Skype EasyBits Add-on, (Tue, May 31st)
Updated: 2011-05-31 03:32:27
With a recent update, some users of Skype may have inadvertently installed Easy Bits Go, ...(more)...
Lockheed Martin and RSA Tokens, (Mon, May 30th)
Updated: 2011-05-30 15:30:51Just about a month ago, RSA notified its customers about a major breach of its systems. One of the b ...(more)...Howto:Generate PHP Shell with Metasploit
Updated: 2011-05-30 04:08:00Infocon: green
Updated: 2011-05-30 03:39:15Skype EasyBits Add-onAllied Telesis Passwords Leaked, (Mon, May 30th)
Updated: 2011-05-30 02:51:17A list of default backdoor passwords for network gear vendor Allied Telesis leaked and w ...(more)...Howto: Try to use Metasploit with WMAP Plugin
Updated: 2011-05-29 18:09:00Javascript Password Strength Meter
Updated: 2011-05-29 17:33:00Howto: Fix "Invalid Driver Specified" of Armitage on Backtrack 5
Updated: 2011-05-29 16:48:00<a href="http://feedads.g.doubleclick.net/~a/mbaXN6giuwZJOVbh7cJQDqJntlA/0/da"Mac Rogue AV, Mobile Security Lead Week's Security News
Updated: 2011-05-29 16:05:47
Apples announcement that it will provide a fix for the MacDefender family of fake antivirus scams and the rising concerns about mobile security in general dominated IT security news for the week of May 23. - Several security firms, including ESET, Intego and Sophos,
raised the alarm beginning earlier this month about the proliferation of fake
antivirus programs specifically targeting the Mac OS platform.
These scareware programs worked in the same way as the PC
variants, with users being told their...Cross-site scripting vulnerability in TweetDeck’s ChromeDeck
Updated: 2011-05-29 15:55:00Russian Payment Processor May Be Behind MacDefender Scareware
Updated: 2011-05-28 16:42:00Security writer Brian Krebs may have found a link connecting Russian payment processor ChronoPay with some of the recent Mac scareware software in circulation. - It appears that a Russian online payment company may be
behind the rogue
antivirus MacDefender scam that has dominated security headlines for the past
few weeks.
A few days after the first attacks surfaced, users on Apple
support forums reported that the Mac malware was directing them to
mac-...Hacker 14 year old hired by Microsoft
Updated: 2011-05-28 14:13:00Python tools for Penetration Tester
Updated: 2011-05-28 01:35:00<a href="http://feedads.g.doubleclick.net/~a/WmN2vp6Mh3WC-m5wUGmtQJzMxCs/0/da"DNSSEC signature can crash Bind name servers
Updated: 2011-05-28 01:12:007 Linux Shells Using Built-in Tools
Updated: 2011-05-28 01:03:00Unfixed Google hack
Updated: 2011-05-28 00:56:00
<p
Lockheed Martin Shuts Down Remote Network Access After Detecting Intrusion
Updated: 2011-05-28 00:04:08Defense contractor Lockheed Martin is dealing with problems in its internal network after a suspected intrusion reportedly using the RSA SecurID tokens. - Lockheed Martin has been battling a
major disruption to its computer systems after its IT security team detected
a network intrusion earlier this week, Reuters reported.
The disruption began May 22 when the
company detected an intrusion to the network, according to the May 26 Reuters
story, w...Congress Considers Government Role in Securing Critical Infrastructure
Updated: 2011-05-27 23:00:14In one of the several congressional hearings on cyber-security, lawmakers discussed data breach notification laws and how to protect critical infrastructure. - Security
experts and public officials testified at a congressional subcommittee hearing
about the role the federal government should play in defending cyberspace and
protecting critical infrastructure from attackers.
There
are more kinds of malware and online threats, and cyber-criminals are be...iPhone 4 Encryption Remains Uncracked, but Password Keys Easy to Obtain
Updated: 2011-05-27 21:50:31Russian company ElcomSoft hasnt cracked AES-256 encryption, but figured out a way to obtain the cryptographic keys necessary to decrypt all the data on Apple iOS devices. - Russian security firm ElcomSoft claims to have cracked the
AES-256 encryption Apple used to encrypt data on user iPhones. Despite the claim of the company's CEO, thats not quite the case.
