Last updated:
Mon Jan 25 17:07:33 2016 GMT
  2014 FIRST Annual Conference in Boston - Register now

Recent bugs
via SecurityFocus,
TigerVNC Screen Size Handling Integer Overflow Vulnerability
JasPer 'jas_matrix_create()' Function Integer Overflow Vulnerability
Xen CVE-2015-8338 Denial of Service Vulnerability
Oracle Java SE CVE-2015-0491 Remote Security Vulnerability
Autodesk Design Review CVE-2015-8571 Remote Buffer Overflow Vulnerability
libxml2 CVE-2015-8710 Out-of-bounds Memory Access Vulnerability
libxml2 CVE-2015-7498 Denial of Service Vulnerability
Libxml2 'xmlParseConditionalSections()' Function Denial of Service Vulnerability
Mozilla Firefox Multiple Security Vulnerabilities
libxml2 CVE-2015-7500 Denial of Service Vulnerability
Recent advisories
via Secunia, US-CERT,
TA12-073A: Microsoft Updates for Multiple Vulnerabilities
TA12-045A: Microsoft Updates for Multiple Vulnerabilities
TA12-024A: "Anonymous" DDoS Activity
TA12-010A: Microsoft Updates for Multiple Vulnerabilities
TA12-006A: Wi-Fi Protected Setup (WPS) Vulnerable to Brute-Force Attack
TA11-350A: Adobe Updates for Multiple Vulnerabilities
TA11-347A: Microsoft Updates for Multiple Vulnerabilities
TA11-312A: Microsoft Updates for Multiple Vulnerabilities
TA11-286A: Apple Updates for Multiple Vulnerabilities
TA11-284A: Microsoft Updates for Multiple Vulnerabilities
TA11-256A: Microsoft Updates for Multiple Vulnerabilities
TA11-222A: Adobe Updates for Multiple Vulnerabilities
TA11-221A: Microsoft Updates for Multiple Vulnerabilities
TA11-201A: Oracle Updates for Multiple Vulnerabilities
TA11-200A: Security Recommendations to Prevent Cyber Intrusions
TA11-193A: Microsoft Updates for Multiple Vulnerabilities
TA11-165A: Microsoft Updates for Multiple Vulnerabilities
TA11-166A: Adobe Updates for Multiple Vulnerabilities
TA11-130A: Microsoft Updates for Multiple Vulnerabilities
TA11-102A: Microsoft Updates for Multiple Vulnerabilities
Bugtraq Topics
via SecurityFocus,
PHP-FPM fpm_log.c memory leak and buffer overflow
PHP LiteSpeed SAPI secret key improper disposal
HP ToComMsg DLL side loading vulnerability
HP LaserJet Fax Preview DLL side loading vulnerability
ZyXel WAP3205 v1 Multiple XSS
Remote shutdown vulnerability in Buffalo NAS (Linkstation 420)
[SECURITY] [DSA 3451-1] fuse security update
January 2016 - Bamboo - Critical Security Advisory
SEC Consult SA-20160121-0 :: Deliberately hidden backdoor account in AMX (Harman Professional) devices
Executable installers are vulnerable^WEVIL (case 3): WiX Toolset's bootstrapper "burn.exe"
Top Worms and Viruses
via Sophos,
Latest MS bulletins
via Microsoft,
MS11-703 - Important: Test MNP bulletin #3 (test0703)
MS11-702 - Moderate: Test MNP bulletin #2 (test0702)
MS11-701 - Low: Test MNP bulletin #1 (test0701)
MS11-069 - Moderate: Vulnerability in .NET Framework Could Allow Information Disclosure (2567951)
MS11-068 - Moderate: Vulnerability in Windows Kernel Could Allow Denial of Service (2556532)
MS11-067 - Important: Vulnerability in Microsoft Report Viewer Could Allow Information Disclosure (2578230)
MS11-066 - Important: Vulnerability in Microsoft Chart Control Could Allow Information Disclosure (2567943)
MS11-065 - Important: Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (2570222)
MS11-064 - Important: Vulnerabilities in TCP/IP Stack Could Allow Denial of Service (2563894)
MS11-063 - Important: Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2567680)
Stock Watch
via Yahoo! Finance
Updated 1/25/2016
^ixic 4565.21 -25.97
jnpr 26.05 -0.07
symc 19.255 -0.215
csco 23.395 +0.025
ckp 6.20 -0.06
msft 52.20 -0.09
ibm 123.34 +0.84
intc 30.0938 +0.1688
amd 2.10 +0.08 9.35 -0.11
ca 26.29 -0.44
bcsi N/A N/A
vrsn 75.015 -0.195
intc 30.0938 +0.1688
CUDA 10.60 -0.09
splk 49.05 -1.18
feye 15.26 -0.77
qlys 29.43 -0.23
panw 147.56 -0.94
hpq 9.57 -0.23
impv 54.44 -3.19
pfpt 58.49 -0.87


Recent News

Hacker crew hits Uyghur, Tibet campaigns: Who is Scarlet Mimic's backer...
The Register - Security: Anti-Virus

Does its name rhyme with Threeple's Besmublic of Diner?

