Last updated:
Thu Oct 23 01:07:43 2014 GMT
  2014 FIRST Annual Conference in Boston - Register now

Recent bugs
via SecurityFocus,
Apple Mac OS X CVE-2014-4350 Buffer Overflow Vulnerability
Apple Mac OS X CVE-2014-1391 Memory Corruption Vulnerability
Apple Mac OS X QuickTime CVE-2014-4351 'm4a' File Handling Buffer Overflow Vulnerability
Linux Kernel 'ext4/file.c' Local Denial of Service Vulnerability
Bugzilla 'realname' Parameter Security Bypass Vulnerability
Bugzilla CVE-2014-1571 Information Disclosure Vulnerability
Bugzilla CVE-2014-1573 Multiple Cross Site Scripting Vulnerabilities
Drupal TableField Module Cross Site Scripting Vulnerability
Splunk 'Referer' Header Cross Site Scripting Vulnerability
Drupal Marketo MA Module Multiple Cross Site Scripting Vulnerabilities
Recent advisories
via Secunia, US-CERT,
TA12-073A: Microsoft Updates for Multiple Vulnerabilities
TA12-045A: Microsoft Updates for Multiple Vulnerabilities
TA12-024A: "Anonymous" DDoS Activity
TA12-010A: Microsoft Updates for Multiple Vulnerabilities
TA12-006A: Wi-Fi Protected Setup (WPS) Vulnerable to Brute-Force Attack
TA11-350A: Adobe Updates for Multiple Vulnerabilities
TA11-347A: Microsoft Updates for Multiple Vulnerabilities
TA11-312A: Microsoft Updates for Multiple Vulnerabilities
TA11-286A: Apple Updates for Multiple Vulnerabilities
TA11-284A: Microsoft Updates for Multiple Vulnerabilities
TA11-256A: Microsoft Updates for Multiple Vulnerabilities
TA11-222A: Adobe Updates for Multiple Vulnerabilities
TA11-221A: Microsoft Updates for Multiple Vulnerabilities
TA11-201A: Oracle Updates for Multiple Vulnerabilities
TA11-200A: Security Recommendations to Prevent Cyber Intrusions
TA11-193A: Microsoft Updates for Multiple Vulnerabilities
TA11-165A: Microsoft Updates for Multiple Vulnerabilities
TA11-166A: Adobe Updates for Multiple Vulnerabilities
TA11-130A: Microsoft Updates for Multiple Vulnerabilities
TA11-102A: Microsoft Updates for Multiple Vulnerabilities
Bugtraq Topics
via SecurityFocus,
iFunBox Free v1.1 iOS - File Include Vulnerability
File Manager v4.2.10 iOS - Code Execution Vulnerability
FreeBSD Security Advisory FreeBSD-SA-14:22.namei
FreeBSD Security Advisory FreeBSD-SA-14:20.rtsold
FreeBSD Security Advisory FreeBSD-SA-14:21.routed
FreeBSD Security Advisory FreeBSD-SA-14:23.openssl
CFP The 12th International Joint Conference on e-business and Telecommunications ICETE 2015
[ MDVSA-2014:201 ] kernel
Vulnerabilities in WordPress Database Manager v2.7.1
Files Document & PDF 2.0.2 iOS - Multiple Vulnerabilities
Top Worms and Viruses
via Sophos,
Latest MS bulletins
via Microsoft,
MS11-703 - Important: Test MNP bulletin #3 (test0703)
MS11-702 - Moderate: Test MNP bulletin #2 (test0702)
MS11-701 - Low: Test MNP bulletin #1 (test0701)
MS11-069 - Moderate: Vulnerability in .NET Framework Could Allow Information Disclosure (2567951)
MS11-068 - Moderate: Vulnerability in Windows Kernel Could Allow Denial of Service (2556532)
MS11-067 - Important: Vulnerability in Microsoft Report Viewer Could Allow Information Disclosure (2578230)
MS11-066 - Important: Vulnerability in Microsoft Chart Control Could Allow Information Disclosure (2567943)
MS11-065 - Important: Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (2570222)
MS11-064 - Important: Vulnerabilities in TCP/IP Stack Could Allow Denial of Service (2563894)
MS11-063 - Important: Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2567680)
Stock Watch
via Yahoo! Finance
Updated 10/22/2014
NASDAQ 4382.847 -36.632
JNPR 19.68 -0.50
SYMC 23.51 -0.165
CSCO 23.26 -0.25
CKP 12.15 -0.34
MSFT 44.38 -0.50
IBM 161.79 -1.44
INTC 32.27 -0.34
AMD 2.64 -0.13
CIC.TO 11.07 -0.02
CA 27.41 -0.15
BCSI 0.00 N/A
VRSN 55.19 -1.42
INTC 32.27 -0.34
CUDA 29.42 -0.57
SPLK 55.70 -2.62
FEYE 29.26 -0.90
QLYS 27.70 -0.10
PANW 102.58 -2.10
HPQ 34.49 -0.25
IMPV 30.06 -0.50
PFPT 36.50 -1.70