The publicly available ElcomSoft Phone Password Breaker
application provides users with the ability to view e...Hardening OS X Using The NSA Guidelines
Updated: 2011-05-27 12:00:00: Careers News Events Contact Support About Tenable Enter search text Solutions Solutions Overview Compliance Vulnerability Scanning Vulnerability Management Configuration Auditing Log Management SIEM Products Products Overview Nessus Scanner Nessus ProfessionalFeed SecurityCenter Log Correlation Engine Passive Vulnerability Scanner Services Services Overview Nessus Perimeter Service QuickStart Services Training Certification Training Certification Overview Become Certified Courses Delivery Methods Training Schedule eLearning Portal Expert Resources Expert Resources Overview Whitepapers Webinars Videos Discussion Forum Tenable Blog Partners Partners Overview Become a Partner Strategic Partners Enterprise Channel Partners Subscription Channel Partners Professional Services Partners Store
Java Signed Applets in Metasploit
Updated: 2011-05-27 08:34:00
IE Flaw Lets Attackers Steal Cookies, Access User Accounts
Updated: 2011-05-27 05:10:53An independent security consultant demonstrated a cookiejacking technique to show how attackers can steal Web cookies to access user accounts online. - An
unpatched vulnerability in Internet Explorer allows attackers to steal login
credentials to various Websites via cookies, according to a security
researcher.
Attackers
can exploit the Internet Explorer flaw to steal cookies from user computers and
use the saved information to access user da...Mac`s Supposed Immunity to Security Threats Gone Forever: 10 Reasons Why
Updated: 2011-05-27 04:23:25News Analysis: The days of Mac OS X being seemingly immune from viruses and other malware are gone forever as Apple has finally acknowledged the existence of fake Macintosh antivirus scams. - Over
the years, Mac users have been conditioned to believe that their computers were
immune from security threats. The folks who went to the Apple Store to get a
Mac were told by friends, family and even Apple that they were much safer using
a Mac than they would be with a Windows-based computer...Managing CVE-0, (Fri, May 27th)
Updated: 2011-05-27 01:43:10
Vulnerability Advisory: User clicks on something that they shouldn't have (CVE-0)
Description ...(more)... Data Breaches Add Urgency to Demands for Security Code of Conduct
Updated: 2011-05-27 01:41:12IT Security Network Security News Reviews eWeek HOME NEWS REVIEWS STORAGE SECURITY DESKTOPS NOTEBOOKS MOBILITY APP DEV BLOGS TechDirect WHITE PAPERS WEBCASTS Security News Security Reviews Security Blogs IT Infrastructure Government IT Open Source Enterprise Networking Applications Videos All eWeek Topics Home IT Security Network Security News Reviews News Reviews Data Breaches Add Urgency to Demands for Security Code of Conduct IT Security Network Security News Reviews : Data Breaches Add Urgency to Demands for Security Code of Conduct Share By Fahmida Y . Rashid on 2011-05-26 Millions of consumers are put at risk each year as companies lose control of personal data , according to Consumer Reports . Lawmakers in Congress have been discussing data security , and the Obama AdministrationHIPAA, HITECH Compliance Not Improving Health Care Data Security: Survey
Updated: 2011-05-26 21:57:01Despite spending a lot of time making sure they are compliant with federal and state regulations, health care organizations claim they are still seeing a lot of data breaches. - Being regulatory-compliant
does not necessarily reduce the chances of a data breach, at least for the
health care industry, according to a new study. Even more worrisome,
organizations appear to be focusing more on compliance and less on security.
About 56 percent of IT
security professionals i...Service Interruption Notice – May 26, 2011
Updated: 2011-05-26 21:48:45During the morning of May 26, 2011, the SoftPak Director (SPD) data center experienced a network equipment failure. The redundant systems were able to take over automatically.Chrome 11 Anti-XSS ByPass
Updated: 2011-05-26 15:57:00Fake Epsilon Breach Warning Phishes for Credit Report Customers, (Thu, May 26th)
Updated: 2011-05-26 15:53:19
Michael Mosbey sent us a link to a website that attempts to scare people into purchasing a credit re ...(more)... Was Company hacked?
Updated: 2011-05-26 15:51:00Phoenix exploit kit 2.5 leaked, Download Now !
