsync
[ MDVSA-2015:132 ] readline
[ MDVSA-2015:109 ] python-django
[ MDVSA-2015:101 ] jbigkit
[ MDVSA-2015:129 ] ruby
[ MDVSA-2015:156 ] libcap-ng
Top Worms and Viruses
via Sophos,
Troj/Invo-Zip
W32/Netsky
Mal/EncPk-EI
Troj/Pushdo-Gen
Troj/Agent-HFU
Mal/Iframe-E
Troj/Mdrop-BTV
Troj/Mdrop-BUF
Troj/Agent-HFZ
Troj/Agent-HGT
Latest MS bulletins
via Microsoft,
MS11-703 - Important: Test MNP bulletin #3 (test0703)
MS11-702 - Moderate: Test MNP bulletin #2 (test0702)
MS11-701 - Low: Test MNP bulletin #1 (test0701)
MS11-069 - Moderate: Vulnerability in .NET Framework Could Allow Information Disclosure (2567951)
MS11-068 - Moderate: Vulnerability in Windows Kernel Could Allow Denial of Service (2556532)
MS11-067 - Important: Vulnerability in Microsoft Report Viewer Could Allow Information Disclosure (2578230)
MS11-066 - Important: Vulnerability in Microsoft Chart Control Could Allow Information Disclosure (2567943)
MS11-065 - Important: Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (2570222)
MS11-064 - Important: Vulnerabilities in TCP/IP Stack Could Allow Denial of Service (2563894)
MS11-063 - Important: Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2567680)
Stock Watch
via Yahoo! Finance
Updated 3/30/2015
^ixic 4947.44 N/A
jnpr 22.53 N/A
symc 23.55 N/A
csco 27.65 N/A
ckp 10.86 N/A
msft 40.96 N/A
ibm 162.67 N/A
intc 31.46 N/A
amd 2.70 N/A
cic.to 10.20 +0.13
ca 32.71 N/A
bcsi N/A N/A
vrsn 66.99 N/A
intc 31.46 N/A
CUDA 39.53 N/A
splk 60.11 N/A
feye 40.035 N/A
qlys 46.70 N/A
panw 148.61 N/A
hpq 31.57 N/A
impv 43.47 N/A
pfpt 59.72 N/A

 

Recent News

Vigil@nce - WordPress WooCommerce: SQL injection, analyzed on 16/03/2015
Vigil@nce - public vulnerabilities
An attacker can use a SQL injection of WordPress WooCommerce, in order to read or alter data.

Vigil@nce - WordPress Custom Field Suite: read-write access, analyzed on 16/03/2015
Vigil@nce - public vulnerabilities
An attacker can bypass access restrictions of WordPress Custom Field Suite, in order to read or alter data.

Federal agents accused of stealing $1M in online currency
Yahoo! News: Security News
Two former federal agents are accused of using their positions and savvy computer skills to siphon more than $1 million in digital currency from the illegal black market Silk Road website while they and ...

Vigil@nce - OpenSSL: memory leak via hostname, analyzed on 16/03/2015
Vigil@nce - public vulnerabilities
An attacker can create a memory leak in the hostname extension of OpenSSL, in order to trigger a denial of service.

Encryption is the REAL threat Head Europlod
The Register - Security: Anti-Virus

Its all the tech firm's fault!

Europes top cop has taken to the BBC to once again slam encryption as the biggest threat to counter-terrorism and law enforcement.


Think server vulns are IT's problem? Think again
The Register - Security: Anti-Virus

Don't get caught with your cyber pants down

Regardless of the type or size of business you're part of, the way we approach security has changed forever.


Federal agents accused of stealing $1M in online currency
Yahoo! News: Security News
SAN FRANCISCO (AP) Two former federal agents are accused of using their positions and savvy computer skills to siphon more than $1 million in digital currency from the illegal black market Silk Road website while they and their agencies were operating an

Huawei reports 2014 profit up 33 percent
Yahoo! News: Security News
BEIJING (AP) Huawei Technologies Ltd., one of the world's biggest makers of telecommunications equipment, said Tuesday its 2014 profit rose 33 percent, helped by strong sales of smartphones.

Anti-censorship group: China behind cyberattacks on US sites
Yahoo! News: Security News
BEIJING (AP) Chinese authorities have taken over computers both inside and outside the country to launch cyberattacks against the website of an anti-online censorship group and a U.S.-based web resource that hosts some of the group's data, according to a

Pre-Snowden NSA grunts wanted to nix phone spying: report
The Register - Security: Anti-Virus

Memo seen by managers, but not top dog

Even before Edward Snowden spilled the beans on the National Security Agency's(NSA's) extensive surveillance programs, high-level US bureaucrats were considering spiking the program.


Periscope smeared by streaming security SNAFU
The Register - Security: Anti-Virus

Live vid titles leak from Twitter's new app for the Bong! crowd

Twitter's Meerkat-strangling live streaming app Periscope has had its first privacy SNAFU, leaking the titles (but not the content) of videos meant for private circulation only.

Ebay snuffs malware upload bug
The Register - Security: Anti-Virus

Flaw let crims sling drive-by-downloads

Hacker Aditya Sood has disclosed two vulnerabilities in eBay that allow hackers to upload files for drive-by-download attacks.


Huawei reports 2014 profit up 33 percent
Yahoo! News: Security News
Huawei Technologies Ltd., one of the world's biggest makers of telecommunications equipment, says its 2014 profit rose 33 percent, helped by strong sales of smartphones. Huawei said Tuesday it earned 27.9 ...

Feds cuffed for allegedly pocketing Silk Road drug souk's Bitcoins
The Register - Security: Anti-Virus

Dealers' funbux ended up in wallets of g-men, says US DoJ

The US Department of Justice has accused two federal agents of stealing hundreds of thousands of dollars in Bitcoins during the Silk Road investigation.


Day FOUR of the GitHub web assault: Activists point fingers at 'China's global censorship'
The Register - Security: Anti-Virus

Code repository warns of 'evolving' attacks

With the GitHub distributed denial-of-service (DDoS) attack nearing its fifth day of bombardment, the code-sharing upstart said it is holding up well under fire.