Internet Storm Center
Training
Certification
Cyber Security Graduate School
Security Awareness Training
Computer Forensics
Penetration Testing
IT Audit
Software Security
We also offer the following RSS Feeds:
- ISC Diaries (headline + first sentence)
- ISC Diaries with content (headline + full content)
- Security News Feeds (same as the 'Last 20' list here)
We do collect a number of security related news feeds in this page. To suggest additional news sources or suggest other changes, use our contact form. We try hard to keep the feeds RSS, XML, CSS, RFC, IETF, ISO, DIN, TüV, ANSI compliant, but may fail occasionally. Let us know if things don't work for you and we may fix it.
Last 20
- CVE-2010-4562 (windows_2000, windows_2003_server, windows_7, windows_server_2008, windows_vista,...)
- CVE-2010-4563 (linux_kernel)
- CVE-2011-2393 (freebsd, netbsd)
- CVE-2012-0975 (image_hosting_script_dpi)
- CVE-2012-0976 (silverstripe)
- CVE-2012-0977 (lurawave_jp2_activex_control)
- CVE-2011-3444 (mac_os_x, mac_os_x_server)
- CVE-2011-3446 (mac_os_x, mac_os_x_server)
- CVE-2011-3447 (mac_os_x, mac_os_x_server)
- CVE-2011-3448 (mac_os_x, mac_os_x_server)
- CVE-2011-3449 (mac_os_x, mac_os_x_server)
- CVE-2011-3450 (mac_os_x, mac_os_x_server)
- CVE-2011-3452 (mac_os_x, mac_os_x_server)
- CVE-2011-3453 (mac_os_x, mac_os_x_server)
- CVE-2011-3457 (mac_os_x, mac_os_x_server)
- CVE-2011-3458 (mac_os_x, mac_os_x_server)
- CVE-2011-3459 (mac_os_x, mac_os_x_server)
- CVE-2011-3460 (mac_os_x, mac_os_x_server)
- CVE-2011-3462 (mac_os_x, mac_os_x_server)
- CVE-2011-3463 (mac_os_x, mac_os_x_server)
InternetStormCenter
- Apple Security Advisory 2012-001 v1.1, (Sat, Feb 4th)
- Critical PHP bug patched, (Fri, Feb 3rd)
- ISC StormCast for Friday, February 3rd 2012 http://isc.sans.edu/podcastdetail.html?id=2302, (Fri, Feb 3rd)
- Sophos 2012 Security Threat Report, (Fri, Feb 3rd)
- ISC StormCast for Thursday, February 2nd 2012 http://isc.sans.edu/podcastdetail.html?id=2299, (Thu, Feb 2nd)
- New Poll - What security issue concerns you the most this year?, (Fri, Feb 3rd)
- PHP 5.3.10 Released, Fixes CVE-2012-0830 available for download http://www.php.net/archive/2012.php#id2012-02-02-1, (Fri, Feb 3rd)
- Apple and Apache security fixes and releases, (Wed, Feb 1st)
- ISC Feature of the Week: ISC Search, (Wed, Feb 1st)
- ISC StormCast for Wednesday, February 1st 2012 http://isc.sans.edu/podcastdetail.html?id=2296, (Wed, Feb 1st)
- Oracle Security Alert: http://www.oracle.com/technetwork/topics/security/alert-cve-2011-5035-1506603.html, (Wed, Feb 1st)
- Firefox 10 and VMWare advisories and updates, (Tue, Jan 31st)
- ISC StormCast for Tuesday, January 31st 2012 http://isc.sans.edu/podcastdetail.html?id=2293, (Tue, Jan 31st)
- ISC StormCast for Monday, January 30th 2012 http://isc.sans.edu/podcastdetail.html?id=2290, (Mon, Jan 30th)
- OSINT tactics: parsing from FOCA for Maltego, (Tue, Jan 31st)
- See SpiderLabs blog post regarding HOIC DDoS Analysis and Detection http://blog.spiderlabs.com/2012/01/hoic-ddos-analysis-and-detection.html, (Tue, Jan 31st)
- CISCO Ironport C & M Series telnet vulnerability, (Fri, Jan 27th)
- SSH Password attacks using domain name elements as userid, (Fri, Jan 27th)
- ISC Feature of the Week: ISC Link Back, (Wed, Jan 25th)
- ISC StormCast for Friday, January 27th 2012 http://isc.sans.edu/podcastdetail.html?id=2287, (Fri, Jan 27th)
SANS Newsbites
- Apple Issues Security Updates (February 2, 2012)
- FDIC Issues Warning About Risky Payment Processors (February 1, 2012)
- Google to Block Blogs on a Country-by-Country Basis (January 31 & February 3, 2012)
- Google Won't Remove Apps with Counterclank Adware From Android Market (January 31 & February 1, 2012)
- Kelihos Botnet Regaining Momentum (February 1 & 3, 2012)
- Kernell's Appeal to Overturn Obstruction of Justice Conviction Denied (January 30 & February 2, 2012)
- Mozilla Releases Firefox 10.0 (February 1, 2012)
- Pirate Bay Founders' Prison Sentences Stand (February 1, 2012)
- Romanian Police Arrest Alleged NASA and Pentagon Hacker (January 31 & February 1, 2012)
- Spear Phishing Attack Plants Trojan on Targeted Computers (February 1, 2012)
- Symantec Issues Hotfixes for pcAnywhere (February 1 & 2, 2012)
- Verisign Admits Breaches in SEC Filing (February 2, 2012)
- Carrier IQ Controversy Prompts Phone Privacy Bill (January 30, 2012)
- Counterclank is Adware, Not Malware (January 27 & 30, 2012)'
- FINRA Exhorts Brokerages to Deploy Stronger Authentication for Online Transactions (January 27, 2012)
- Group Pushes Anti-Phishing Specifications (January 30 & 31, 2012)
