Last updated:
Thu Oct 23 16:07:33 2014 GMT
  2014 FIRST Annual Conference in Boston - Register now


Recent bugs
via SecurityFocus,
Apple Mac OS X CVE-2014-4350 Buffer Overflow Vulnerability
Apple Mac OS X CVE-2014-1391 Memory Corruption Vulnerability
Apple Mac OS X QuickTime CVE-2014-4351 'm4a' File Handling Buffer Overflow Vulnerability
Linux Kernel 'ext4/file.c' Local Denial of Service Vulnerability
Bugzilla 'realname' Parameter Security Bypass Vulnerability
Bugzilla CVE-2014-1571 Information Disclosure Vulnerability
Bugzilla CVE-2014-1573 Multiple Cross Site Scripting Vulnerabilities
Drupal TableField Module Cross Site Scripting Vulnerability
Splunk 'Referer' Header Cross Site Scripting Vulnerability
Drupal Marketo MA Module Multiple Cross Site Scripting Vulnerabilities
Recent advisories
via Secunia, US-CERT,
TA12-073A: Microsoft Updates for Multiple Vulnerabilities
TA12-045A: Microsoft Updates for Multiple Vulnerabilities
TA12-024A: "Anonymous" DDoS Activity
TA12-010A: Microsoft Updates for Multiple Vulnerabilities
TA12-006A: Wi-Fi Protected Setup (WPS) Vulnerable to Brute-Force Attack
TA11-350A: Adobe Updates for Multiple Vulnerabilities
TA11-347A: Microsoft Updates for Multiple Vulnerabilities
TA11-312A: Microsoft Updates for Multiple Vulnerabilities
TA11-286A: Apple Updates for Multiple Vulnerabilities
TA11-284A: Microsoft Updates for Multiple Vulnerabilities
TA11-256A: Microsoft Updates for Multiple Vulnerabilities
TA11-222A: Adobe Updates for Multiple Vulnerabilities
TA11-221A: Microsoft Updates for Multiple Vulnerabilities
TA11-201A: Oracle Updates for Multiple Vulnerabilities
TA11-200A: Security Recommendations to Prevent Cyber Intrusions
TA11-193A: Microsoft Updates for Multiple Vulnerabilities
TA11-165A: Microsoft Updates for Multiple Vulnerabilities
TA11-166A: Adobe Updates for Multiple Vulnerabilities
TA11-130A: Microsoft Updates for Multiple Vulnerabilities
TA11-102A: Microsoft Updates for Multiple Vulnerabilities
Bugtraq Topics
via SecurityFocus,
iFunBox Free v1.1 iOS - File Include Vulnerability
File Manager v4.2.10 iOS - Code Execution Vulnerability
FreeBSD Security Advisory FreeBSD-SA-14:22.namei
FreeBSD Security Advisory FreeBSD-SA-14:20.rtsold
FreeBSD Security Advisory FreeBSD-SA-14:21.routed
FreeBSD Security Advisory FreeBSD-SA-14:23.openssl
CFP The 12th International Joint Conference on e-business and Telecommunications ICETE 2015
[ MDVSA-2014:201 ] kernel
Vulnerabilities in WordPress Database Manager v2.7.1
Files Document & PDF 2.0.2 iOS - Multiple Vulnerabilities
Top Worms and Viruses
via Sophos,
Troj/Invo-Zip
W32/Netsky
Mal/EncPk-EI
Troj/Pushdo-Gen
Troj/Agent-HFU
Mal/Iframe-E
Troj/Mdrop-BTV
Troj/Mdrop-BUF
Troj/Agent-HFZ
Troj/Agent-HGT
Latest MS bulletins
via Microsoft,
MS11-703 - Important: Test MNP bulletin #3 (test0703)
MS11-702 - Moderate: Test MNP bulletin #2 (test0702)
MS11-701 - Low: Test MNP bulletin #1 (test0701)
MS11-069 - Moderate: Vulnerability in .NET Framework Could Allow Information Disclosure (2567951)
MS11-068 - Moderate: Vulnerability in Windows Kernel Could Allow Denial of Service (2556532)
MS11-067 - Important: Vulnerability in Microsoft Report Viewer Could Allow Information Disclosure (2578230)
MS11-066 - Important: Vulnerability in Microsoft Chart Control Could Allow Information Disclosure (2567943)
MS11-065 - Important: Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (2570222)
MS11-064 - Important: Vulnerabilities in TCP/IP Stack Could Allow Denial of Service (2563894)
MS11-063 - Important: Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2567680)
Stock Watch
via Yahoo! Finance
Updated 10/23/2014
NASDAQ 4459.141 +76.294
JNPR 20.04 +0.36
SYMC 23.76 +0.25
CSCO 23.61 +0.35
CKP 12.59 +0.44
MSFT 44.881 +0.501
IBM 162.135 +0.345
INTC 32.785 +0.515
AMD 2.675 +0.035
CIC.TO 11.07 unch
CA 27.46 +0.05
BCSI 0.00 N/A
VRSN 55.87 +0.68
INTC 32.785 +0.515
CUDA 29.44 +0.02
SPLK 59.56 +3.86
FEYE 30.43 +1.17
QLYS 28.50 +0.80
PANW 107.21 +4.63
HPQ 34.9701 +0.4801
IMPV 31.27 +1.21
PFPT 38.15 +1.65

