SECURITY RELATED RSS FEEDS

Latest Advisories/Security Related News

 
The Register - Security
Last Downloaded: Sat, 04 Jul 2009 15:00:58 GMT.
View The Raw XML Source Of The Register - Security. hide
  McAfee false-positive glitch fells PCs worldwide  

When AV attacks

IT admins across the globe are letting out a collective groan after servers and PCs running McAfee VirusScan were brought down when the anti-virus program attack their core system files. In some cases, this caused the machines to display the dreaded blue screen of death.…

Case Study: WhatsUp keeps Legoland turnstyles ringing

  Kentucky payroll phishing scam nets small fortune  

Blue grass county hit by Trojan-fueled cybercrime

A gang of cybercrooks has made off with $415,000 from the coffers of Bullitt County, Kentucky following the conclusion of an elaborate phishing scam, The Washington Post reports.…

  Latin Best Buy surfers sprayed by drive-by download malware  

¡Ay, Caramba!

Hackers have invaded the Best Buy website to plant exploit code targeted at South and central American surfers.…

  A practical guide to disaster recovery planning  

Two papers for smaller businesses

Typically, vendor white papers are written with the ITDM or senior ITDM at a large company, in mind. [ITDM is industry jargon for "IT decision maker", since you ask.] People working at smaller companies are rather less well served, in quantity and quality. So today we focus our Reg Library selection on a couple of good papers aimed at small and medium-sized businesses.…

Case Study: WhatsUp keeps Legoland turnstyles ringing

  Hackers crack ColdFusion  

Drive-by download attack hits multiple hosts

Hackers are running a mass compromise against sites running vulnerable ColdFusion application server installations.…

  Month Of Twitter Bugs exposes microblogging flaws  

Making a hashtag of Web 2.0 security

The Month Of Twitter Bugs has begun with the publication of a flaw in a URL shortening service often used in conjunction with the microblogging service.…

Case Study: WhatsUp keeps Legoland turnstyles ringing

  Gamer embezzles virtual cash to settle real debts  

Eve Online banker does a runner

As if high-profile investment scandals and the economic downturn weren't bad enough here on Earth, now folks have to deal with it outside our galaxy. Virtually, at least.…

  iPhone crashing bug could lead to serious exploit  

More fun with SMS

Updated This story was updated to correct factual errors contained in an IDG News article that first reported the vulnerability.…

The power of collaboration within unified communications

  Speculation mounts over AVG plans for OS X client  

'Mac users have no antibodies'

AVG bosses aren't saying much, but there's new evidence the anti-virus maker is seriously considering building an application for the Mac.…

  Boomerang attack against AES better than blind chance  

Pesky algorithm not invulnerable

Cryptographic researchers have uncovered a chink in the armour of the widely used AES algorithm.…

  Spam levels bounce back after botnet takedown  

Even botnets have backup now

Spam levels are returning to normal following the recent takedown of crime-friendly ISP 3FN, which temporarily interrupted the operation of a significant spam spewing botnet.…

  China not demolishing Green Dam  

Censorware not going anywhere after all

China's controversial mandatory censorware has only been delayed rather than abandoned, according to state media.…

  Stealthy click fraud tool exploits 9ball attack  

Meet the Keyser Soze of malware

Miscreants have developed one of most sophisticated click fraud malware applications to date.…

Offloading malware protection to the cloud

  Feds: Hospital hacker's 'massive' DDoS averted  

Arrest foils 'Devil's Day' scheme

The leader of a malicious hacker collective who used his job as a security guard to breach sensitive Texas hospital computers has been arrested just days before his group planned a "massive DDoS" attack for the July 4 Independence Day holiday.…

  Jackson mass mailer adds to attack onslaught  

More zombies than the Thriller video

Miscreants have created a Michael Jackson mass-mailing worm.…

  Torrentreactor breach serves potent exploit cocktail  

iframe redirection redux

Torrentreactor has long been regarded as one of the top bit torrent search engines, and with the demise of The Pirate Bay, it's likely bigger than ever. Now, it's been breached and is serving a potent cocktail of exploits to people browsing the site, Websense Security Labs says.…

  Kaspersky beats Zango in malware classification case  

Right to call spade a digging implement won

Kaspersky Lab has secured a legal victory against notorious adware firm Zango, with a ruling that goes a long way towards protecting security software developers from nuisance lawsuits from the developers of internet pests in future.…

  Conficker left Manchester unable to issue traffic tickets  

Infection cost £1.5m in total

Manchester City Council was prevented from issuing hundreds of motoring penalty notices in time after the infamous Conficker worm knocked out parts of its IT systems.…

  China spam crisis provokes researcher's ire  

Name and shame campaign aims to change attitudes

A security researcher is calling for action against Chinese internet firms which are failing to protect their services from abuse by cybercrooks.…

  Rolling Stone allegedly DDoSed for negative story  

Perverted Justice

Federal prosecutors accused a Pennsylvania man of unleashing a crippling series of attacks against the websites of Rolling Stone and other groups after they published articles that cast him in an unfavorable light.…

 
SecurityFocus News
Last Downloaded: Sat, 04 Jul 2009 14:04:55 GMT.
View The Raw XML Source Of SecurityFocus News. hide
  News: FTC persuades court to shutter rogue ISP  FTC persuades court to shutter rogue ISP
  News: Obama launches cybersecurity initiative  Obama launches cybersecurity initiative
  News: Browsers bashed first in hacking contest   Browsers bashed first in hacking contest

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909
  News: Experts: U.S. needs to defend its "cyber turf"  Experts: U.S. needs to defend its "cyber turf"
  Brief: Researcher aims to tweet Month of Bugs  Researcher aims to tweet Month of Bugs
  Brief: Mozilla adds more privacy in Firefox 3.5   Mozilla adds more privacy in Firefox 3.5

