Last updated:
Mon Nov 24 05:07:22 2014 GMT
  2014 FIRST Annual Conference in Boston - Register now


Recent bugs
via SecurityFocus,
QEMU 'hw/usb/bus.c' Heap Based Buffer Overflow Vulnerability
QEMU CVE-2014-3689 Multiple Local Security Bypass Vulnerabilities
QEMU 'vmstate_xhci_event' Field Memory Corruption Vulnerability
Adobe Flash Player and AIR CVE-2014-0581 Memory Corruption Vulnerability
Adobe Flash Player and AIR CVE-2014-0582 Unspecified Heap Based Buffer Overflow Vulnerability
Adobe Flash Player and AIR CVE-2014-0588 Use After Free Remote Code Execution Vulnerability
Adobe Flash Player and AIR CVE-2014-0589 Unspecified Heap Based Buffer Overflow Vulnerability
LibVNCServer CVE-2014-6053 Remote Denial of Service Vulnerability
Google Chrome CVE-2014-7907 Use After Free Remote Code Execution Vulnerability
Google Chrome CVE-2014-7910 Multiple Security Vulnerabilities
Recent advisories
via Secunia, US-CERT,
TA12-073A: Microsoft Updates for Multiple Vulnerabilities
TA12-045A: Microsoft Updates for Multiple Vulnerabilities
TA12-024A: "Anonymous" DDoS Activity
TA12-010A: Microsoft Updates for Multiple Vulnerabilities
TA12-006A: Wi-Fi Protected Setup (WPS) Vulnerable to Brute-Force Attack
TA11-350A: Adobe Updates for Multiple Vulnerabilities
TA11-347A: Microsoft Updates for Multiple Vulnerabilities
TA11-312A: Microsoft Updates for Multiple Vulnerabilities
TA11-286A: Apple Updates for Multiple Vulnerabilities
TA11-284A: Microsoft Updates for Multiple Vulnerabilities
TA11-256A: Microsoft Updates for Multiple Vulnerabilities
TA11-222A: Adobe Updates for Multiple Vulnerabilities
TA11-221A: Microsoft Updates for Multiple Vulnerabilities
TA11-201A: Oracle Updates for Multiple Vulnerabilities
TA11-200A: Security Recommendations to Prevent Cyber Intrusions
TA11-193A: Microsoft Updates for Multiple Vulnerabilities
TA11-165A: Microsoft Updates for Multiple Vulnerabilities
TA11-166A: Adobe Updates for Multiple Vulnerabilities
TA11-130A: Microsoft Updates for Multiple Vulnerabilities
TA11-102A: Microsoft Updates for Multiple Vulnerabilities
Bugtraq Topics
via SecurityFocus,
[security bulletin] HPSBUX03087 SSRT101413 rev.2 - HP-UX CIFS Server (Samba), Remote Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Access
[ MDVSA-2014:221 ] php-smarty
[ MDVSA-2014:222 ] libvirt
[ MDVSA-2014:223 ] wireshark
[ MDVSA-2014:224 ] krb5
[ MDVSA-2014:218 ] asterisk
AST-2014-016: Remote Crash Vulnerability in PJSIP channel driver
AST-2014-017: Permission escalation through ConfBridge actions/dialplan functions
AST-2014-018: AMI permission escalation through DB dialplan function
Multiple SQL Injection in SP Client Document Manager plugin
Top Worms and Viruses
via Sophos,
Troj/Invo-Zip
W32/Netsky
Mal/EncPk-EI
Troj/Pushdo-Gen
Troj/Agent-HFU
Mal/Iframe-E
Troj/Mdrop-BTV
Troj/Mdrop-BUF
Troj/Agent-HFZ
Troj/Agent-HGT
Latest MS bulletins
via Microsoft,
MS11-703 - Important: Test MNP bulletin #3 (test0703)
MS11-702 - Moderate: Test MNP bulletin #2 (test0702)
MS11-701 - Low: Test MNP bulletin #1 (test0701)
MS11-069 - Moderate: Vulnerability in .NET Framework Could Allow Information Disclosure (2567951)
MS11-068 - Moderate: Vulnerability in Windows Kernel Could Allow Denial of Service (2556532)
MS11-067 - Important: Vulnerability in Microsoft Report Viewer Could Allow Information Disclosure (2578230)
MS11-066 - Important: Vulnerability in Microsoft Chart Control Could Allow Information Disclosure (2567943)
MS11-065 - Important: Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (2570222)
MS11-064 - Important: Vulnerabilities in TCP/IP Stack Could Allow Denial of Service (2563894)
MS11-063 - Important: Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2567680)
Stock Watch
via Yahoo! Finance
Updated 11/21/2014
NASDAQ 4712.97 +11.102
JNPR 21.85 +0.46
SYMC 25.33 -0.07
CSCO 26.88 +0.07
CKP 12.87 -0.14
MSFT 47.98 -0.72
IBM 160.92 +0.28
INTC 35.59 -0.36
AMD 2.77 +0.08
CIC.TO 11.65 +0.05
CA 30.63 +0.53
BCSI 0.00 N/A
VRSN 59.90 +0.17
INTC 35.59 -0.36
CUDA 35.28 -0.23
SPLK 66.93 +1.99
FEYE 31.77 +0.78
QLYS 33.30 -0.22
PANW 108.93 -0.11
HPQ 37.26 +0.33
IMPV 41.81 -0.35
PFPT 42.24 +0.07