Recent News

Americans fear identity theft more than getting shot to death survey
The Register - Security: Anti-Virus

Don't worry, be happy

A survey into what Americans fear most has shown that fears of identity theft and being unsafe online outweigh the fear of being shot and killed by a random stranger.

Is your home or office internet gateway one of '1.2 MILLION' wide open to hijacking?
The Register - Security: Anti-Virus

Doublecheck your NAT-PMP settings now

Hundreds of thousands of routers, firewalls and gateways used by small offices and homes are said to be vulnerable to hijacking due to bungled NAT settings.

Google’s 2-Step Verification – why everybody should turn this on now Security News
Online accounts such as Google are a major target for criminals and yet disturbingly large numbers of people protect this asset with little more than an email address and a weak password.

Microsoft warns users about 0-day behind PowerPoint attacks
The Register - Security: Anti-Virus

Might put out patch in update, might chuck it out sooner

Hackers are exploiting a zero-day vulnerability in Windows using malicious PowerPoint documents, Microsoft and security firms warn.

Fans go crackers for crazy Cheez-It creations
Yahoo! News: Security News
Chocolate-covered Cheez-Its, wedding cake Cheez-Its, even a Cheez-It cocktail... They're all out there. Ditto for Cheez-It jewelry and even Cheez-It tattoos (would that be Cheez-tats?).

Laura Poitras on the Crypto Tools That Made Her Snowden Film Possible - Latest News As a journalist, Laura Poitras was the quiet mastermind behind the publication of Edward Snowden's unprecedented NSA leak. As a filmmaker, her new movie Citizenfour makes clear she's one of the most important directors working in

What you need to know about the SSLv3 "POODLE" flaw - Latest News Another security vulnerability is hitting the tech (and mainstream!) press, and we want to make Fedora users get straight, simple information. This one is CVE-2014-3466, and the cute nickname of the day is "POODLE".

The Hacktivist as Angry Young Man - Latest News Making no pretense of balance or objectivity, Vivien Lesnik Weisman's excitable documentary "The Hacker Wars" is a forceful indictment of the United States government's surveillance and prosecution of computer hackers and journal

The Hacker Wars Hits NYC - Latest News Hackers are big news! On October 2, a New York Times headline trumpeted: "JP Morgan Chase Hacking Affects 76 Million Households." Recently retailers like Home Depot and Target were hit as well -- data banks reportedly hacked, per

CAINE Linux Distribution Helps Investigators With Forensic Analysis - Latest News There is no shortage of Linux distributions to serve specific markets and use cases. In the security market, a number of Linux distributions are widely used, including Kali Linux, which is popular with security penetration tester

Mobile Device Encryption Could Lead to a 'Very, Very Dark Place', FBI Director Says - Latest News FBI Director James Comey said Thursday that the recent movement toward default encryption of smartphones and other devices could "lead us to a very, very dark place." Echoing comments made by law enforcement officials for the las

What a hacker can learn about your life from the coffee shop's Wi-Fi network - Latest News We often shift between a phone signal, private internet connections, and public Wi-Fi networks. You pass by your local Starbucks, for example, and the phone remembers you've been there in the past and latches on to its signal-wit

Hacker Halted 2014: Johnny Long Calls for Hackers for Charity Volunteers - Latest News The irony was not lost on Johnny Long. On the silver screen, both hackers and zombies are typically associated with disaster, so the fact that he was at a zombie-themed security conference to speak about hackers making a positive

RIPS - Static Source Code Analysis For PHP Vulnerabilities - Latest News RIPS is a tool written in PHP to find vulnerabilities using static source code analysis for PHP web applications. By tokenizing and parsing all source code files RIPS is able to transform PHP source code into a program model and