 

Recent News

Vigil@nce - Cisco IOS XR: denial of service via NetFlow, analyzed on 23/07/2014
Vigil@nce - public vulnerabilities
An attacker can send IPv4 or IPv6 ill formed packets to NetFlow of Cisco IOS XR, in order to trigger a denial of service.

Abandoned subdomains pose security risk for businesses
Techworld.com Security News
Many companies set up subdomains for use with external services, but then forget to disable them when they stop using those services, creating a loophole for attackers to exploit.

Disaster as CryptoWall encrypts US firm's entire server installation
Techworld.com Security News
“Here is a tale of ransomware that will make your blood run cold,” announced Stu Sjouwerman of security training firm KnowBe4 in a company newsletter this week and he wasn’t exaggerating.

Ad-borne Cryptowall ransomware is set to claim FRESH VICTIMS
The Register - Security: Anti-Virus

Cybercrooks slurping hundreds of thousands from innocent marks, say securo-bods

Security watchers are warning of a surge in CryptoWall ransomware victims this month that will coincide with a campaign to spread a new variant of the malware thou

Check Point third-quarter profit beats estimates, raises 2014 forecast
Yahoo! News: Security News

Pro-Privacy Senator Wyden on Fighting the NSA From Inside the System
LinuxSecurity.com - Latest News
LinuxSecurity.com: Senator Ron Wyden thought he knew what was going on. The Democrat from Oregon, who has served on the Senate Select Committee on Intelligence since 2001, thought he knew the nature of the National Security Agency's surveillance a

NIST to hypervisor admins: secure your systems
LinuxSecurity.com - Latest News
LinuxSecurity.com: US standards body the National Institute of Standards and Technology (NIST) has laid out the basics of hypervisor security in a draft publication released for comment on 20 October.

Quick PHP patch beats slow research reveal
LinuxSecurity.com - Latest News
LinuxSecurity.com: Patches have been flung out to cover vulnerabilities in PHP that led to remote code execution and buffer overflows.

Vigil@nce - Apache httpd: NULL pointer dereference via mod_cache, analyzed on 23/07/2014
Vigil@nce - public vulnerabilities
An attacker can dereference a NULL pointer in mod_cache of Apache httpd, in order to trigger a denial of service.

CryptoWall ransom infections spike to 830,000 in matter of weeks
Techworld.com Security News
Dell SecureWorks has updated its figures on the number of PCs infected by the awful CryptoWall ransom malware and the news isn’t good – the number of systems has spiked suddenly to 830,000.

Review: Another black comic blast of 'Borderlands'
Yahoo! News: Security News

Vigil@nce - OpenSSH: access to /proc via SFTP, analyzed on 08/10/2014
Vigil@nce - public vulnerabilities
An authenticated attacker can read the /proc/self/maps file via SFTP of OpenSSH, in order to obtain sensitive information, or he can also write in the /proc/self/mem file to alter the memory content.

Vigil@nce - OpenBSD: denial of service via unaligned memory access, analyzed on 20/10/2014
Vigil@nce - public vulnerabilities
A local attacker can used an OpenBSD program using unaligned addresses, in order to trigger a denial of service.

Massive malvertising campaign on Yahoo, AOL and other sites delivers ransomware
Techworld.com Security News
Malicious advertisements made their way last week to almost two dozen popular websites and used browser-based exploits to infect computers with CryptoWall, a nasty file-encrypting ransomware program.

Government regulation on cloud security may spur SaaS use in health care
Techworld.com Security News
Governments may need to tighten the regulatory screws on SaaS vendors to make them be more transparent and forthcoming about their security practices.

Apple to stop SSL 3.0 support for push notifications soon
Techworld.com Security News
Apple will stop support next week for an encryption protocol found to contain a severe vulnerability, the company said on Wednesday.

Vietnam police hunt hackers behind mass outage
Techworld.com Security News
Vietnamese cybersecurity authorities are hunting hackers believed to be responsible for the country's biggest-ever online attack last week, according to the founder of a security website in Hanoi.

Startup wants to make cloud attractive for security-sensitive businesses
Techworld.com Security News
After three years in stealth, an Andreessen Horowitz-backed startup named Bracket Computing launched a new computing system today that aims to make the public cloud more palatable for security-sensitive enterprises.