- High School Students Arrested for Alleged Computer Intrusion and Grade Altering (January 27, 2012)
- Man Accused of Running Botnet Maintains His Innocence (January 27 & 30, 2012)
- Twitter Aims for Transparency in Making DMCA Takedown Notices Public (January 27, 2012)
- University of Hawaii Reaches Settlement Over Data Breaches (January 27, 2012)
SANS @Risk
- (1) MEDIUM: Mozilla Firefox Multiple Security Vulnerabilities
- (2) MEDIUM: Symantec PCAnywhere Buffer Overflow
- (1) MEDIUM: Google Chrome Stable Channel Updates
- (3) HIGH: HP Easy Printer Care Multiple ActiveX Vulnerabilities
- (2) HIGH: McAfee Security-as-a-Service ActiveX Control
- (1) HIGH: HP Insight Diagnostics Buffer Overflow
- (1) MEDIUM: ASP.NET Authentication Bypass
- (1) MEDIUM: VideoLan VLC get_chunk_header Double-Free Vulnerability
- (1) HIGH: Microsoft Windows 7 win32k.sys Memory Corruption Vulnerability
- (2) HIGH: Adobe Reader Memory Corruption Vulnerability
- (3) HIGH: Mozilla Firefox Multiple Security Vulnerabilities
- (4) MEDIUM: Google Chrome Stable Channel Updates
- (4) MEDIUM: HP OpenView Network Node Manager Heap Buffer Overflow
- (3) MEDIUM: Apple QuickTime Font Table Signed Length Vulnerability
- (2) HIGH: Microsoft Multiple Products Multiple Security Vulnerabilities
- (1) HIGH: Adobe Reader Unspecified Vulnerability
- (1) HIGH: Adobe U3D Memory Corruption Vulnerability
- (2) MEDIUM: Trend Micro Control Manager Buffer Overflow Vulnerability
- (1) MEDIUM: RealNetworks RealPlayer Multiple Vulnerabilities
- (1) MEDIUM: RealNetworks RealPlayer Multiple Security Vulnerabilities
SANS Reading Room
- Using SNORT® for intrusion detection in MODBUS TCP/IP communications
- Securing Blackboard Learn on Linux
- Computer Forensic Timeline Analysis with Tapestry
- Using Web Application Firewall to detect and block common web application attacks
- iPad Security Settings And Risk Review For iOS 4.X
- A Detailed Analysis of an Advanced Persistent Threat Malware
- A Process for Continuous Improvement Using Log Analysis
- Cloud Computing - Maze in the Haze
- A Detail Analysis of an Advanced Persistent Threat Malware
- Net Neutrality, Rest in Peace
- Mitigating Browser Based Exploits through Behavior Based Defenses and Hardware Virtualization
- Securely Deploying Android Devices
- Using SSL to Secure LDAP Traffic to Microsoft Domain Controllers
- Secure Browsing Environment
- OS fingerprinting with IPv6
- Rationally Opting for the Insecure Alternative: Negative Externalities and the Selection of Security Controls
- Base64 Can Get You Pwned
- Denial of Service attacks and mitigation techniques: Real time implementation with detailed analysis
- An Experimental Study of Detecting and Correlating Different Intrusions
- Reverse Engineering Of Malware On Android
Application Security Streetfighter Blog
- Dealing with security vulnerabilities … er… bugs
- Software Security starts with Software Quality
- ASP.Net Forms Authentication Bypass
- ASP.Net Insecure Redirect
- Seven Tips for Picking a Static Analysis Tool
- Apple’s iCloud: Thoughts on Security and the Storage APIs
- Real and useful security help for software developers
- Bypassing ValidateRequest in ASP.NET
- Commenting Server Controls in ASP.Net
- Dealing with security vulnerabilies … er… bugs
- Password Tracking in Malicious iOS Apps
- Spot the Vuln – Boundaries
- Spot the Vuln – Boundaries – SQL Injection
- Spot the Vuln – Floods
- Spot the Vuln – Floods – SQL Injection
- Spot the Vuln – Grammys – Cross Site Scripting
- The C14N challenge
- Exchanging and sharing of assessment results
- Insecure Handling of URL Schemes in Appleʼs iOS
- Weekly Roundup of @Risk Web Application Vulnerabilities
CGISecurity.com
- Secure Application Development on Facebook Platform
- TJX Hacker Gets Pwned, 20 Years In Prison
- Random FireFox URL handling Behavior
- Cryptography experts bicker with former NSA director at RSA panel
- Watcher 1.3.0 passive Web-vulnerability testing tool released
- Web Security Dojo v1.0 release
- XSS, SQL Injection and Fuzzing Barcode Cheat Sheet
- Multiple Adobe products vulnerable to XML External Entity Injection And XML Injection
- Post on Abusing Windows Communication Foundation to Perform Remote Port Scans
- 2010 SANS Top 25 Most Dangerous Programming Errors Released
- Larry Suto Web Application Security Scanner Comparison Report Inaccurate Vendors Say
- R.I.P. Apache 1.x: Apache 1.3.42 marks of end life
- Nikto version 2.1.1 released
- Weaning the Web off of Session Cookies Making Digest Authentication Viable
- WASC RSA Meet-Up 2010!
