Last updated:
Wed Sep 17 19:07:29 2014 GMT
  2014 FIRST Annual Conference in Boston - Register now


Recent bugs
via SecurityFocus,
Libav Media File Handling Denial of Service Vulnerability
Adobe Reader and Acrobat CVE-2014-0561 Heap Based Buffer Overflow Vulnerability
Microsoft Internet Explorer CVE-2014-4079 Remote Memory Corruption Vulnerability
Microsoft Internet Explorer CVE-2014-4092 Remote Memory Corruption Vulnerability
Microsoft Internet Explorer CVE-2014-4101 Remote Memory Corruption Vulnerability
Adobe Reader and Acrobat CVE-2014-0567 Heap Based Buffer Overflow Vulnerability
D-Bus CVE-2014-3636 Denial of Service Vulnerability
D-Bus CVE-2014-3639 Denial of Service Vulnerability
D-Bus CVE-2014-3637 Denial of Service Vulnerability
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4212 Use After Free Memory Corruption Vulnerability
Recent advisories
via Secunia, US-CERT,
TA12-073A: Microsoft Updates for Multiple Vulnerabilities
TA12-045A: Microsoft Updates for Multiple Vulnerabilities
TA12-024A: "Anonymous" DDoS Activity
TA12-010A: Microsoft Updates for Multiple Vulnerabilities
TA12-006A: Wi-Fi Protected Setup (WPS) Vulnerable to Brute-Force Attack
TA11-350A: Adobe Updates for Multiple Vulnerabilities
TA11-347A: Microsoft Updates for Multiple Vulnerabilities
TA11-312A: Microsoft Updates for Multiple Vulnerabilities
TA11-286A: Apple Updates for Multiple Vulnerabilities
TA11-284A: Microsoft Updates for Multiple Vulnerabilities
TA11-256A: Microsoft Updates for Multiple Vulnerabilities
TA11-222A: Adobe Updates for Multiple Vulnerabilities
TA11-221A: Microsoft Updates for Multiple Vulnerabilities
TA11-201A: Oracle Updates for Multiple Vulnerabilities
TA11-200A: Security Recommendations to Prevent Cyber Intrusions
TA11-193A: Microsoft Updates for Multiple Vulnerabilities
TA11-165A: Microsoft Updates for Multiple Vulnerabilities
TA11-166A: Adobe Updates for Multiple Vulnerabilities
TA11-130A: Microsoft Updates for Multiple Vulnerabilities
TA11-102A: Microsoft Updates for Multiple Vulnerabilities
Bugtraq Topics
via SecurityFocus,
Path Traversal in webEdition
Reflected Cross-Site Scripting (XSS) in MODX Revolution
APPLE-SA-2014-09-17-1 iOS 8
[CORE-2014-0006] - Delphi and C++ Builder VCL library Heap Buffer Overflow
Android Bluetooth Pairing Packet Processing Vulnerability(by wangzq from NCNIPC)
MIUI Wifi Connection Message Vulnerability
MIUI Torch Open Vulnerability
ESA-2014-091: EMC Documentum Content Server Multiple Privilege Escalation Vulnerabilities
Briefcase 4.0 iOS - Code Execution & File Include Vulnerability
Re: HttpFileServer 2.3.x Remote Command Execution
Top Worms and Viruses
via Sophos,
Troj/Invo-Zip
W32/Netsky
Mal/EncPk-EI
Troj/Pushdo-Gen
Troj/Agent-HFU
Mal/Iframe-E
Troj/Mdrop-BTV
Troj/Mdrop-BUF
Troj/Agent-HFZ
Troj/Agent-HGT
Latest MS bulletins
via Microsoft,
MS11-703 - Important: Test MNP bulletin #3 (test0703)
MS11-702 - Moderate: Test MNP bulletin #2 (test0702)
MS11-701 - Low: Test MNP bulletin #1 (test0701)
MS11-069 - Moderate: Vulnerability in .NET Framework Could Allow Information Disclosure (2567951)
MS11-068 - Moderate: Vulnerability in Windows Kernel Could Allow Denial of Service (2556532)
MS11-067 - Important: Vulnerability in Microsoft Report Viewer Could Allow Information Disclosure (2578230)
MS11-066 - Important: Vulnerability in Microsoft Chart Control Could Allow Information Disclosure (2567943)
MS11-065 - Important: Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (2570222)
MS11-064 - Important: Vulnerabilities in TCP/IP Stack Could Allow Denial of Service (2563894)
MS11-063 - Important: Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2567680)
Stock Watch
via Yahoo! Finance
Updated 9/17/2014
NASDAQ 4581.457 +28.698
JNPR 22.8634 +0.0634
SYMC 24.5441 +0.3341
CSCO 25.25 +0.03
CKP 13.20 unch
MSFT 46.53 -0.23
IBM 193.08 +0.12
INTC 35.0348 +0.1048
AMD 3.835 +0.025
CIC.TO 11.71 +0.01
CA 28.6632 +0.1082
BCSI 0.00 N/A
VRSN 56.08 +0.33
INTC 35.03 +0.10
CUDA 26.26 -0.39
SPLK 56.7116 +0.2316
FEYE 36.02 +2.38
QLYS 25.05 +0.32
PANW 99.13 +0.80
HPQ 36.66 +0.40
IMPV 31.40 +0.18
PFPT 38.51 +0.94