 

Recent News

Crypto protocols held back by legacy, says ENISA
The Register - Security: Anti-Virus

EU takes the microscope to security

The EU Agency for Network Information and Security (ENISA) has updated its 2013 crypto guidelines, designed to help developers protect personal information in line with EU law, and has sternly told crypto de

Fort Drum powered by wood in renewable energy push
Yahoo! News: Security News

SandWorm thrived thanks to botched MSFT patch says HP
The Register - Security: Anti-Virus

Issues known and understood for at least two years before Shai-Hulud crawled out of the code

Microsoft had a chance to crush the SandWorm bug before it crawled out of the dunes, but botched the job, says HP.


Computer spying malware uncovered with 'stealth' features: Symantec
Yahoo! News: Security News
(Reuters) - An advanced malicious software application has been uncovered that since 2008 was used to spy on private companies, governments, research institutes and individuals in 10 countries, anti virus software maker Symantec Corp said in a report on S

Fort Drum powered by wood in renewable energy push
Yahoo! News: Security News

Vigil@nce - Xen: memory leak via MMU_MACHPHYS_UPDATE, analyzed on 20/11/2014
Vigil@nce - public vulnerabilities
An attacker can create a memory leak in MMU_MACHPHYS_UPDATE of Xen, in order to trigger a denial of service.

Vigil@nce - Qt Creator: missing SSH public key validation, analyzed on 07/11/2014
Vigil@nce - public vulnerabilities
An attacker can intercept communications between Qt Creator and its controlled devices, in order to get the privileges of the authorized user.

Vigil@nce - Trend Micro InterScan Web Security: file reading via AdminUI, analyzed on 07/11/2014
Vigil@nce - public vulnerabilities
An attacker can read files via the administration Web application of Trend Micro InterScan Web Security, in order to obtain sensitive information.

Vigil@nce - IBM Tivoli Storage Manager: altering files via BACKUPINITIATION, analyzed on 19/11/2014
Vigil@nce - public vulnerabilities
A local attacker can alter backups of IBM Tivoli Storage Manager, in order to store a malicious program for example.

NYC man gets prison for role in cybercrime ring
Yahoo! News: Security News
A New York City man was sentenced Friday to more than three years in prison for his role in an international cybercrime ring that prosecutors say hacked into the computers of more than a dozen financial ...

