Last updated:
Thu Jun 20 01:07:14 2013 GMT
  2011 FIRST Annual Conference in Vienna - Register now


Recent bugs
via SecurityFocus,
Symantec Endpoint Protection Manager CVE-2013-1612 Remote Buffer Overflow Vulnerability
IBM WebSphere Commerce Enterprise CVE-2013-0523 Information Disclosure Vulnerability
Oracle Java SE CVE-2013-2467 Local Security Vulnerability
Oracle Java SE CVE-2013-2451 Local Security Vulnerability
Oracle Java SE CVE-2013-1500 Local Security Vulnerability
RETIRED: Oracle Java SE Critical Patch Update June 2013 Advance Notification
Oracle Java SE CVE-2013-1571 Frame Injection Vulnerability
X.Org libXxf86dga CVE-2013-1991 Multiple Remote Code Execution Vulnerabilities
Siemens Scalance X200 Series Switches Remote Privilege Escalation Vulnerability
Siemens Scalance X200 Series Switches SNMPv3 Remote Security Bypass Vulnerability
Recent advisories
via Secunia, US-CERT,
TA12-073A: Microsoft Updates for Multiple Vulnerabilities
TA12-045A: Microsoft Updates for Multiple Vulnerabilities
TA12-024A: "Anonymous" DDoS Activity
TA12-010A: Microsoft Updates for Multiple Vulnerabilities
TA12-006A: Wi-Fi Protected Setup (WPS) Vulnerable to Brute-Force Attack
TA11-350A: Adobe Updates for Multiple Vulnerabilities
TA11-347A: Microsoft Updates for Multiple Vulnerabilities
TA11-312A: Microsoft Updates for Multiple Vulnerabilities
TA11-286A: Apple Updates for Multiple Vulnerabilities
TA11-284A: Microsoft Updates for Multiple Vulnerabilities
TA11-256A: Microsoft Updates for Multiple Vulnerabilities
TA11-222A: Adobe Updates for Multiple Vulnerabilities
TA11-221A: Microsoft Updates for Multiple Vulnerabilities
TA11-201A: Oracle Updates for Multiple Vulnerabilities
TA11-200A: Security Recommendations to Prevent Cyber Intrusions
TA11-193A: Microsoft Updates for Multiple Vulnerabilities
TA11-165A: Microsoft Updates for Multiple Vulnerabilities
TA11-166A: Adobe Updates for Multiple Vulnerabilities
TA11-130A: Microsoft Updates for Multiple Vulnerabilities
TA11-102A: Microsoft Updates for Multiple Vulnerabilities
Bugtraq Topics
via SecurityFocus,
Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence TC and TE Software
[SECURITY] [DSA 2711-1] haproxy security update
[CVE-2013-0523] IBM WebSphere Commerce: Encrypted URL Parameter Vulnerable to Padding Oracle Attacks
Facebook critical design flaw
ESA-2013-032 RSA BSAFE Micro Edition Suite Security Update for SSL/TLS Plaintext Recovery (aka ?Lucky Thirteen?) Vulnerability
ESA-2013-039: RSA BSAFE SSL-J Multiple Vulnerabilities
ESA-2013-045: RSA BSAFE SSL-C Security Update for SSL/TLS Plaintext Recovery (aka ?Lucky Thirteen?) Vulnerability
[SECURITY] [DSA 2698-1] tiff security update
[SECURITY] [DSA 2628-2] nss-pam-ldapd update
APPLE-SA-2013-06-18-1 Java for OS X 2013-004 and Mac OS X v10.6 Update 16
Top Worms and Viruses
via Sophos,
Troj/Invo-Zip
W32/Netsky
Mal/EncPk-EI
Troj/Pushdo-Gen
Troj/Agent-HFU
Mal/Iframe-E
Troj/Mdrop-BTV
Troj/Mdrop-BUF
Troj/Agent-HFZ
Troj/Agent-HGT
Latest MS bulletins
via Microsoft,
MS11-703 - Important: Test MNP bulletin #3 (test0703)
MS11-702 - Moderate: Test MNP bulletin #2 (test0702)
MS11-701 - Low: Test MNP bulletin #1 (test0701)
MS11-069 - Moderate: Vulnerability in .NET Framework Could Allow Information Disclosure (2567951)
MS11-068 - Moderate: Vulnerability in Windows Kernel Could Allow Denial of Service (2556532)
MS11-067 - Important: Vulnerability in Microsoft Report Viewer Could Allow Information Disclosure (2578230)
MS11-066 - Important: Vulnerability in Microsoft Chart Control Could Allow Information Disclosure (2567943)
MS11-065 - Important: Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (2570222)
MS11-064 - Important: Vulnerabilities in TCP/IP Stack Could Allow Denial of Service (2563894)
MS11-063 - Important: Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2567680)
Stock Watch
via Yahoo! Finance
Updated 6/15/2013
NASDAQ 3423.555 unch
JNPR 19.13 unch
SYMC 22.70 -0.03
CSCO 24.68 -0.14
MFE 0.00 N/A
CKP 14.79 +0.05
MSFT 34.59 -0.39
IBM 201.94 -2.93
INTC 25.00 -0.465
AMD 4.07 -0.02
SNWL 0.00 N/A
CIC.TO 9.60 -0.05
CA 28.21 -0.425
TMICY.PK 0.00 N/A
WBSN 24.71 -0.01
BCSI 0.00 N/A
SCLD 0.1799 +0.0422
CWDW.OB 0.00 N/A
VRSN 44.95 -0.05
INTZ.OB 0.00 N/A
TMWD 0.00 N/A
PKTR 0.00 N/A
FIRE 54.90 -0.56

