Last updated:
Thu Feb 26 20:07:36 2015 GMT
  2014 FIRST Annual Conference in Boston - Register now


Recent bugs
via SecurityFocus,
OpenStack Glance 'glance-api server' Incomplete Fix Security Bypass Vulnerability
Google Android 'GraphicBuffer::unflatten()' Function Multiple Integer Overflow Vulnerabilities
ISC BIND CVE-2015-1349 Remote Denial of Service Vulnerability
AdaptCMS Arbitrary File Upload Vulnerability
AdaptCMS CVE-2015-1058 Multiple HTML Injection Vulnerabilities
e107 'usersettings.php' Cross Site Scripting Vulnerability
AdaptCMS 'Referer' Header Field HTTP Open Redirection Vulnerability
Microsoft Internet Explorer CVE-2014-6369 Remote Memory Corruption Vulnerability
WordPress Photo Gallery Plugin 'wp-admin/admin-ajax.php' SQL Injection Vulnerability
Mozilla Firefox CVE-2015-0827 Heap Buffer Overflow Vulnerability
Recent advisories
via Secunia, US-CERT,
TA12-073A: Microsoft Updates for Multiple Vulnerabilities
TA12-045A: Microsoft Updates for Multiple Vulnerabilities
TA12-024A: "Anonymous" DDoS Activity
TA12-010A: Microsoft Updates for Multiple Vulnerabilities
TA12-006A: Wi-Fi Protected Setup (WPS) Vulnerable to Brute-Force Attack
TA11-350A: Adobe Updates for Multiple Vulnerabilities
TA11-347A: Microsoft Updates for Multiple Vulnerabilities
TA11-312A: Microsoft Updates for Multiple Vulnerabilities
TA11-286A: Apple Updates for Multiple Vulnerabilities
TA11-284A: Microsoft Updates for Multiple Vulnerabilities
TA11-256A: Microsoft Updates for Multiple Vulnerabilities
TA11-222A: Adobe Updates for Multiple Vulnerabilities
TA11-221A: Microsoft Updates for Multiple Vulnerabilities
TA11-201A: Oracle Updates for Multiple Vulnerabilities
TA11-200A: Security Recommendations to Prevent Cyber Intrusions
TA11-193A: Microsoft Updates for Multiple Vulnerabilities
TA11-165A: Microsoft Updates for Multiple Vulnerabilities
TA11-166A: Adobe Updates for Multiple Vulnerabilities
TA11-130A: Microsoft Updates for Multiple Vulnerabilities
TA11-102A: Microsoft Updates for Multiple Vulnerabilities
Bugtraq Topics
via SecurityFocus,
DSS TFTP 1.0 Server - Path Traversal Vulnerability
Data Source: Scopus CMS - SQL Injection Web Vulnerability
Wireless File Transfer Pro Android - Multiple CSRF Vulnerabilities
[SECURITY] [DSA 3176-1] request-tracker4 security update
[Onapsis Security Advisory 2015-005] SAP Business Objects Unauthorized Audit Information Access via CORBA
[security bulletin] HPSBMU03260 rev.1 - HP System Management Homepage running OpenSSL on Linux and Windows, Remote Disclosure of Information
EnanoCMS 1.1.8pl1 XSS Vulnerability
TangoBB 1.5.0-A3 XSS Vulnerability
CVE-2014-8487: Kony EMM insecurity Direct Object Reference
[SECURITY] [DSA 3168-1] ruby-redcloth security update
Top Worms and Viruses
via Sophos,
Troj/Invo-Zip
W32/Netsky
Mal/EncPk-EI
Troj/Pushdo-Gen
Troj/Agent-HFU
Mal/Iframe-E
Troj/Mdrop-BTV
Troj/Mdrop-BUF
Troj/Agent-HFZ
Troj/Agent-HGT
Latest MS bulletins
via Microsoft,
MS11-703 - Important: Test MNP bulletin #3 (test0703)
MS11-702 - Moderate: Test MNP bulletin #2 (test0702)
MS11-701 - Low: Test MNP bulletin #1 (test0701)
MS11-069 - Moderate: Vulnerability in .NET Framework Could Allow Information Disclosure (2567951)
MS11-068 - Moderate: Vulnerability in Windows Kernel Could Allow Denial of Service (2556532)
MS11-067 - Important: Vulnerability in Microsoft Report Viewer Could Allow Information Disclosure (2578230)
MS11-066 - Important: Vulnerability in Microsoft Chart Control Could Allow Information Disclosure (2567943)
MS11-065 - Important: Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (2570222)
MS11-064 - Important: Vulnerabilities in TCP/IP Stack Could Allow Denial of Service (2563894)
MS11-063 - Important: Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2567680)
Stock Watch
via Yahoo! Finance
Updated 2/26/2015
NASDAQ 4968.871 +1.734
JNPR 24.0469 -0.4531
SYMC 25.14 -0.35
CSCO 29.91 +0.42
CKP 13.44 -0.12
MSFT 43.96 -0.03
IBM 160.285 -2.525
INTC 33.545 -0.40
AMD 3.09 -0.01
CIC.TO 10.65 +0.10
CA 32.86 -0.25
BCSI 0.00 N/A
VRSN 64.67 +0.27
INTC 33.57 -0.375
CUDA 38.61 +0.43
SPLK 68.215 +0.715
FEYE 45.27 -0.125
QLYS 47.295 -0.485
PANW 143.25 +1.19
HPQ 33.9051 -0.7649
IMPV 46.28 -0.56
PFPT 56.71 +0.23

 

Recent News

Vigil@nce - Cisco ESA, SMA, WSA: HTTP redirect, analyzed on 23/02/2015
Vigil@nce - public vulnerabilities
An attacker can deceive the user of Cisco ESA, SMA, or WSA, in order to redirect him to a malicious site.