Re: The GCHQ boss's assault on privacy
RISKS Digest

Re: 81% of Tor users can be de-anonymized by analyzing router ...
RISKS Digest

Privacy Concerns for ClassDojo and Other Tracking Apps for Schoolchildren
RISKS Digest

Pay Phones in New York City Will Become Free Wi-Fi Hot Spots
RISKS Digest

China blocks websites as Internet meeting begins
RISKS Digest

High-school RISKS courses?
RISKS Digest

"CASL restricts freedom of speech, academic paper argues"
RISKS Digest

"How to lose customers with excessive security"
RISKS Digest

"ISACA survey shows security disconnect for breaches, wearables"
RISKS Digest

"Malware served through rogue Tor exit node tied to cyber espionage group"
RISKS Digest

"Microsoft does it again, botches KB 2992611 SChannel patch"
RISKS Digest

Why mobile and consumer ISPs shouldn't censor encryption or the Net
RISKS Digest

Android source of spreading malware
RISKS Digest

Ian Urbina: The Secret Life of Passwords
RISKS Digest

Drones Sighted by Pilots Landing at JFK Airport in NYC Show New Risks
RISKS Digest

Auckland 'NewCore' project a year late and $100 million over budget
RISKS Digest

Twitter used to pass election polling information?
RISKS Digest

Australia rules out e-voting
RISKS Digest

Electronic Election Fraud Apparent in Brazil; Done in America Today?
RISKS Digest

Brooklyn man sentenced for role in cybercrime ring
Yahoo! News: Security News
A New York City man has been sentenced to about 3 1/2 years in prison for his role in an international cybercrime ring that hacked into the computers of more than a dozen financial institutions and the ...

HACKERS can DELETE SURVEILLANCE DVRS remotely report
The Register - Security: Anti-Virus

Hikvision devices wide open to hacking, claim securobods

DVR systems from Hikvision have vulnerabilities that open the door to hacking, security researchers have warned.


Latest Google Maps update brings awesome new features to Android
Yahoo! News: Security News

Brooklyn man sentenced for role in cybercrime ring
Yahoo! News: Security News
TRENTON, N.J. (AP) A New York City man has been sentenced to about 3 1/2 years in prison for his role in an international cybercrime ring that hacked into the computers of more than a dozen financial institutions and the U.S. military's payroll service.

Heres who is tracking your smartphone and how to stop them
Yahoo! News: Security News

Vigil@nce - GNU binutils: creation or corruption of files by directory traversal, analyzed on 06/11/2014
Vigil@nce - public vulnerabilities
An attacker can create an AR archive, in order to create or change files outside the directory the archive is located in.

DDoS attacks swamping media and entertainment firms, Verisign reports
Techworld.com Security News
The trend for DDoS attacks to target the media and entertainment industries shows no sign of abating with this sector now accounting for more than half of all incidents, according the latest figures from Verisign’s protection services wing have con

CIA crypto-king offers new 'clock' clue to crack Kryptos code
The Register - Security: Anti-Virus

Big structure in full public view unlikely to contain anything important

The man who built a cryptographic sculpture for the CIA has provided a second clue to help crack its infamously difficult code.


Google Releases Open Source Tool for Testing Web App Security Scanners
LinuxSecurity.com - Latest News
LinuxSecurity.com: Google today released to open source tool called Firing Range, which is designed as a test bed for Web application security scanners that provides coverage for a wide variety of cross-site scripting (XSS) and other vulnerabilitie

Most Targeted Attacks Exploit Privileged Accounts
LinuxSecurity.com - Latest News
LinuxSecurity.com: We all like to write and talk about flashy zero-day vulnerabilities. However, a new threat report cautions enterprises not to flatter themselves, because the majority of criminals are not using valuable zero-days exploits to pene

NotCompable sets new standards for mobile botnet sophistication
LinuxSecurity.com - Latest News
LinuxSecurity.com: The NotCompatible mobile malware has reached a new level of sophistication, according to a new report from San Francisco-based mobile security company Lookout, Inc.

Hands on with Caine Linux: Pentesting and UEFI compatible
LinuxSecurity.com - Latest News
LinuxSecurity.com: Wow, do I have mixed feelings about Caine Linux. First and foremost, it is a Linux-based forensic analysis system which is UEFI-compatible. However, while it is reasonably easy to boot as a Live DVD or USB system, I found it to b

Vigil@nce - Magento Enterprise Edition: Cross Site Scripting of some Flash programs, analyzed on 06/11/2014
Vigil@nce - public vulnerabilities
An attacker can trigger a Cross Site Scripting in some Flash files of Magento Enterprise Edition, in order to execute JavaScript code in the context of the web site.