 

Recent News

Chinese hacked U.S. military contractors, Senate probe finds
Yahoo! News: Security News

Vigil@nce - TYPO3 Extensions: multiple vulnerabilities, analyzed on 02/09/2014
Vigil@nce - public vulnerabilities
An attacker can use several vulnerabilities of TYPO3 extensions.

Third-Party Software is a Security Threat (Part 1)
WindowSecurity.com
In these two articles we will explore the areas that enterprise need to focus on as a security conscious company to ensure that loose ends are pinned down to improve our overall security posture.

UK.gov lobs another fistful of change at SME infosec nightmares
The Register - Security: Anti-Virus

Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all

Business secretary Vince Cable has announced a 4m fund to help small businesses fight cyber crime. This has not gone down well with the infosec world.


Critical Adobe Reader and Acrobat patches FINALLY make it out
The Register - Security: Anti-Virus

Eight vulns healed, including XSS and DoS paths

Adobe belatedly pushed out critical updates for its frequently-attacked Reader and Acrobat PDF software packages on Tuesday.


Vigil@nce - Symantec Web Gateway: multiple vulnerabilities, analyzed on 17/06/2014
Vigil@nce - public vulnerabilities
An attacker can use several vulnerabilities of Symantec Web Gateway.

Vigil@nce - WordPress CuckooTap Theme and eShop: information disclosure via admin-ajax.php, analyzed on 02/09/2014
Vigil@nce - public vulnerabilities
An attacker can use admin-ajax.php of WordPress CuckooTap Theme and eShop, in order to obtain sensitive information.

Petrochem citadel falls
The Register - Security: Anti-Virus

Middle east webmail servers popped

Trusteer researchers are saying that the victims of the latest round of Citadel trojan infections includes one of the largest petrochemical companies in the world.


Cisco sprinkles Sourcefire goodies on ASA firewalls
The Register - Security: Anti-Virus

FirePOWER can be licensed into existing kit

Cisco has taken the next step in wrapping the technology it acquired along with Sourcefire, by putting its Adaptive Security Appliance (ASA) next-gen firewalls and the FirePOWER technology into the b

Credit card cutting flaw could have killed EVERY AD on Twitter
The Register - Security: Anti-Virus

Party-pooper gets $2800 for ad-busting bug

Twitter has patched a flaw in its service that allowed unauthorised users to delete every credit card from all accounts, potentially relieving the company of its advertising revenue, security research

Amazon REINTRODUCES Kindle swindle vulnerability
The Register - Security: Anti-Virus

Malware gives book thief grief

Amazon has reintroduced and again fixed a flaw into its Kindle management page that allows attackers to commandeer accounts by booby trapping pirated books, researcher Benjamin Mussler says.


Probe: HealthCare.gov website must boost security
Yahoo! News: Security News

Got your NUDE SELFIES in the cloud? Two-factor auth's your best bet for securing them
The Register - Security: Anti-Virus

Infosec made simple: 2FA, its good points and bad points

Bill Gates in 2004 predicted the death of the password over time. They just dont meet the challenge for anything you really want to secure, Gates said.