Vigil@nce - Cisco Secure Access Control System: SQL injection, analyzed on 11/02/2015
Vigil@nce - public vulnerabilities
An attacker can use a SQL injection of Cisco Secure Access Control System, in order to read or alter data.

Cyber threats expanding, new US intelligence assessment says
Yahoo! News: Security News
WASHINGTON (AP) The U.S. has elevated its appraisal of the cyber threat from Russia, the U.S. intelligence chief said Thursday, as he delivered the annual assessment by intelligence agencies of the top dangers facing the country.

Ramnit Botnet Shut Down
LinuxSecurity.com - Latest News
LinuxSecurity.com: The Ramnit botnet, a favorite among thieves dabbling in financial fraud for its frequent updates, has been shut down in a joint effort spearheaded by Europol's European Cybercrime Centre (EC3).

Snowden: Spy Agencies 'Screwed All of Us' in Hacking Crypto Keys
LinuxSecurity.com - Latest News
LinuxSecurity.com: NSA whistleblower Edward Snowden didn't mince words during a Reddit Ask Me Anything session on Monday when he said the NSA and the British spy agency GCHQ had "screwed all of us" when it hacked into the Dutch firm Gemalto to stea

Vigil@nce - Cisco IOS: denial of service via MACE/CEF, analyzed on 11/02/2015
Vigil@nce - public vulnerabilities
An attacker can send numerous packets to Cisco IOS with CEF and MACE, in order to trigger a denial of service.

Vigil@nce - Linux kernel: information disclosure via rds_sysctl_rds_table, analyzed on 23/02/2015
Vigil@nce - public vulnerabilities
A local attacker can read a memory fragment of llc2_timeout_table of the Linux kernel, in order to obtain sensitive information.

Vigil@nce - Linux kernel: denial of service via ext4_zero_range, analyzed on 23/02/2015
Vigil@nce - public vulnerabilities
An attacker can force an assertion error in the ext4_zero_range() function of the Linux kernel, in order to trigger a denial of service.

Vigil@nce - Cisco IPS: denial of service via HTTPS Key Regeneration, analyzed on 23/02/2015
Vigil@nce - public vulnerabilities
An attacker can send a query to the web management interface of Cisco IPS, during the HTTPS Key Regeneration phase, in order to trigger a denial of service.

Vigil@nce - Adobe Flash Player: use after free, analyzed on 26/11/2014
Vigil@nce - public vulnerabilities
An attacker can force the usage of a freed memory area in Adobe Flash Player, in order to trigger a denial of service, and possibly to execute code.

Vigil@nce - Cisco IOS: bypassing ACL via Process/CEF Switching, analyzed on 11/02/2015
Vigil@nce - public vulnerabilities
An attacker can send numerous packets to Cisco IOS with CEF, in order to bypass an ACL.

Vigil@nce - HP-UX: privilege escalation via libpam_updbe, analyzed on 26/11/2014
Vigil@nce - public vulnerabilities
An attacker can use libpam_updbe of HP-UX, in order to escalate his privileges.

Vigil@nce - Cisco IOS: denial of service via MACE/CEF, analyzed on 11/02/2015
Vigil@nce - public vulnerabilities
An attacker can send numerous packets to Cisco IOS with CEF and MACE, in order to trigger a denial of service.

Vigil@nce - Linux kernel: information disclosure via llc2_timeout_table, analyzed on 23/02/2015
Vigil@nce - public vulnerabilities
A local attacker can read a memory fragment from llc2_timeout_table of the Linux kernel, in order to obtain sensitive information.

Firefox 36 swats bugs, adds HTTP2 and gets certifiably serious
The Register - Security: Anti-Virus

Three big bads, six medium messes and 1024-bit certs all binned in one release

Mozilla has outfoxed three critical and six high severity flaws in its latest round of patches for its flagship browser.


P0wned plugin puts a million Word Press sites at risk of attack
The Register - Security: Anti-Virus

See? We told you blogs were dangerous

Up to one million Word Press websites could be open to full compromise through a vulnerability in the WP-Slimstat plugin, security bod Marc-Alexandre Montpas says.


And the buggiest OS provider award goes to ... APPLE?
The Register - Security: Anti-Virus

Count of 2014's flaws finds more nasties in Mac OS and iOS than in Windows or Linux

Apple's operating systems and Linux racked up more vulnerability reports than Windows during 2014, according to research from security outfit GFI.