Updated: 2011-05-26 15:47:00WordPress User IDs and User Names Disclosure
Updated: 2011-05-26 15:37:00Announcing The Nessus Android App
Updated: 2011-05-26 14:40:59AccessPatrol - Voted WindowSecurity.com Readers' Choice Award Winner - Endpoint Security
Updated: 2011-05-26 07:59:59AccessPatrol was selected the winner in the Endpoint Security category of the WindowSecurity.com Readers' Choice Awards. GFI EndPointSecurity and Netwrix USB Blocker were runner-up and second runner-up respectively.
NowStream Enables You To Stream Torrents Directly To Your iPhone (video)
Updated: 2011-05-26 05:58:00Machiavellianism – Wikipedia, the free encyclopedia
Updated: 2011-05-26 05:12:02Machiavellianism is also a term that some social and personality psychologists use to describe a person’s tendency to deceive and manipulate other people for their personal gain. In the 1960s, Richard Christie and Florence L. Geis developed a test for measuring a person’s level of Machiavellianism. This eventually became the MACH-IV test, a twenty-statement personality [...]Damballa CSP Automates Botnet Identification, Removal for ISPs
Updated: 2011-05-26 05:10:29Damballa updated its CSP appliances to help Internet service providers and telco carriers roll out systems that can monitor and identify infected subscriber devices on their networks. - Damballa updated its cyber-threat monitoring service for
internet service providers and telecommunications providers. The appliances detect
malware infections affecting any device on the CSP (Communications Service
Providers) networks, including PCs, Macs, tablets and smartphones.
Damballa CSP 1...Monitoring Social Media for Security References to Your Organization, (Wed, May 25th)
Updated: 2011-05-26 04:38:48Organizations large and small utilize social media for interacting with current and prospective cust ...(more)...GALENICAL (Android user activity logger)
Updated: 2011-05-26 03:57:00MacDefender ups the ante with removing the password need for installation, (Thu, May 26th)
Updated: 2011-05-26 01:17:12
MacDefender, malware posing as security software that targets Mac OSX, and to which only days ...(more)... SQL Injection Attack Exposes Comodo Partner Customer Data
Updated: 2011-05-25 19:09:47A SQL injection attack exposed customer certificate information and employee log-in credentials for a Comodo reseller in Brazil. No certificates were issued or compromised. - Browser
security is back in the spotlight as another Comodo partner suffered a security
breach that allowed attackers to access customer data.
Brazil-based
ComodoBR is at least the fourth Comodo partner to be compromised this year. In
this incident, attackers used SQL injection to access certif...Five new Cisco security advisories released. See http://www.cisco.com/go/psirt, (Wed, May 25th)
Updated: 2011-05-25 16:44:47...(more)...10 Biggest Data Breaches of 2011 So Far
Updated: 2011-05-25 16:40:14IT Security Network Security News Reviews eWeek HOME NEWS REVIEWS STORAGE SECURITY DESKTOPS NOTEBOOKS MOBILITY APP DEV BLOGS TechDirect WHITE PAPERS WEBCASTS Security News Security Reviews Security Blogs IT Infrastructure Government IT Open Source Enterprise Networking Applications Videos All eWeek Topics Home IT Security Network Security News Reviews News Reviews 10 Biggest Data Breaches of 2011 So Far IT Security Network Security News Reviews : 10 Biggest Data Breaches of 2011 So Far Share By Fahmida Y . Rashid on 2011-05-25 Expedias Trip Advisor , email marketing provider Epsilon , Sonys online entertainment services , professional engineering society Institute of Electrical and Electronics Engineers . They all suffered some kind of a data breach in the first four months of 2011. AtNetwork Security in a World without Network Firewalls
Updated: 2011-05-25 08:00:10Passcode bypass of the HTC Desire Z using an unexpected feature of the bootloader
Updated: 2011-05-25 03:57:00<a href="http://feedads.g.doubleclick.net/~a/0Q7ytEbPgpjjUu35FS5SNePJ-5E/0/da"msfvenom = msfencode + msfpayload
Updated: 2011-05-25 03:48:00Network Security Podcast, Episode 242
Updated: 2011-05-25 03:13:19The three amigo’s are united again! After what seems like forever, Martin, Rich and Zach manage to find the time to actually talk on the podcast again. And even though everyone’s been over the Sony compromises (10 as of this evening) we talk about that, as well as the Apple malware problem that’s currently ongoing [...]Apple advisory on "MacDefender" malware, (Wed, May 25th)
Updated: 2011-05-25 01:05:17Looks like Apple noticed that MacDefender, a fake anti-virus tool that we cover ...(more)...Microsoft Uncovers 400K Tainted Email Addresses on Rustock Hard Drives
Updated: 2011-05-25 00:44:36While digging through the hard drives seized as part of the Rustock takedown in March, Microsofts forensic experts have uncovered thousands of compromised email addresses. - Microsoft
investigators have uncovered more than 400,000 email addresses from a single
hard drive seized during the Rustock botnet takedown in March, according to
court documents. The Rustock gang also had stolen credit card numbers.