Finding a Video Poker Bug Made These Guys Rich-Then Vegas Made Them Pay - Latest News John Kane was on a hell of a winning streak. On July 3, 2009, he walked alone into the high-limit room at the Silverton Casino in Las Vegas and sat down at a video poker machine called the Game King. Six minutes later the purple

USB is now UEC (use with extreme caution) - Latest News USB is an acronym for Universal Serial Bus; at least that is what it has stood for since 1999 when it was patented. But now it may take on a new meaning and instead stand for Ultimate Security Breakdown.

iPhone Encryption and the Return of the Crypto Wars - Latest News Last week, Apple announced that it is closing a serious security vulnerability in the iPhone. It used to be that the phone's encryption only protected a small amount of the data, and Apple had the ability to bypass security on th

Planning Considerations for BYOD and Consumerization of IT (Part 5)
In this, Part 5, well move on to the discussion of BYOD compliance with government and industry security and privacy standards.

Apple CEO Tim Cook meets with Chinese official after iCloud attack Security News
Just after Apple's iCloud service faced a hacking attack from China, Apple CEO Tim Cook met with a Chinese official on Wednesday to discuss protecting users' privacy.

Android ransomware 'Koler' turns into a worm, spreads via SMS Security News
A malicious Android app that takes over the screen of devices and extorts money from users with fake notifications from law enforcement agencies was recently updated with a component that allows it to spread via text message spam.

The Register - Security: Anti-Virus

China govt: It wasn't us, honest

Apple is warning its iCloud users over heightened spying risks following the

Apple CEO discusses security with top Chinese official amid hacking claims: Xinhua
Yahoo! News: Security News

Google extends two-factor authentication with physical USB keys Security News
Google is letting users protect their accounts against password compromises by adding support for two-factor authentication based on physical USB keys.

Microsoft discloses zero-day flaw, publishes quick fix Security News
Microsoft has published a temporary fix for a new zero-day flaw that affects nearly all versions of Windows and is currently being exploited via PowerPoint.

Symantec sees rise in high-traffic DDoS attacks Security News
A type of distributed denial-of-service attack, DNS amplification, has risen sharply, according to new research from Symantec.

China attacks lead Apple to alert users on iCloud threats Security News
Apple has warned users about attacks on its iCloud website, after monitoring groups alleged that China had tried to intercept customer information from the service.

NOT OK GOOGLE: Android images can conceal code
The Register - Security: Anti-Virus

It's been fixed, but hordes won't have applied the upgrade

Someone's found (yet) another nasty security flaw in Android, by crafting a way to pack malicious software to look like images.

Pagers shout data center creds, pop star airport arrivals
The Register - Security: Anti-Virus

Encryption: IBM and Australian spooks have heard of it, but aren't using it

Anyone wanting to know the time world leaders arrive in Australia for the coming G20 summit need only listen to broadcasts from Aussie airports, researcher Ed Farrell

U.S. government probes medical devices for possible cyber flaws
Yahoo! News: Security News

Apple grapple: Congress kills FBI's Cupertino crypto kybosh plan
The Register - Security: Anti-Virus

Encryption would lead us all into a 'dark place', claim G-Men

The FBI director James Comey's bid to have Congress kibosh default encryption appears to have publicly failed after senators said the proposal would be rejected.

Google puts Chrome credentials on USB drives for two-factor authentication
The Register - Security: Anti-Virus

Company teams up with FIDO Alliance to support push-button security keys

Google has announced support for a platform which will allow users to log into applications by pressing a button on a secured USB drive.

In dot we trust: If you keep to this 124-page security rulebook, you can own
The Register - Security: Anti-Virus

Step 1: Don't get owned. Step 2: Use HTTPS. Step 3: ...

NCC Group has published a set of security standards that you'll have to follow if you want to operate a .trust website.

New York financial regulator pushes banks to plug gaps in cybersecurity
Yahoo! News: Security News
(Reuters) - Following the massive cyber attack on the biggest U.S. bank JPMorgan Chase & Co disclosed in August, and other financial institutions, government authorities in United States are pushing financial institutions and brokerage houses to close gla

Chinese APT groups targeting Australian lawyers
The Register - Security: Anti-Virus

Have a bit of sympathy, people: lawyers hold YOUR data and juicy stuff about big deals

Law firms are among Australian businesses being targeted by at least 13 Chinese advanced malware groups in a bid to steal intelligence from big business, sa

Is Staples the latest retailer to get hit with a huge credit card breach?
Yahoo! News: Security News

FTC names privacy expert as chief technologist
Yahoo! News: Security News
The Federal Trade Commission on Tuesday named an outspoken Internet privacy expert, Ashkan Soltani, as its chief technologist in a move that signals the agency's focus on protecting consumers' online privacy. ...