Xen says its security policies might be buggier than its software
The Register - Security: Anti-Virus

Users didn't know if they were allowed to patch bug behind world cloud reboot

The Xen project has asked for help to ensure future bugs aren't as disruptive as the XSA-108 flaw that saw major cloud operators reboot an awful lot of servers.


Huawei says third-quarter smartphone shipments jump 26 percent, strong demand for high-end devices
Yahoo! News: Security News
By Yimou Lee HONG KONG (Reuters) - China's Huawei Technologies Co Ltd said third-quarter smartphone shipments jumped 26 percent year-on-year, doubling devices shipped to the high-margin premium market dominated by Samsung Electronics Co Ltd and Apple Inc.

Vigil@nce - NSS: multiple vulnerabilities, analyzed on 23/07/2014
Vigil@nce - public vulnerabilities
An attacker can use several vulnerabilities of NSS.

NIST to hypervisor admins: secure your systems
The Register - Security: Anti-Virus

Hypervisor security draft open for comment

US standards body the National Institute of Standards and Technology (NIST) has laid out the basics of hypervisor security in a draft publication released for comment on 20 October.


Quick PHP patch beats slow research reveal
The Register - Security: Anti-Virus

Simple solution to remote code execution

Patches have been flung out to cover vulnerabilities in PHP that led to remote code execution and buffer overflows.


Heres how to make sure your iCloud data is safe from hackers
Yahoo! News: Security News

The most disappointing video games of all-time, according to Redditors
Yahoo! News: Security News

Congress not likely to force iOS and Android decryption for the FBI
Yahoo! News: Security News

China's Xiaomi shifts some smartphone user data out of Beijing on privacy concerns
Yahoo! News: Security News

Finland's Nokia beats market expectations in third-quarter
Yahoo! News: Security News

Government ups air bag warning to 7.8M vehicles
Yahoo! News: Security News

Americans fear identity theft more than getting shot to death survey
The Register - Security: Anti-Virus

Don't worry, be happy

A survey into what Americans fear most has shown that fears of identity theft and being unsafe online outweigh the fear of being shot and killed by a random stranger.


Is your home or office internet gateway one of '1.2 MILLION' wide open to hijacking?
The Register - Security: Anti-Virus

Doublecheck your NAT-PMP settings now

Hundreds of thousands of routers, firewalls and gateways used by small offices and homes are said to be vulnerable to hijacking due to bungled NAT settings.


Google’s 2-Step Verification – why everybody should turn this on now
Techworld.com Security News
Online accounts such as Google are a major target for criminals and yet disturbingly large numbers of people protect this asset with little more than an email address and a weak password.

Microsoft warns users about 0-day behind PowerPoint attacks
The Register - Security: Anti-Virus

Might put out patch in update, might chuck it out sooner

Hackers are exploiting a zero-day vulnerability in Windows using malicious PowerPoint documents, Microsoft and security firms warn.


Fans go crackers for crazy Cheez-It creations
Yahoo! News: Security News
Chocolate-covered Cheez-Its, wedding cake Cheez-Its, even a Cheez-It cocktail... They're all out there. Ditto for Cheez-It jewelry and even Cheez-It tattoos (would that be Cheez-tats?).

Laura Poitras on the Crypto Tools That Made Her Snowden Film Possible
LinuxSecurity.com - Latest News
LinuxSecurity.com: As a journalist, Laura Poitras was the quiet mastermind behind the publication of Edward Snowden's unprecedented NSA leak. As a filmmaker, her new movie Citizenfour makes clear she's one of the most important directors working in

What you need to know about the SSLv3 "POODLE" flaw
LinuxSecurity.com - Latest News
LinuxSecurity.com: Another security vulnerability is hitting the tech (and mainstream!) press, and we want to make Fedora users get straight, simple information. This one is CVE-2014-3466, and the cute nickname of the day is "POODLE".

The Hacktivist as Angry Young Man
LinuxSecurity.com - Latest News
LinuxSecurity.com: Making no pretense of balance or objectivity, Vivien Lesnik Weisman's excitable documentary "The Hacker Wars" is a forceful indictment of the United States government's surveillance and prosecution of computer hackers and journal

The Hacker Wars Hits NYC
LinuxSecurity.com - Latest News
LinuxSecurity.com: Hackers are big news! On October 2, a New York Times headline trumpeted: "JP Morgan Chase Hacking Affects 76 Million Households." Recently retailers like Home Depot and Target were hit as well -- data banks reportedly hacked, per

CAINE Linux Distribution Helps Investigators With Forensic Analysis
LinuxSecurity.com - Latest News
LinuxSecurity.com: There is no shortage of Linux distributions to serve specific markets and use cases. In the security market, a number of Linux distributions are widely used, including Kali Linux, which is popular with security penetration tester