Microsoft
outlined its investigation into the hard drives bel...Metasploit 3.8.0.
Updated: 2011-05-24 19:26:00Generic Third Party Integration
Updated: 2011-05-24 16:23:08
There is an inherent value to vulnerability assessment and attack data beyond the security team. Making relevant data available to other solutions, departments, and team members can streamline the vulnerability management process and ensure the workflow is seamless between departments and management. In addition, having tight data integration makes it easier to document workflow processes [...]impassioned Framework, New Exploit Kit was released now.
Updated: 2011-05-24 07:33:00Microsoft Support Scam (again), (Mon, May 23rd)
Updated: 2011-05-24 01:04:21We have mentioned the Microsoft Support scams a few times over the last 6 months or so ( ...(more)...Howto: Setup Zeus as a hidden service.
Updated: 2011-05-23 09:00:00Blackhole Exploit Kit was released now.
Updated: 2011-05-23 07:54:00Howto: Create Registry to Write Protect a USB Flash Drive
Updated: 2011-05-23 04:42:00Don’t Panic Over the Latest Mac Malware Story
Updated: 2011-05-20 14:31:35Yesterday, SecurityWeek published my article "Don't Panic Over the Latest Mac Malware Story." I ask and answer four questions: Who benefits from the story? Why should we care? If we do care, what do we do about it? What else should we be thinking about? You can read the column in full at the SecurityWeek website.Better Security Management with a Consolidated View of AV and Vulnerabilities
Updated: 2011-05-19 18:53:32We expect our smart phones to handle all of our business needs: phone calls, voicemail, email, and calendar functionality, at the very least. Why not expect the same consolidated approach with your security products? Take for example the relationship between vulnerabilities and malware. Most of the malware, trojans, worms, etc., get into a system by [...]Plugin Spotlight: Detecting PsExec
Updated: 2011-05-19 13:08:15: : Careers News Events Contact Support About Tenable Enter search text Solutions Solutions Overview Compliance Vulnerability Scanning Vulnerability Management Configuration Auditing Log Management SIEM Products Products Overview Nessus Scanner Nessus ProfessionalFeed SecurityCenter Log Correlation Engine Passive Vulnerability Scanner Services Services Overview Nessus Perimeter Service QuickStart Services Training Certification Training Certification Overview Become Certified Courses Delivery Methods Training Schedule eLearning Portal Expert Resources Expert Resources Overview Whitepapers Webinars Videos Discussion Forum Tenable Blog Partners Partners Overview Become a Partner Strategic Partners Enterprise Channel Partners Subscription Channel Partners Professional Services Partners Store
Network security Podcast, Episode 241
Updated: 2011-05-18 19:04:42While Martin and Rich are away, Zach will pla^Wrecord an interview. I managed to snag Aldo Cortesi for a bit to discuss his research into de-anonymizing Apple UDIDs, as well as his work on mitmproxy, a man-in-the-middle proxy tool. Network Security Podcast, Episode 241 Time: 30:24Microsoft Forefront Endpoint Protection 2010 - Is Microsoft Anti-virus Good Enough
Updated: 2011-05-18 08:00:00
Should you consider FEP in your organization or does it still need more time "in the oven" before it's ready for prime time?Unified Vulnerability Management for Retailers
Updated: 2011-05-17 18:07:35What do retailers worry about the most? Outside of remaining profitable and competitive, theft is always a concern. Theft can occur for a retailer in a variety of ways. Everything from shoplifting, hijacking cargo shipments, to electronic identity theft. Thieves are always trying to find new ways of stealing “something” and making money from it. [...]Dont miss SEC-T in September
Updated: 2011-05-15 14:35:00The Swedish technical IT security conference SEC-T will be held on 8th and 9th of September this year. The SEC-T conference is a really nice arrangement that brings some high quality speakers from around the world to Stockholm for two days. The call for papers (CFP) for SEC-T was released a couple[...]3D Tool Version 2.0 Released