Security researchers have lifted the lid on an apparently Chinese government-sponsored hacking group which has progressed from targeting activists to setting its sights on foreign governm

11 Tips To Protect You From Identity Theft & Related Tax Fraud
Yahoo! News: Security News
Identity theft tops the list of taxpayer concerns for 2016. And it's not all in your head: a 2015 Identity Fraud Study, released by Javelin Strategy & Research, found that identity thieves stole $16 billion ...

Commuters slam UK rail operator c2c. You slow, late, er... privacy violator
The Register - Security: Anti-Virus

Add it to the list, under overcrowding and lateness

Commuters in the south east of England, already angry about recent timetable changes and delays, have been further incensed by basic security blunders by rail operator c2c as it tried to plac

Sainsbury's Bank web pages stuck on crappy 20th century crypto
The Register - Security: Anti-Virus

'Someone there should be beaten to a pulp with a keyboard'

Update Sainsbury's Bank website still relies on insecure cryptography protocols that more security conscious organisations have abandoned as obsolete.

Seeking Your Scholarship
RISKS Digest

Re: USC students required to detail sexual history before registering for classes
RISKS Digest

Re: Michigan IT security audit
RISKS Digest

Re: Ballot Battles: The History of Disputed Elections in the U.S.
RISKS Digest

Pound vs. Dollar vs. ASCII
RISKS Digest

The resolution of the Bitcoin experiment
RISKS Digest

Risks of impostors
RISKS Digest

Time Inc. Is in the Midst of a Replyallpocalypse
RISKS Digest

Why do people keep coming to this couple's home looking for lost phones
RISKS Digest

ColoSpgs NCIC national hub for cybersecurity
RISKS Digest

Linux bug imperils tens of millions of PCs, servers, Android phones
RISKS Digest

74% of leading US 2016 Presidential Candidates flunk privacy & data security
RISKS Digest

"Understandable but Very Wrong: Google Enables Government YouTube Censorship in Pakistan"
RISKS Digest

Pakistan lifts ban on Youtube after launch of own version
RISKS Digest

Facebook vs Indian Internet regulators
RISKS Digest

Instagram negatively impacting survival of big cats in the wild
RISKS Digest

"Windows 10 Spying is worse than I ever imagined"
RISKS Digest

Android bug
RISKS Digest

Rarely Patched Software Bugs in Home Routers Cripple Security
RISKS Digest

As More Pay by Smartphone, Banks Scramble to Keep Up
RISKS Digest

Virus hits TRMC computers
RISKS Digest

Royal Melbourne Hospital virus attack
RISKS Digest

French seem to have rejected crypto/security backdoors
RISKS Digest

Overhaul Puts Pentagon in Charge of Protecting Federal Security Clearance Data
RISKS Digest

Why no secure architectures in commodity systems?
RISKS Digest

Affinity sues Trustwave
RISKS Digest

Automakers increasing efforts to enhance safety and defend against cyberattacks
RISKS Digest

The Internet of Things that Talk About You Behind Your Back
RISKS Digest

Nest Thermostats Are Having Battery Problems and There's No Fix Yet
RISKS Digest

Roger Kemp on the Lancaster Floods
RISKS Digest

Vigil@nce - Zend Framework: two vulnerabilities, analyzed on 24/11/2015
Vigil@nce - public vulnerabilities
An attacker can use several vulnerabilities of Zend Framework.

Vigil@nce - Cordova Android: two vulnerabilities, analyzed on 24/11/2015
Vigil@nce - public vulnerabilities
An attacker can use several vulnerabilities of Cordova Android.

Vigil@nce - Symfony: two vulnerabilities, analyzed on 23/11/2015
Vigil@nce - public vulnerabilities
An attacker can use several vulnerabilities of Symfony.

Vigil@nce - Node.js milliseconds: denial of service via Regular Expression, analyzed on 23/11/2015
Vigil@nce - public vulnerabilities
An attacker can provide a complex string to Node.js milliseconds, in order to trigger a denial of service.

Vigil@nce - Android applican: two vulnerabilities, analyzed on 23/11/2015
Vigil@nce - public vulnerabilities
An attacker can use several vulnerabilities of Android applican.