- Facebook security pretty much what you'd expect?
- Hacker Messes With Student's Schedule
- WASC Threat Classification to OWASP Top Ten RC1 Mapping
- Announcement: WASC Threat Classification v2 is Out!
- Stephen Watt sentenced to 2 years in prison for role in TJX
E-Week Security
- VeriSign Management Was 'Out of the Loop' About 2010 Data Breaches
- Google Bouncer Finds, Blocks Malicious Apps From Android Market
- DLP Technologies Not Sufficient for Enterprise Without User Buy-In
- Facebook Scammers Create Fake Profiles to Spam Users, Clickjacking
- Apple Fixes 52 Bugs in OS X Snow Leopard, Lion in Security Update
- Google, Microsoft Spar Over Privacy Policy Claims
- Oracle Patches DoS Flaw in Database 10g, WebLogic, iPlanet
- Mobile Data Security: 10 Tips to Avoid Prying Eyes at the U.S. Border
- Trojan Targets Industry, Government With Fake Conference Invitations
- WatchGuard Launches XTM 33 Security Appliance
- Facebook Discloses Hacking, Spam as Business Risks in IPO Documents
- Wave Systems Launches Cloud-Based Encryption Management Platform
- Google Tells Congress It's Changing Privacy Policies, Not Practices
- Investors Warned of Email Accounts Being Hacked to Illegally Transfer Funds
- Rising Cyber-War Threat Forcing Nations to Bolster Defenses: McAfee
- Stop SOPA, PIPA Madness: Ways to Sensibly Protect Copyrights
- Android.Counterclank an Aggressive Mobile Ad Network, Not Malware: Lookout
- Google, EU Data Privacy Policies Lead Week's Security News
- Google, Microsoft Team Up to Fight Phishing, Spoofed Emails With DMARC
- McAfee Updates Mobile Security With Remote Tracking, Data Wipes
Network Computing Security
- HP and Cisco Take Different Paths To SDN
- Semantic Technology Key To Mastering Data Growth, Analysis
- Cisco Expands 40, 100 GbE Switching Portfolios
- CommVault Simpana Adds Mobility, Backup Capabilities
- OASIS Targets Cloud Portability
- Why I Like Juniper's QFabric (And A Mea Culpa)
- 5 Basic Switch Settings You Must Know
- Governments Missing Out On Virtualization Savings
- RightNow To Help Oracle Create Raving Fans
- Brocade ADX 12.4 Improves App Delivery
- HP Storage Tech Day
- Numara Acquisition Opens Up Midmarket To BMC SaaS
- Riverbed Virtualizes Cascade
- Scale Computing: New Twists To Scale-Out Storage For The Mid-Market
- How NetFlow Keeps Networks Running, People Alive
- Prepare The Mobile Ship For Ludicrous Speed!