Mobile Device Encryption Could Lead to a 'Very, Very Dark Place', FBI Director Says
LinuxSecurity.com - Latest News
LinuxSecurity.com: FBI Director James Comey said Thursday that the recent movement toward default encryption of smartphones and other devices could "lead us to a very, very dark place." Echoing comments made by law enforcement officials for the las

What a hacker can learn about your life from the coffee shop's Wi-Fi network
LinuxSecurity.com - Latest News
LinuxSecurity.com: We often shift between a phone signal, private internet connections, and public Wi-Fi networks. You pass by your local Starbucks, for example, and the phone remembers you've been there in the past and latches on to its signal-wit

Hacker Halted 2014: Johnny Long Calls for Hackers for Charity Volunteers
LinuxSecurity.com - Latest News
LinuxSecurity.com: The irony was not lost on Johnny Long. On the silver screen, both hackers and zombies are typically associated with disaster, so the fact that he was at a zombie-themed security conference to speak about hackers making a positive

RIPS - Static Source Code Analysis For PHP Vulnerabilities
LinuxSecurity.com - Latest News
LinuxSecurity.com: RIPS is a tool written in PHP to find vulnerabilities using static source code analysis for PHP web applications. By tokenizing and parsing all source code files RIPS is able to transform PHP source code into a program model and

Finding a Video Poker Bug Made These Guys Rich-Then Vegas Made Them Pay
LinuxSecurity.com - Latest News
LinuxSecurity.com: John Kane was on a hell of a winning streak. On July 3, 2009, he walked alone into the high-limit room at the Silverton Casino in Las Vegas and sat down at a video poker machine called the Game King. Six minutes later the purple

USB is now UEC (use with extreme caution)
LinuxSecurity.com - Latest News
LinuxSecurity.com: USB is an acronym for Universal Serial Bus; at least that is what it has stood for since 1999 when it was patented. But now it may take on a new meaning and instead stand for Ultimate Security Breakdown.

Older News

iPhone Encryption and the Return of the Crypto Wars
LinuxSecurity.com - Latest News

Planning Considerations for BYOD and Consumerization of IT (Part 5)
WindowSecurity.com

Apple CEO Tim Cook meets with Chinese official after iCloud attack
Techworld.com Security News

Android ransomware 'Koler' turns into a worm, spreads via SMS
Techworld.com Security News

APPLE support doc CONFIRMS 'ORGANIZED NETWORK ATTACKS'
The Register - Security: Anti-Virus

Apple CEO discusses security with top Chinese official amid hacking claims: Xinhua
Yahoo! News: Security News

Google extends two-factor authentication with physical USB keys
Techworld.com Security News

Microsoft discloses zero-day flaw, publishes quick fix
Techworld.com Security News

Symantec sees rise in high-traffic DDoS attacks
Techworld.com Security News

China attacks lead Apple to alert users on iCloud threats
Techworld.com Security News

NOT OK GOOGLE: Android images can conceal code
The Register - Security: Anti-Virus

Pagers shout data center creds, pop star airport arrivals
The Register - Security: Anti-Virus

U.S. government probes medical devices for possible cyber flaws
Yahoo! News: Security News

Apple grapple: Congress kills FBI's Cupertino crypto kybosh plan
The Register - Security: Anti-Virus

Google puts Chrome credentials on USB drives for two-factor authentication
The Register - Security: Anti-Virus

In dot we trust: If you keep to this 124-page security rulebook, you can own yourname.trust
The Register - Security: Anti-Virus

New York financial regulator pushes banks to plug gaps in cybersecurity
Yahoo! News: Security News

Chinese APT groups targeting Australian lawyers
The Register - Security: Anti-Virus

Is Staples the latest retailer to get hit with a huge credit card breach?
Yahoo! News: Security News

FTC names privacy expert as chief technologist
Yahoo! News: Security News

Apple issues security warning for iCloud
Yahoo! News: Security News

Koler Android ransomware spreading in US as SMS worm, warns AdaptiveMobile
Techworld.com Security News

Vigil@nce - WordPress BulletProof Security: Cross Site Scripting, analyzed on 06/10/2014
Vigil@nce - public vulnerabilities

Vigil@nce - Cisco IOS XR: bypassing ACL via compression, analyzed on 06/10/2014
Vigil@nce - public vulnerabilities

Vigil@nce - Magento Enterprise Edition: CSV file upload, analyzed on 06/10/2014
Vigil@nce - public vulnerabilities

Vigil@nce - Cisco ASA: denial of service via SSL VPN and SharePoint, analyzed on 06/10/2014
Vigil@nce - public vulnerabilities


all content is copyright its respective owner or owners. the tools and components behind this page are copyright © 2003-2010 jose nazario, all rights reserved. this page is available as RSS 2.0.