Thought you were safe from the Fortinet SSH backdoor? Think again
The Register - Security: Anti-Virus

More devices are dodgy and hackers are cruising for targets

Fortinet has admitted that many more of its networking boxes have the SSH backdoor that was found hardcoded into FortiOS with FortiSwitch, FortiAnalyzer and FortiCache all vulnerable

Obama enlists Pentagon to overhaul security clearance system
Yahoo! News: Security News
The Obama administration asked the Pentagon on Friday to help overhaul the federal security clearance system, aiming to turn the page on a devastating data breach that exposed a major vulnerability for ...

The NSA has a brilliant stance on encryption
Yahoo! News: Security News
Discussionsabout the U.S. governments need for breaking encryption have intensified following the mid-November attacks in Paris. Law enforcement agencies including the FBI and politicians have challenged tech leaders from Silicon Valley to find ways to in

Airbus, Boeing aero parts maker loses $54m in cyber-stick-up
The Register - Security: Anti-Virus

The hills are alive with the sound of cursing

An Austrian engineering firm is counting the cost of poor IT security after admitting 50m ($54m) has gone missing from its accounts following a "cyber fraud."

Older News

The Latest: US top lawyer says tough to halt IS recruitment
Yahoo! News: Security News

White House turns to Pentagon in major background checks overhaul
Yahoo! News: Security News

Unitronics VisiLogic Remote Code Execution Vulnerabilities

Symfony Remote Code Access Vulnerabilities

Symantec Endpoint Protection Manager 12.1 Execute Arbitrary OS Commands Vulnerabilities

SAP HANA HTTP Login Remote Code Execution Vulnerabilities

Red Hat OpenShift Enterprise Directory Traversal Vulnerability

Red Hat Enterprise Application Platform And WildFly Memory Consumption Vulnerabilities

Oracle MySQL Server SP Vulnerabilities

Oracle Java SE Related To RMI Vulnerabilities

Oracle E-Business Suite Reports Security Vulnerabilities

OpenAFS Sensitive Information Disclosure Vulnerabilities

NVIDIA GPU Graphics Crash Vulnerability

Microsoft Internet Explorer 7 through 11 Remote Memory Corruption Vulnerability

Medicomp MEDCIN Engine Multiple Security Vulnerabilities

Jenkins Remote Code Execution Vulnerability

Internet Explorer 7 thtough 11 Remote Memory Corruption Vulnerability

IBM UrbanCode Build Cross Site Scripting Vulnerabilities

IBM Maximo Asset Privilege Escalation Vulnerabilities

Apple OS X Memory Consumption And Daemon Outage Vulnerabilities

Adobe Reader DC Continuous Execute Arbitrary Code Vulnerabilities

NSA Chief Stakes Out Pro-Encryption Position, in Contrast to FBI - Latest News

Hand-on with Kali Linux Rolling - Latest News

Tor Project raises over $200,000 in attempt to "diversify" its funding - Latest News

French say 'Non, merci' to encryption backdoors - Latest News

Rust 1.6 released, complete with a stabilised libcore
The Register - Security: Anti-Virus

Irish government websites hit by widening DDoS attacks
The Register - Security: Anti-Virus

Fewer orders at Apple suppliers could signal first iPhone sales decline
Yahoo! News: Security News

Gotcha: Symantec fires reseller nabbed in tech support scam
The Register - Security: Anti-Virus

Bounty hunters won't blink until you dangle US$1500 bug reward
The Register - Security: Anti-Virus

RSA asks for plaintext Twitter passwords on conference reg page
The Register - Security: Anti-Virus

That one weird trick fails: Google binned 780 million ads last year
The Register - Security: Anti-Virus

Hacked Uber accounts are more valuable than stolen credit cards on the dark web
Yahoo! News: Security News

GCHQ spies quashed this phone encryption because it was too good against snoopers
The Register - Security: Anti-Virus

AMX backdoors US govt's comms system with Batman-inspired surveillance mode
The Register - Security: Anti-Virus

Samsung sued over 'lackadaisical' Android security updates
The Register - Security: Anti-Virus

Simple free app alerts you when a program (or hacker) takes control of your webcam
Yahoo! News: Security News

Egypt intensifies crackdown ahead of Arab Spring anniversary
Yahoo! News: Security News

Windows Kernel Memory Elevation Of Privilege Vulnerability

Oracle Sun Solaris 11.2 NSCD Vulnerabilities

Oracle PeopleSoft Products Expense Report General Vulnerabilities

Oracle MySQL Server 5.5.45 Affect Availabilities Vulnerabilities

Oracle Fusion Middleware ADF Faces Vulnerabilities

Mozilla Firefox Multiple Security Vulnerabilities

Microsoft Office Privilege Escalation Vulnerability

IBM WebSphere EXtreme Scale Session Hijacking Vulnerabilities

IBM Sterling B2B Integrator Lickjacking Attacks Vulnerabilities

all content is copyright its respective owner or owners. the tools and components behind this page are copyright © 2003-2010 jose nazario, all rights reserved. this page is available as RSS 2.0.