 

Recent News

John McAfee's (insane, NSFW) tips for uninstalling McAfee
CNET News.com - Security
McAfee mocks himself and his antivirus software mercilessly in a new viral video.

DSA-2711 haproxy
Debian Security
several vulnerabilities

Microsoft breaks bug-bounty virginity in $100,000 contest
The Register - Security: Anti-Virus

Black Hat sets phasers to stun on Windows 8.1 and Internet Explorer 11

Microsoft is breaking its long-standing tradition of not paying for security vulnerabilities by offering a $100,000 cash prize for the first penetration tester to crack Win

Protesters out again in Brazilian cities
Yahoo! News: Security News

Scattered street protests pop across Brazil
Yahoo! News: Security News

Cisco Security Advisory - Multiple Vulnerabilities in Cisco TelePresence TC and TE Software (cisco-sa-20130619-tpc)
Help Net Security - Advisories
Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence TC and TE Software Advisory ID: cisco-sa-20130619-tpc Revision 1.0 For Public Release 2013 June 19 16:00 UTC (GMT) ...

Debian Security Advisory - haproxy (DSA-2711-1)
Help Net Security - Advisories
- ------------------------------------------------------------------------- Debian Security Advisory DSA-2711-1 security@debian.org http://www.debian.org/security/ ...

Texting Spammers Correlate Phone Users to Local Banks
Enterprise Security Today
If you use an Internet-connected smartphone, touch tablet, e-reader, notebook, laptop or desktop computer you ought to care about cybersecurity and online privacy. Here you'll find information you can use to live your digital life more securely -- and on

Leaker Vows New Details on NSA Access to Tech Servers
Enterprise Security Today
NSA leaker Edward Snowden, answering questions Monday in a live blog on his revelations about the top-secret agency, denied charges he was spying for China and vowed to release more details on the NSA's "direct access" to the tech companies' servers.


Underdog trounces major brands in full HD smartphone display shootout
Yahoo! News: Security News
While Sonyssmartphone business has been struggling for some time now, it is a company known for building HDTVs and mobile devices with stunning displays that are among the best on the market. HTC is struggling as well, but its smartphone hardware is alway

Microsoft offers hefty bounties to thwart hackers
Yahoo! News: Security News

Protesters out again in Brazilian cities
Yahoo! News: Security News
SAO PAULO (AP) Scattered street demonstrations popped up around Brazil Wednesday as protesters continued their collective cry against the low-quality public services they receive in exchange for high taxes and rising prices.

Theft of F-35 design data is helping U.S. adversaries: Pentagon
Yahoo! News: Security News

Microsoft announces it's first ever bounty programs with up to USD100k in rewards
Hack In The Box

Vigil@nce - WordPress underConstruction: Cross Site Request Forgery, analyzed on 04/06/2013
Vigil@nce - public vulnerabilities
An attacker can trigger a Cross Site Request Forgery in WordPress underConstruction, in order to force the victim to perform operations.