- Virtualization, Cloud Having Little Impact On Databases
- Basics: Five Switching Settings You Must Know
- Alas, Poor Virtensys, I Knew Virtual I/O Horatio
- Intel Makes Exascale Bet on InfinBand-Based Supercomputing
Microsoft
- MS11-098 - Important : Vulnerability in Windows Kernel Could Allow Elevation of Privilege (2633171) - Version: 1.1
- MS11-100 - Critical : Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2638420) - Version: 1.3
- MS12-004 - Critical : Vulnerabilities in Windows Media Could Allow Remote Code Execution (2636391) - Version: 1.2
- MS11-025 - Important : Vulnerability in Microsoft Foundation Class (MFC) Library Could Allow Remote Code Execution (2500212) - Version: 4.2
- MS11-049 - Important : Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure (2543893) - Version: 2.3
- MS11-049 - Important : Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure (2543893) - Version: 2.2
- MS12-006 - Important : Vulnerability in SSL/TLS Could Allow Information Disclosure (2643584) - Version: 1.1
- MS11-100 - Critical : Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2638420) - Version: 1.2
- MS12-007 - Important : Vulnerability in AntiXSS Library Could Allow Information Disclosure (2607664) - Version: 2.1
- MS12-004 - Critical : Vulnerabilities in Windows Media Could Allow Remote Code Execution (2636391) - Version: 1.1
- MS12-007 - Important : Vulnerability in AntiXSS Library Could Allow Information Disclosure (2607664) - Version: 2.0
- MS11-099 - Important : Cumulative Security Update for Internet Explorer (2618444) - Version: 1.2
- MS12-001 - Important : Vulnerability in Windows Kernel Could Allow Security Feature Bypass (2644615) - Version: 1.0
- MS12-002 - Important : Vulnerability in Windows Object Packager Could Allow Remote Code Execution (2603381) - Version: 1.0
- MS12-003 - Important : Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2646524) - Version: 1.0
- MS12-004 - Critical : Vulnerabilities in Windows Media Could Allow Remote Code Execution (2636391) - Version: 1.0
- MS12-005 - Important : Vulnerability in Microsoft Windows Could Allow Remote Code Execution (2584146) - Version: 1.0
- MS12-006 - Important : Vulnerability in SSL/TLS Could Allow Information Disclosure (2643584) - Version: 1.0
- MS12-007 - Important : Vulnerability in AntiXSS Library Could Allow Information Disclosure (2607664) - Version: 1.0
- MS11-100 - Critical : Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2638420) - Version: 1.1
milw0rm
- BigAnt Server <= 2.50 SP6 Local (ZIP File) Buffer Overflow PoC #2
- Joomla com_jinc (newsid) Blind SQL Injection Vulnerability
- Joomla com_mytube (user_id) Blind SQL Injection Exploit
- Snort < 2.8.5 Unified1 Output Denial of Service Exploit
- Loggix Project <= 9.4.5 Multiple Remote File Inclusion Vulnerabilities
- WX Guest Book 1.1.208 (SQL/XSS) Multiple Remote Vulnerabilities
- ProdLer <= 2.0 (prodler.class.php sPath) RFI Vulnerability
- CMScontrol 7.x (index.php id_menu) SQL Injection Vulnerability
- cP Creator 2.7.1 (Cookie tickets) Remote SQL Injection Exploit
- BAROSmini 0.32.595 Remote File Inclusion Vulnerabilities
- Winplot (.wp2 File) Local Buffer Overflow Exploit
- Joomla com_jbudgetsmagic (bid) Remote SQL Injection Vulnerability
- DDL CMS 1.0 Multiple Remote File Inclusion Vulnerabilities
- Joomla com_surveymanager (stype) SQL Injection Vulnerability
- FSphp 0.2.1 Multiple Remote File Inclusion Vulnerabilities
- FanUpdate 2.2.1 (show-cat.php listingid) SQL Injection Vuln
- Xerver HTTP Server 4.32 Remote Denial of Service Vulnerability
- Xerver HTTP Server 4.32 XSS / Directory Traversal Vulnerabilities
- Xerver HTTP Server <= 2.50 SP6 Remote Denial of Service Vulnerability
- ClearSite 4.50 (cs_base_path) Remote File Inclusion Vulnerability
NetworkWorld Virus/Worms
- Intego: 2011 offered bumper crop of Mac malware
- Accused Kelihos botmaster's former employer 'angered' at revelation
- Security history: Nothing like an old-fashioned boot sector virus
- Social engineering attacks on the enterprise are trending upward
- Antivirus software sales expected to show strong growth in 2012
- Facebook easily infiltrated by data-harvesting bots, researchers find
- Peer-to-peer update to Zeus Trojan confers resistance to take-downs
- German officials admit to deploying intercept software
- Firefox advises users to disable McAfee plugin
- Google highlights trouble in detecting Web-based malware
- US and UK zombies demand top dollar
- Black Hat: Researcher picks apart Sophos antivirus package
- Malwarebytes preps enterprise edition of PC-cleaning software
- Google building Postini features into Apps
- Botmaster's extravagant spending attracted police
- Traditional host-based anti-virus software losing luster?