Vigil@nce - Xen: NULL pointer dereference via MMU Update, analyzed on 18/11/2014
Vigil@nce - public vulnerabilities
An attacker can force a NULL pointer to be dereferenced in MMU Update of Xen, in order to trigger a denial of service.

Vigil@nce - Drupal videowhisper: Cross Site Scripting of special_textscroller.php, analyzed on 06/11/2014
Vigil@nce - public vulnerabilities
An attacker can trigger a Cross Site Scripting in special_textscroller.php of Drupal videowhisper, in order to execute JavaScript code in the context of the web site.

DoubleDirect hackers snaffle fandroid and iPhone-strokers' secrets
The Register - Security: Anti-Virus

Windows and Linux seem immune from redirection assault

Hackers are running Man-in-the-Middle attacks (MitM) against smartphones using a new attack technique, security researchers warn.


Older News

Complex Android malware believed to have infected up to 4.5M smartphones in the U.S.
Yahoo! News: Security News

Vigil@nce - Cisco Unity Connection: sensitive information leak in the log files of Unified Messaging Service, analyzed on 06/11/2014
Vigil@nce - public vulnerabilities

Vigil@nce - Linux kernel: read-write access via fsuid, analyzed on 18/11/2014
Vigil@nce - public vulnerabilities

PayPal takes 18 months to patch critical remote code execution hole
The Register - Security: Anti-Virus

GCHQ and Cable and Wireless teamed as Masters of the Internet
The Register - Security: Anti-Virus

Today in History
Yahoo! News: Security News

Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
The Register - Security: Anti-Virus

Citadel Trojan snooped on password managers to snatch victims' logins
The Register - Security: Anti-Virus

U.S. accuses China of cyber spying on American companies
Yahoo! News: Security News

Poland opens probe into electoral hacking
Yahoo! News: Security News

Vigil@nce - python-requests for Kerberos: spoof of an HTTP server, analyzed on 05/11/2014
Vigil@nce - public vulnerabilities

Vigil@nce - WordPress Clean and Simple Contact Form: Cross Site Scripting, analyzed on 05/11/2014
Vigil@nce - public vulnerabilities

Vigil@nce - VMWare Workstation: information disclosure via vmx86, analyzed on 05/11/2014
Vigil@nce - public vulnerabilities

Vigil@nce - FortiNet FortiGate: buffer overflow of FortiManager Service, analyzed on 20/08/2014
Vigil@nce - public vulnerabilities

Vigil@nce - Embarcadero Delphi: buffer overflow of VCL, analyzed on 20/08/2014
Vigil@nce - public vulnerabilities

Vigil@nce - PHP: buffer overflow of date_from_ISO8601, analyzed on 05/11/2014
Vigil@nce - public vulnerabilities

Vigil@nce - Panda Security: buffer overflow of PavTPK.sys, analyzed on 20/08/2014
Vigil@nce - public vulnerabilities

Ransom malware attacks underscore limitations of anti-virus software
Techworld.com Security News

Congress urged to consider sanctions on Chinese cyber-spies
Yahoo! News: Security News

NSA director: China can damage US power grid
Yahoo! News: Security News

Hackers encrypted the entire City of Detroit DataBase & demanded ransom of 2000 bitcoins ($803,500)
LinuxSecurity.com - Latest News

Vigil@nce - KDE Konversation: buffer overflow of Blowfish ECB decryption, analyzed on 05/11/2014
Vigil@nce - public vulnerabilities

Vigil@nce - WordPress Wordfence Firewall: Cross Site Scripting, analyzed on 05/11/2014
Vigil@nce - public vulnerabilities

Vigil@nce - WordPress BulletProof Security: multiple vulnerabilities, analyzed on 05/11/2014
Vigil@nce - public vulnerabilities

Peeping Toms are INSIDE YOUR HOUSE. Better secure your webcam, folks
The Register - Security: Anti-Virus

A life of cybercrime, a caipirinha and a tan: Fraudsters love a Brazilian
The Register - Security: Anti-Virus

FTC cracks down on massive PC cleaner security scam
Yahoo! News: Security News


all content is copyright its respective owner or owners. the tools and components behind this page are copyright © 2003-2010 jose nazario, all rights reserved. this page is available as RSS 2.0.