Updated: 2011-05-13 11:00:00
: Careers News Events Contact Support About Tenable Enter search text Solutions Solutions Overview Compliance Vulnerability Scanning Vulnerability Management Configuration Auditing Log Management SIEM Products Products Overview Nessus Scanner Nessus ProfessionalFeed SecurityCenter Log Correlation Engine Passive Vulnerability Scanner Services Services Overview Nessus Perimeter Service QuickStart Services Training Certification Training Certification Overview Become Certified Courses Delivery Methods Training Schedule eLearning Portal Expert Resources Expert Resources Overview Whitepapers Webinars Videos Discussion Forum Tenable Blog Partners Partners Overview Become a Partner Strategic Partners Enterprise Channel Partners Subscription Channel Partners Professional Services Partners StoreSony: Compliance Lessons Learned
Updated: 2011-05-12 11:00:00: : Careers News Events Contact Support About Tenable Enter search text Solutions Solutions Overview Compliance Vulnerability Scanning Vulnerability Management Configuration Auditing Log Management SIEM Products Products Overview Nessus Scanner Nessus ProfessionalFeed SecurityCenter Log Correlation Engine Passive Vulnerability Scanner Services Services Overview Nessus Perimeter Service QuickStart Services Training Certification Training Certification Overview Become Certified Courses Delivery Methods Training Schedule eLearning Portal Expert Resources Expert Resources Overview Whitepapers Webinars Videos Discussion Forum Tenable Blog Partners Partners Overview Become a Partner Strategic Partners Enterprise Channel Partners Subscription Channel Partners Professional Services Partners Store
Microsoft Patch Tuesday Roundup - May 2011
Updated: 2011-05-11 12:59:30: Careers News Events Contact Support About Tenable Enter search text Solutions Solutions Overview Compliance Vulnerability Scanning Vulnerability Management Configuration Auditing Log Management SIEM Products Products Overview Nessus Scanner Nessus ProfessionalFeed SecurityCenter Log Correlation Engine Passive Vulnerability Scanner Services Services Overview Nessus Perimeter Service QuickStart Services Training Certification Training Certification Overview Become Certified Courses Delivery Methods Training Schedule eLearning Portal Expert Resources Expert Resources Overview Whitepapers Webinars Videos Discussion Forum Tenable Blog Partners Partners Overview Become a Partner Strategic Partners Enterprise Channel Partners Subscription Channel Partners Professional Services Partners Store
Internet Explorer 9: Is It More Secure?
Updated: 2011-05-11 06:59:59Network Security Podcast, Episode 240
Updated: 2011-05-11 05:44:55It’s been one of those weeks. Martin spent the weekend in Amsterdam and only got a few hours at home before heading out on the road again. Rich is home with a sick child. And Zach is doing Zach things off somewhere and not communicating much. Luckily, Martin interviewed Eric Chiu, the President and founder [...]Microsoft Patch Tuesday – May 2011
Updated: 2011-05-11 01:49:16Oh how I am starting to enjoy the odd numbered months this year. Back in January Microsoft released 2 bulletins. February followed with 12, March with 3, and April with 17. Now May has arrived with only 2 bulletins. If you are looking to avoid piles of patch deployment work this summer, I’d bet on [...]eEye Research Report: In Configuration We Trust
Updated: 2011-05-09 23:00:10In configuration we trust. This statement couldn’t be truer to my research team and me, especially after discovering some of the findings in our latest report, which we publicly released last week. In the report, we describe simple configuration changes and software version upgrades that could mitigate many application vulnerabilities before patches are available. Some [...]Why Applications Don't work for standard users
Updated: 2011-05-04 07:00:03
This article discusses the limited privileges of standard user accounts. It explains Authentication tokens, file/folder and Registry permissions at the time the user or application attempts to access that resource.