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909
  Brief: Juniper pulls talk on ATM vulnerabilities  Juniper pulls talk on ATM vulnerabilities
  Brief: Jackson searches resemble attack to Google  Jackson searches resemble attack to Google
  News: iPhone crashing bug could lead to serious exploit   iPhone crashing bug could lead to serious exploit

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909
  News: OpenSSH chink bares encrypted data packets  OpenSSH chink bares encrypted data packets
  News: Kaspersky exposes sensitive database, says hacker  Kaspersky exposes sensitive database, says hacker
  News: RFID passports cloned wholesale   RFID passports cloned wholesale

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909
  Infocus: Enterprise Intrusion Analysis, Part One  Enterprise Intrusion Analysis, Part One
  Infocus: Responding to a Brute Force SSH Attack  Responding to a Brute Force SSH Attack
  Infocus: Data Recovery on Linux and ext3   Data Recovery on Linux and <i>ext3</i>

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909
  Infocus: WiMax: Just Another Security Challenge?  WiMax: Just Another Security Challenge?
  Mark Rasch: Hacker-Tool Law Still Does Little  Hacker-Tool Law Still Does Little
  Gunter Ollmann: A Botnet by Any Other Name   A Botnet by Any Other Name

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909
  Jeffrey Carr: Projecting Borders into Cyberspace  Projecting Borders into Cyberspace
  Adam O'Donnell: Celebrity Viruses Improve Security  Celebrity Viruses Improve Security
powered by zFeeder


Latest Security Files/Exploits

 
Packet Storm Security Last 20
Last Downloaded: Sat, 04 Jul 2009 15:00:58 GMT.
View The Raw XML Source Of Packet Storm Security Last 20. hide
  soulseek157-psexec.txt  Soulseek versions 157 NS below 13e and all versions of 156 suffer from a remote peer search code execution vulnerability.
  shopcartdx430-sql.txt  Remote SQL injection exploit for ShopCartDx version 4.30 that leverages product_detail.php. This particular vulnerability was priorly discovered but further research has been performed.
  shopcartdx430-blindsql.txt  Remote blind SQL injection exploit for ShopCartDx version 4.30 that leverages product_detail.php.
  cve-2008-3531.c  Local root exploit for FreeBSD nmount(). This affects FreeBSD 7.0-RELEASE and 7.0-STABLE.
  axesstel-bypass.txt  The Axesstel MV 410R protects from malicious input by leveraging javascript, allowing an attacker to bypass all of this easily. The device is also susceptible to permanent cross site scripting vulnerabilities.
  opialaid-sql.txt  Opial version 1.0 suffers from a remote SQL injection vulnerability.
  glsa-200907-02.txt  Gentoo Linux Security Advisory GLSA 200907-02 - Two vulnerabilities in ModSecurity might lead to a Denial of Service. Versions less than 2.5.9 are affected.
  glsa-200907-01.txt  Gentoo Linux Security Advisory GLSA 200907-01 - libwmf bundles an old GD version which contains a use-after-free vulnerability. The embedded fork of the GD library introduced a use-after-free vulnerability in a modification which is specific to libwmf. Versions less than 0.2.8.4-r3 are affected.
  rentventory-sql.txt  Rentventory PHP suffers from multiple remote SQL injection vulnerabilities.
  petite-sql.txt  This paper is a small SQL injection tutorial and is written in French.
  oCERT-2009-009.txt  CamlImages versions 2.2 and below suffer from several integer overflows which may lead to a potentially exploitable heap overflow and result in arbitrary code execution. The vulnerability is triggered by PNG image parsing, the read_png_file and read_png_file_as_rgb24 functions do not properly validate the width and height of the image. Specific PNG images with large width and height can be crafted to trigger the vulnerability.
  USN-795-1.txt  Ubuntu Security Notice USN-795-1 - It was discovered that Nagios did not properly parse certain commands submitted using the WAP web interface. An authenticated user could exploit this flaw and execute arbitrary programs on the server.
  USN-794-1.txt  Ubuntu Security Notice USN-794-1 - It was discovered that the Compress::Raw::Zlib Perl module incorrectly handled certain zlib compressed streams. If a user or automated system were tricked into processing a specially crafted compressed stream or file, a remote attacker could crash the application, leading to a denial of service.
  joomla1512-xss.txt  Joomla! versions prior to 1.5.12 suffer from multiple cross site scripting vulnerabilities in relation to HTTP headers.
  HPSBUX02431-SSRT090085.txt  HP Security Bulletin - Potential security vulnerabilities have been identified with HP-UX running Apache-based Web Server or Tomcat-based Servelet Engine. The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS), or execution of arbitrary code. Apache-based Web Server and Tomcat-based Servelet Engine are contained in the Apache Web Server Suite.
  HPSBUX02440-SSRT090106.txt  HP Security Bulletin - A potential security vulnerability has been identified with NFS/ONCplus running on HP-UX. The vulnerability could be exploited locally to create a Denial of Service (DoS).
  USN-793-1.txt  Ubuntu Security Notice USN-793-1 - Multiple vulnerabilities associated with the Linux 2.6 kernel have been addressed. These issues range from arbitrary code execution to denial of service vulnerabilities.
  opial-sql.txt  Opial version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
  sourcefire-escalate.txt  Sourcefire 3D Sensor and Defense Center versions 4.8.1 and below suffer from a privilege escalation vulnerability.
  adminlog-bypass.txt  AdminLog version 0.5 suffers from an authentication bypass vulnerability.
powered by zFeeder