Apple issues security warning for iCloud
Yahoo! News: Security News
SAN FRANCISCO (AP) Apple has posted a new security warning for users of its iCloud online storage service amid reports of a concerted effort to steal passwords and other data from people who use the popular service in China.

Koler Android ransomware spreading in US as SMS worm, warns AdaptiveMobile Security News
The Koler Android ransom Trojan is spreading in the US after turning itself into an SMS worm, it has been reported. It's a tactic that could allow a rare piece of mobile malware to escape the nether-world of sideloaded apps from dodgy porn sites.

Vigil@nce - WordPress BulletProof Security: Cross Site Scripting, analyzed on 06/10/2014
Vigil@nce - public vulnerabilities
An attacker can trigger a Cross Site Scripting of WordPress BulletProof Security, in order to execute JavaScript code in the context of the web site.

Vigil@nce - Cisco IOS XR: bypassing ACL via compression, analyzed on 06/10/2014
Vigil@nce - public vulnerabilities
An attacker can bypass ACLs of Cisco IOS XR which use ranges, in order to access to a service which should be filtered.

Vigil@nce - Magento Enterprise Edition: CSV file upload, analyzed on 06/10/2014
Vigil@nce - public vulnerabilities
A privileged attacker can upload a malicious PHP.CSV file on Magento Enterprise Edition, in order to execute code.

Vigil@nce - Cisco ASA: denial of service via SSL VPN and SharePoint, analyzed on 06/10/2014
Vigil@nce - public vulnerabilities
An attacker can use SharePoint via the SSL VPN of Cisco ASA, in order to trigger a denial of service.

One week after patch, Flash vulnerability already exploited in large-scale attacks Security News
If you haven't updated your Flash Player with the fixes released on Oct. 14, you may be vulnerable to new attacks using a commercial exploit kit called Fiesta, security researchers warn.

Edward who? GCHQ boss dodges Snowden topic during last speech
The Register - Security: Anti-Virus

UK spies would rather 'walk' than do 'mass surveillance'

Sir Iain Lobban's final speech as GCHQ director omitted any mention of that man Edward Snowden, and unlike recent speeches by FBI and law enforcement officials on both side of the Atlant

The Tech Behind Apple Pay: Is Your Money Secure?
Yahoo! News: Security News

Older News

7 awesome paid iPhone and iPad apps you can get for free right now
Yahoo! News: Security News

FBI backtracks on Russian involvement in JPMorgan Chase breach Security News

Hacked and ashamed? C'mon, Brits report that cybercrime
The Register - Security: Anti-Virus

Apple Pay could be a big deal for Android users Security News

Bank of England launches investigation into CHAPS system failure Security News

Carders punch holes through Staples
The Register - Security: Anti-Virus

Quantum key security steps outside the box
The Register - Security: Anti-Virus

Palo Alto Networks boxes spray firewall creds across the net
The Register - Security: Anti-Virus

Apple Pay Q&A: What you need to know
Yahoo! News: Security News

U.S. national security prosecutors shift focus from spies to cyber
Yahoo! News: Security News

Apple Pay Q&A: What you need to know
Yahoo! News: Security News

Obamas new order: U.S. governments credit card security must be improved
Yahoo! News: Security News

China-backed hackers may have infiltrated Apple's iCloud: blog
Yahoo! News: Security News

Cisco battles POODLE with a listicle and some twaddle
The Register - Security: Anti-Virus

China-backed hackers may have infiltrated Apple's iCloud: blog
Yahoo! News: Security News

Windows XP flaws help Russian 'Qbot' gang build 500,000 PC botnet
Hack In The Box

Gartner lays out its top 10 tech trends for 2015
Hack In The Box

7 Things About Android Lollipop 5.0 You Need To Know
Hack In The Box

Apple solders RAM into new Mac mini to block memory upgrades
Hack In The Box

Dropbox used for convincing phishing attack
Hack In The Box

IBM expected to unveil chip manufacturing deal Monday
Hack In The Box

New White House efforts help secure your payments
Hack In The Box

Dell woman wins woman of year award
Hack In The Box

all content is copyright its respective owner or owners. the tools and components behind this page are copyright © 2003-2010 jose nazario, all rights reserved. this page is available as RSS 2.0.