- Google builds developer tool to flag Web app vulnerabilities
- Feds seize Swiss bank account of scareware mogul
- Warning: Urgent Microsoft update may be Firefox malware
- 5 ways to stay safe from fake anti-virus malware attack on Macintosh
NetworkWorld Security
- Anonymous releases recording between FBI, UK law enforcement
- Google finally scans malware-ridden Android Market
- Google reveals Android malware 'Bouncer,' scans all apps
- Google won't delay new privacy policy despite EU concerns
- Lawsuit raises questions about email privacy at work
- Leaked EU memo highlights concerns over data retention law
- Managing the unmanageable
- PHP 5.3.10 fixes critical remote code execution vulnerability
- SaaS, APTs and Asymmetric Risk Take Spotlight at Security Threats 2012
- Symantec warns of Android Trojans that mutate with every download
- 10 tips for offsite meeting security
- 4 Ways to Prevent Domain Name Hijacking
- HTC Android phone flaw fix not coming until next week for some
- Ice IX banking Trojan steals info that enables fraudsters to hijack phone calls
- RFID Credit Cards Are Easy Prey for Hackers, Demo Shows
- Symantec recants Android malware claims
- Trojan found breaking Yahoo CAPTCHA security in minutes
- What Is Deep Packet Inspection?
- For 'Malware as a Service' merchants, business is booming
- IRS helps bust 105 people in massive identity theft crackdown
NWC Security
- Anti-Spam Server Fits The Job
- Rolling Review: Patch Up Your Windows
- Rolling Review: LANDesk Patch Manager
- StillSecure Steps Up
- Rolling Review: BigFix Enterprise Suite 7.0.7.96
- 7 Whole-Disk Encryption Apps Put A Lock On Data
- Rolling Review Kickoff: Network Behavior Analysis Systems
- Rollout: Mazu Profiler 8
- From The Labs: Palo Alto's Firewall Appliance
- Nevis Nails In-Band NAC
- Rolling Review: Shavlik Technologies NetChk Protect 5.9
- In-Band NAC: Three Products You Should Know About
- Log Management Gets SLIM
- Rolling Review: Host-Based NAC
- Vernier's In-Band NAC Product Takes Work
- Rollout: Vernier Networks' Control Server and EdgeWall 8800
- Analysis: PC Control
- PatchLink's Sanctuary
- RippleTech's Informant
- Identity Theft Has Gone to the Dogs
The Register
- 'We're totally in LA pissing people off'
- Anonymous hackers leak Scotland Yard-FBI conference call
- Apple FileVault cracked in under an hour by forensics biz
- Biz urged to blast DNSChanger Trojans before safety net comes down
- Mother charged with selling fake Facebook stock
- Satellite phones lift skirt, flash cipher secrets at boffins
- Demand for safety kitemark on software stepped up
- Facebook warns investors of potential SPAM DELUGE
- Kelihos botnet BACK FROM THE DEAD
- Met's email hack probe turns spotlight on <cite>The Times</cite> - MP
- New Trojan routes your bank's calls to CROOKS
- Symantec: We've plugged up pcAnywhere holes
- Verisign admits 2010 hack attack, mum on what was nicked
- Expert to finger air steward commentards who 'harassed' pilot
- Fairfax bunkers down after alleged hack
- Fraud baron forced henchmen into S&M orgies to prove loyalty – cops
- MasterCard joins Visa in pushing PINs into America
- Microsoft ad campaign savages Google over privacy
- OFFICIAL: Smart meters won't be compulsory
- Romanian cops cuff suspected serial hacker TinKode
Secunia Vulnerabilities
- [3/5] Fedora update for dnsmasq
- [3/5] Fedora update for fail2ban
- [2/5] Debian update for websvn
- [2/5] Openfiler "redirect" Cross-Site Scripting Vulnerability
- [1/5] Gentoo update for valgrind
- [2/5] UniversalIndentGUI "SettingsPaths::init()" Insecure Temporary Files
- [3/5] Free Joke Script Multiple SQL Injection Vulnerabilities
- [3/5] PHP Krazy Image Host Script "id" SQL Injection Vulnerability
- [3/5] Swann DVR4-SecuraNet Directory Traversal Vulnerability
- [2/5] Sun Java System Directory Server Directory Proxy Server Denial of Service
- [2/5] Sun Solaris / SEAM Kerberos PAM Module Privilege Escalation
- [2/5] IBM HTTP Server "mod_proxy_ftp" Cross-Site Scripting Vulnerability
- [2/5] IBM WebSphere Application Server "PerfServlet" Information Disclosure
- [3/5] Gentoo update for xterm
- [3/5] Fedora update for moodle
- [3/5] Ubuntu update for php5
- [1/5] Fedora update for asterisk and dahdi-tools
- [2/5] Fedora update for python-fedora
- [2/5] Ubuntu update for pam-krb5
- [4/5] Mac OS X update for Java
Secunia Viruses
SecurityFocus News
- News: Change in Focus
- News: Google: 'no timetable' on China talks