Vigil@nce - WordPress Content Slide: Cross Site Request Forgery, analyzed on 04/06/2013
Vigil@nce - public vulnerabilities
An attacker can trigger a Cross Site Request Forgery of WordPress Content Slide, in order to force the victim to perform operations.

Vigil@nce - WordPress qTranslate: Cross Site Request Forgery, analyzed on 04/06/2013
Vigil@nce - public vulnerabilities
An attacker can trigger a Cross Site Request Forgery in WordPress qTranslate, in order to force the victim to perform operations.

Vigil@nce - OpenBSD: denial of service via SIOCSIFADDR, analyzed on 04/06/2013
Vigil@nce - public vulnerabilities
A local attacker can use the SIOCSIFADDR ioctl on OpenBSD, in order to trigger a denial of service.

Securing Windows Service Accounts (Part 2)
WindowSecurity.com
In this installment, we will continue to go through configuration checks and reasons why these service accounts need to be secured.

Why no company will acquire Nokia right now
Yahoo! News: Security News
Huawei, which recently became the No.3 smartphone brand in the world, may be considering a Nokia acquisition. Wall Street reacted violently,prompting an 8% spike inNokias share price. This speculation is part ofan annualsummertime ritual. In July, well ge

Thousands of suspected crims, informants spilled all over web in IT gaffe
The Register - Security: Anti-Virus

UK privacy watchdog pokes server config cock-up

Exclusive An IT blunder splashed photos of suspected criminals and details of Brits who reported them over the internet, The Register can reveal.


AXE-WAVING BIKER GANG SMASHES into swanky Apple UK store
The Register - Security: Anti-Virus

Pair cuffed after helicopter chase sparked by Cupertino idiot-tax-avoiding raid

Pic Cops have arrested two men following a failed smash and grab robbery at Apples flagship store on Regent Street, London.


Protesters out again in Brazil's biggest city
Yahoo! News: Security News

Apple Product Security - Java for OS X 2013-004 and Mac OS X v10.6 Update 16 (APPLE-SA-2013-06-18-1)
Help Net Security - Advisories
APPLE-SA-2013-06-18-1 Java for OS X 2013-004 and Mac OS X v10.6 Update 16 Java for OS X 2013-004 and Mac OS X v10.6 Update 16 is now available and addresses the following: Java Available for: ...

3 Questions About NSA Surveillance
LinuxSecurity.com - Latest News
LinuxSecurity.com: A number of questions have been raised in the last few days about the civil-liberties implications of the National Security Agency's seven-year-old programs to gather data on telephone and e-mail conversations-the programs charac

Cops Shut Down Hacker Drug Ring
LinuxSecurity.com - Latest News
LinuxSecurity.com: A Dutch drug ring employed a group of Belgian hackers to reroute two tons (1,814 kilograms) of cocaine and heroin into their waiting arms - but the police nabbed them just before they could carry out their devious plan.

Apple end-to-end encryption far from bulletproof
LinuxSecurity.com - Latest News
LinuxSecurity.com: Apple says it has end-to-end encryption for iMessage and FaceTime communications, but users should not interpret that as providing an ironclad defense against government snooping.

Bank of England ranks cyber attacks above Eurozone crisis as biggest threat
Techworld.com Security News
Cyber attacks have risen to the top of the list of threats for UK banks according to Bank of England's director of financial stability, Andrew Haldane, but understanding and management of the risk is still at an "early stage".

EU Justice Department stalls India's security clearance
The Register - Security: Anti-Virus

Without a 'data secure destination' cert India's locked out of $30bn euro-sourcing market

Indias outsourcing giants are likely to face more delays in their frustrated bid to tap a potential IT services market worth $30 billion, after a report

New CEO begins Alcatel makeover
Yahoo! News: Security News

Protesters out again in Brazil's biggest city
Yahoo! News: Security News

Six nations ask Google for answers on Glass privacy
The Register - Security: Anti-Virus

Canada, Oz, NZ, Mexico, Switzerland and Israel send 'Dear Larry' letter

36 Privacy Commissioners from around the world have written to Google to ask, in the polite-but-firm language of international diplomacy, for some details about Google Gla