- News: 'Severe' OpenSSL vuln busts public key crypto
- News: Monster botnet held 800,000 people's details
- News: Latvian hacker tweets hard on banking whistle
- News: MS uses court order to take out Waledac botnet
- News: Almost 2,500 firms breached in ongoing hack attack
- News: Two Chinese schools implicated in Google Aurora attacks
- News: Adobe pushes out Flash security fix
- Brief: Google offers bounty on browser bugs
- News: CIA, PayPal under bizarre SSL assault
- News: Most consumers reuse banking passwords
- Brief: Cyberattacks from U.S. "greatest concern"
- Brief: Microsoft patches as fraudsters target IE flaw
- Brief: MS readies patch, as fraudsters target IE flaw
- Brief: Attack on IE 0-day refined by researchers
- Brief: IE flaw gave attackers entry, says McAfee
- Brief: Law firm suing China suffers attack
- Brief: Microsoft, Oracle, Adobe issue patches
- Brief: Google, Adobe attacked through China
SecurityFocus Vulnerabilities
- Bugtraq: ESA-2012-010: EMC Documentum xPlore information disclosure vulnerability
- Bugtraq: RFC 6528 on Defending against Sequence Number Attacks
- Bugtraq: [ MDVSA-2012:013 ] mozilla
- Bugtraq: [SECURITY] [DSA 2403-1] php5 security update
- Vuln: Joomla! Multiple Information Disclosure Vulnerabilities
- Vuln: Mozilla Firefox/SeaMonkey/Thunderbird XPConnect Security Check Cross Domain Scripting Vulnerability
- Bugtraq: GLSA (Gentoo Linux Security Advisory) publication changes
- Bugtraq: [ MDVSA-2012:012 ] apache
- Bugtraq: [CAL-2012-0004] opera array integer overflow
- Bugtraq: [security bulletin] HPSBMU02739 SSRT100280 rev.1 - HP Data Protector Media Operations, Remote Execution of Arbitrary Code
- Vuln: Mozilla Firefox IPv6 Literal Syntax Cross Domain Information Disclosure Vulnerability
- Vuln: Mozilla Firefox/Thunderbird/Seamonkey Multiple Memory Corruption Vulnerabilities
- Vuln: PHP 'php_register_variable_ex()' Function Arbitrary Code Execution Vulnerability
- Bugtraq: 802.1X password exploit on many HTC Android devices
- Bugtraq: ESA-2012-009: EMC Documentum Content Server privilege elevation vulnerability
- Bugtraq: Multiple vulnerabilities in OpenEMR
- Bugtraq: Security advisory for Bugzilla 4.2rc2, 4.0.4, 3.6.8 and 3.4.14
- Vuln: cURL/libcURL GSS/Negotiate Feature Spoofing Security Vulnerability
- Vuln: Subversion 'mod_dav_svn' Multiple Denial of Service and Information Disclosure Vulnerabilities
- Bugtraq: VMSA-2012-0001 VMware ESXi and ESX updates to third party library and ESX Service Console
SecurityForest
- User talk:Sijialgc88
- User talk:Sijialgc89
- User talk:Sijialgc90
- User talk:Sijialgc91
- User talk:Sijialgc92
- User talk:Sijialgc93
- User talk:Sijialgc94
- User talk:Sijialgc95
- User talk:Sijialgc96
- User talk:Sijialgc97
- User talk:Sijialgc98
- User talk:Sijialgc99
- User talk:Fengliucaot49
- User talk:Fengliucaot50
- User talk:Sijialgc
- User talk:Sijialgc1
- User talk:Sijialgc2
- User talk:Sijialgc3
- User talk:Sijialgc4
- User talk:Sijialgc5
SecurityNewsPortal
- New release of Intellitactics Security Manager features security know how
- Ubuntu Security Notice - pptpd vulnerability (USN-459-1)
- Verizon Business to acquire Cybertrust and ICSA Labs
- Cisco Security Response - HTTP Full-Width and Half-Width Unicode Encoding Evasion
- Criminologists pwn AusCERT
- Former Oracle VP pays $198,000 in trading charge
- Google Warns of Web Malware Epidemic
- Microsoft desperate, says target OpenOffice.org
- Players in potential patent battle hunker down
- Re: What RedHat doesnt want you to know about ExecShield (without NX)
- Re: [Dailydave] What RedHat doesnt want you to know about ExecShield (without NX)
- RE: Apple Safari on MacOSX may reveal users saved passwords
- Researcher: Apple TV, iTunes video dead ends
- Some Windows users get system freeze with May patches
- U.S. piracy crackdown nets 50th conviction
- Windows Update used to download malware updates
- Wordpress Akismet XSS flaw
- [USN-459-1] pptpd vulnerability
- AGs Ask MySpace For Predator Data
- Exchange Server 2007 Webcast Series - Most Frequently Asked Follow Up Questions (1 - 6)
Stupidsecurity
- FBI Tells Wikipedia to Remove FBI Seal from Wikipedia
- *Way* beyond stupid.... Military banned from wikileaks
- Man prints fake pilot's license on printer at home, flies commercial jets for 13 years
- Note on security gate... with code.
- Airport scanners being misused--quelle surprise!!
- Homeland Security out of a job?
- Arabic-language flashcards don't fly with TSA
- TSA Worker Fired For "White Powder" Prank
- TSA Logo Competition
- 8 year old on watch list
- Roundup of Web "Security" Articles
- Full Body Scanners - Millimeter Waves Pass Through Powder
- Slovak Air Security Test Goes Very Wrong
- Books banned on Canada flights to US
- TSA Says Historical Canal Mule Skinners Need Biometric ID
- Former Asst. Chief of Police asks TSA "Do I have to submit to this search?"
- Hospital Baby Abduction Security
- Iraq Swears by Bomb Detector U.S. Sees as Useless
- XKCD on airport security
- Fake Card-readers In a Hotel Elevator
US-Cert Alerts
- SA12-010A: Microsoft Updates for Multiple Vulnerabilities
- SA12-006A: Wi-Fi Protected Setup (WPS) Vulnerable to Brute-Force Attack
- SA11-350A: Adobe Updates for Multiple Vulnerabilities
- SA11-347A: Microsoft Updates for Multiple Vulnerabilities
- SA11-312A: Microsoft Updates for Multiple Vulnerabilities
- SA11-286A: Apple Updates for Multiple Vulnerabilities
- SA11-284A: Microsoft Updates for Multiple Vulnerabilities
- SA11-256A: Microsoft Updates for Multiple Vulnerabilities
- SA11-222A: Adobe Updates for Multiple Vulnerabilities
- SA11-221A: Microsoft Updates for Multiple Vulnerabilities
- SA11-193A: Microsoft Updates for Multiple Vulnerabilities
- SA11-165A: Microsoft Updates for Multiple Vulnerabilities
- SA11-166A: Adobe Updates for Multiple Vulnerabilities
- SA11-130A: Microsoft Updates for Multiple Vulnerabilities
- SA11-102A: Microsoft Updates for Multiple Vulnerabilities
- SA11-067A: Microsoft Updates for Multiple Vulnerabilities
- SA11-039A: Microsoft Updates for Multiple Vulnerabilities
- SA11-011A: Microsoft Updates for Multiple Vulnerabilities
- SA10-348A: Microsoft Updates for Multiple Vulnerabilities
- SA10-313A: Microsoft Updates for Multiple Vulnerabilities
US-Cert Bulletins
- SB12-030: Vulnerability Summary for the Week of January 23, 2012
- SB12-023: Vulnerability Summary for the Week of January 16, 2012
- SB12-016: Vulnerability Summary for the Week of January 9, 2012
- SB12-009: Vulnerability Summary for the Week of January 2, 2012
- SB12-002: Vulnerability Summary for the Week of December 26, 2011
- SB11-360: Vulnerability Summary for the Week of December 19, 2011
- SB11-353: Vulnerability Summary for the Week of December 12, 2011
- SB11-346: Vulnerability Summary for the Week of December 5, 2011
- SB11-339: Vulnerability Summary for the Week of November 28, 2011
- SB11-332: Vulnerability Summary for the Week of November 21, 2011
- SB11-325: Vulnerability Summary for the Week of November 14, 2011
- SB11-318: Vulnerability Summary for the Week of November 7, 2011
- SB11-311: Vulnerability Summary for the Week of October 31, 2011
- SB11-304: Vulnerability Summary for the Week of October 24, 2011
- SB11-297: Vulnerability Summary for the Week of October 17, 2011
- SB11-290: Vulnerability Summary for the Week of October 10, 2011
- SB11-283: Vulnerability Summary for the Week of October 3, 2011
- SB11-276: Vulnerability Summary for the Week of September 26, 2011
- SB11-269: Vulnerability Summary for the Week of September 19, 2011
- SB11-262: Vulnerability Summary for the Week of September 12, 2011
US-CERT Techalerts
- TA12-024A: "Anonymous" DDoS Activity
- TA12-010A: Microsoft Updates for Multiple Vulnerabilities
- TA12-006A: Wi-Fi Protected Setup (WPS) Vulnerable to Brute-Force Attack
- TA11-350A: Adobe Updates for Multiple Vulnerabilities
- TA11-347A: Microsoft Updates for Multiple Vulnerabilities
- TA11-312A: Microsoft Updates for Multiple Vulnerabilities
- TA11-286A: Apple Updates for Multiple Vulnerabilities
- TA11-284A: Microsoft Updates for Multiple Vulnerabilities
- TA11-256A: Microsoft Updates for Multiple Vulnerabilities
- TA11-222A: Adobe Updates for Multiple Vulnerabilities
- TA11-221A: Microsoft Updates for Multiple Vulnerabilities
- TA11-201A: Oracle Updates for Multiple Vulnerabilities
- TA11-200A: Security Recommendations to Prevent Cyber Intrusions
- TA11-193A: Microsoft Updates for Multiple Vulnerabilities
- TA11-165A: Microsoft Updates for Multiple Vulnerabilities
- TA11-166A: Adobe Updates for Multiple Vulnerabilities
- TA11-130A: Microsoft Updates for Multiple Vulnerabilities
- TA11-102A: Microsoft Updates for Multiple Vulnerabilities
- TA11-067A: Microsoft Updates for Multiple Vulnerabilities
- TA11-039A: Microsoft Updates for Multiple Vulnerabilities
US-Cert Tips
- ST11-001: Holiday Traveling with Personal Internet-Enabled Devices
- ST04-014: Avoiding Social Engineering and Phishing Attacks
- ST08-001: Using Caution with USB Drives
- ST05-008: How Anonymous Are You?