Spear phish your boss to win more security cash
The Register - Security: Anti-Virus

Websense CSO recommends fake attacks on suits to open their wallets

Despite weekly news of successful and nasty online attacks damaging organisations of every stripe, executive types remain blas about security and don't pay it enough attention

Chinese hackers launch PRISM scare campaign
The Register - Security: Anti-Virus

Supposed 'CIA list' with you on it actually contains malware

The Chinese group behind the recently discovered NetTraveler attacks is now using wi

Microsoft says it freed millions of computers from criminal botnet
Yahoo! News: Security News

Brazil protesters keep up pressure on government
Yahoo! News: Security News

WinLink Check-In, (Wed, Jun 19th)
SANS Internet Storm Center, InfoCON: green

This weekend (June 22-23) the Amateur Radio Relay League  and Radio Amateurs of Canada an ...(more)...


ISC StormCast for Wednesday, June 19th 2013 http://isc.sans.edu/podcastdetail.html?id=3377, (Wed, Jun 19th)
SANS Internet Storm Center, InfoCON: green
...(more)...

DSA-2698 tiff
Debian Security
buffer overflow

Former employees say Bank of America lied to a lot of homeowners
Yahoo! News: Security News

How immigration reform could save taxpayers nearly $1 trillion
Yahoo! News: Security News

Google asks to make surveillance orders public, cites First Amendment
Hack In The Box

It's tough at the top for anti-virus products
Hack In The Box

DSA-2710 xml-security-c
Debian Security
several vulnerabilities

Tor users locked out of Facebook after wave of dodgy traffic
The Register - Security: Anti-Virus

Don't panic, a solution is at hand

Users of the Tor traffic anonymizing service are currently locked out of Facebook after a flood of dodgy traffic triggered an automatic lockdown by the social network's security systems.


Older News

Remote code execution vuln appears in Puppet
The Register - Security: Anti-Virus

Huawei's new super-thin P6 smartphone is also perfect for selfies
Yahoo! News: Security News

23 times the immigration reform bill has been at death's door
Yahoo! News: Security News

Huawei might buy Nokia if it rethinks devotion to weak Windows Phone
Yahoo! News: Security News

New phone from an unlikely vendor steals title of worlds thinnest smartphone
Yahoo! News: Security News

Stuntwoman sues News Corp. over alleged phone hack
Yahoo! News: Security News

Huawei says has no plans to buy Nokia
Yahoo! News: Security News

Brazil protesters keep up pressure on government
Yahoo! News: Security News

Java 7 update 25 released http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html, (Tue, Jun 18th)
SANS Internet Storm Center, InfoCON: green

Volatility rules...any questions?, (Tue, Jun 18th)
SANS Internet Storm Center, InfoCON: green

Government Secrets and the Need for Whistleblowers
RISKS Digest

Outsourced: How the FBI and CIA Use Private Contractors to Monitor
RISKS Digest

More Intrusive Than Eavesdropping? NSA Collection of Metadata ... Personal Info ...
RISKS Digest

Ray Ozzie on Spying
RISKS Digest

Richard Clarke: Why you should worry about the NSA
RISKS Digest

NSA et al.: it started well before "1984"...
RISKS Digest

Hard to get that much out of the ATM
RISKS Digest

An Innovative Inno/Vention
RISKS Digest

Attacks coming from Amazon Web services
RISKS Digest

Found a home via wifi
RISKS Digest

Static electricity in clothes ignites carpet
RISKS Digest

FDA issues draft guidance on cybersecurity for medical devices
RISKS Digest

Accidental bank transfer
RISKS Digest

Online ballot fraud in Miami
RISKS Digest

Metacharacters bite again
RISKS Digest

SUSE Security Update - flash-player (SUSE-SU-2013:1039-1)
Help Net Security - Advisories

Debian Security Advisory - tiff (DSA-2698-1)
Help Net Security - Advisories

Ubuntu Security Notice - puppet vulnerability (USN-1886-1)
Help Net Security - Advisories

Debian Security Advisory - nss-pam-ldapd (DSA-2628-2)
Help Net Security - Advisories


all content is copyright its respective owner or owners. the tools and components behind this page are copyright © 2003-2010 jose nazario, all rights reserved. this page is available as RSS 2.0.