- ST05-006: Recovering from Viruses, Worms, and Trojan Horses
- ST05-003: Securing Wireless Networks
- ST05-002: Keeping Children Safe Online
- ST05-001: Evaluating Your Web Browser's Security Settings
- ST04-024: Understanding ISPs
- ST07-001: Shopping Safely Online
- ST04-023: Understanding Your Computer: Email Clients
- ST04-022: Understanding Your Computer: Web Browsers
- ST04-021: Understanding Your Computer: Operating Systems
- ST04-020: Protecting Portable Devices: Data Security
- ST04-019: Understanding Encryption
- ST04-018: Understanding Digital Signatures
- ST04-017: Protecting Portable Devices: Physical Security
- ST04-016: Recognizing and Avoiding Spyware
- ST04-015: Understanding Denial-of-Service Attacks
- ST04-013: Protecting Your Privacy
Windows IT Pro
- Bug Hunting in Greenborder Pro
- OS Haste Makes Waste
- Sam Spade on the Spam Case
- Who Is Connected To Your Systems?
- Security UPDATE--OS Haste Makes Waste--July 19, 2006
- Month of Browser Bugs
- Nmap Hackers Pick Top 100 Security Tools
- Seven Microsoft Security Patches Due In July
- Security UPDATE--Nmap Hackers Pick Top 100 Security Tools--July 5, 2006
- ADV: Get the facts about virtualization
- Security Diligence Is Overdue
- Security UPDATE--Security Diligence Is Overdue--June 28, 2006
- Singin' The Browser Blues?
- Voylent Encrypts Cell Phone Calls
- Is Vista's UAC Giving You The Blues?
- Biggest Known Targets
- Death of the Frog
- 8866 2288 6600 8800 9966 7700
- Crypto Class
- Security UPDATE--Death of the Frog--May 24, 2006
Yahoo Security
- Android OS rules in U.S., gets a Bouncer to keep malware out the Market (Appolicious)
- Hackers intercept FBI, Scotland Yard call (AP)
- Android “malware” turned out to be benign (Appolicious)
- Exclusive: Hacked companies still not telling investors (Reuters)
- Google tightens security in Android app store (Reuters)
- AVG Technologies prices at $16/share: source (Reuters)
- New Android malware? Or just an ad network? (Digital Trends)
- New DMARC email authentication aims to stop phishing (Digital Trends)
- Sarah Palin email hacker loses appeal (Reuters)
- Symantec, Lookout Mobile Security debate latest Android “malware” attack (Appolicious)
- Evi tops Android Apps of the Week (Appolicious)
- US cybersecurity efforts trigger privacy concerns (AP)
- Facebook takes on 'clickjacking' spammers in court (Reuters)
- Megaupload founder joked about his 'hacker' past (AP)
- Symantec profit, forecast in line with estimates (Reuters)
- ThreatMetrix: Mobile buying less risky than desktop this holiday season (Digital Trends)
- Nokia fined for spam texts in Australia (Reuters)
- McAfee patches flaw that turned protected systems into spam relays (Digital Trends)
- McAfee software bug could turn customers' PCs into spam servers (Reuters)
- Virus infections stop after suspects named (Reuters)
IT Toolbox Blogs
- APAR Friday 2: A HIPER closed for RECOVER
- APAR Friday: HIPER - Potential optimization problem using frequency, histogram statistics
- Chess is a Great Teacher: Life Lessons from Chess Grandmaster Henrik Danielsen
- Clouds Are Like Electricity: Dont Be Scared
- DB2 Best Practices -- 16.6 -- Subsystem Health Specifics
- Disabling SSL v2 in Server 2008 x64 and Server 2008 R2
- Do You Recognize Exceptional Performers?
- Ending the Con-Fusion Over PeopleSoft and Middleware
- Federal Mobile Strategy: Increasing Access to Mission-Critical Data & Streamlining IT
- It is the fine points which count.
- Cloud computing in financial service organizations
- Megaupload's Series of Unfortunate Events
- Monitoring connectivity for multiple database servers
- The Three Ps of Mentoring and Being Mentored
- We Need to Define Business Requirements for ERP: Where Do We Start?
- A somewhat new parm for workload manager (WLM)
- Firefox & Thunderbird 10.0 have been released
- Oracle ADF-Swing going the way of the dinosaur!
- Proctor & Gamble shifting advertising from TV and billboards to facebook and google?
- Some examples of the entertainment industry making things look like magic
