Internet Storm Center
Training
Certification
SANS Technology Institute
Security Awareness
Latest News
Computer Forensics
IT Audit
Software Security
We also offer the following RSS Feeds:
- ISC Diaries (headline + first sentence)
- ISC Diaries with content (headline + full content)
- Security News Feeds (same as the 'Last 20' list here)
We do collect a number of security related news feeds in this page. To suggest additional news sources or suggest other changes, use our contact form. We try hard to keep the feeds RSS, XML, CSS, RFC, IETF, ISO, DIN, TüV, ANSI compliant, but may fail occasionally. Let us know if things don't work for you and we may fix it.
Last 20
- CVE-2011-1332 (garoon)
- CVE-2011-1333 (garoon, office)
- CVE-2011-1334
- CVE-2011-1335
- CVE-2011-2180
- CVE-2011-2181
- CVE-2011-2204
- CVE-2011-2345
- CVE-2011-2346
- CVE-2011-2347
- CVE-2011-2348
- CVE-2011-2349
- CVE-2011-2350
- CVE-2011-2351
- CVE-2011-2470
- Federal agency issues new security rules for financial institutions
- Hackers steal info on military, defense personnel
- Microsoft patents spy tech for Skype
- Tumblr hit with huge phishing attack
- Apple releases Java for Mac OS X security updates
InternetStormCenter
- Random SSL Tips and Tricks, (Wed, Jun 29th)
- Symantec Report - Spam Surge against Social Networks, (Thu, Jun 30th)
- Deja-Vu: Cisco VPN Windows Client Privilege Escalation, (Tue, Jun 28th)
- DNSSEC Tips, (Tue, Jun 28th)
- Hashing Passwords, (Tue, Jun 28th)
- Update: Google Chrome 12.0.742.112 released http://googlechromereleases.blogspot.com/2011/06/stable-channel-update_28.html, (Tue, Jun 28th)
- Update: Java update for OS X fixes security issues http://support.apple.com/kb/HT1222, (Tue, Jun 28th)
- Update: Opera 11.50 is now available http://www.opera.com/, (Tue, Jun 28th)
- Update: Thunderbird 5.0 released. https://www.mozilla.org/en-US/thunderbird/, (Tue, Jun 28th)
- Are All Networks Vulnerable?, (Mon, Jun 27th)
- DNS cache poisoning: still works and still makes lots of damage, (Mon, Jun 27th)
- Phishy Spam, (Mon, Jun 27th)
- Nagios script for ISC threat level http://www.aj-services.com/?p=275, (Sun, Jun 26th)
- Show the boss on Wednesday, (Fri, Jun 24th)
- Apple Security Updates 2011-004, (Thu, Jun 23rd)
- New "Dashboard" http://isc.sans.edu/dashboard.html . Feedback welcome., (Thu, Jun 23rd)
- How Good is your Employee Termination Policy?, (Wed, Jun 22nd)
- Australian government security audit report shows tough love to agencies, (Tue, Jun 21st)
- Mozilla Firefox and Thunderbird Security Updates, (Tue, Jun 21st)
- Network Solutions currently facing a DDOS attack, (Tue, Jun 21st)
SANS Newsbites
- Oregon Police Have Surveillance Video of Suspects in Michaels Skimming Case (June 24, 2011)
- Travelodge Customer Data Breach (June 24, 2011)
- Vermont Law Barring Use of Prescription Data for Marketing Found Unconstitutional (June 23 & 24, 2011)
- Apple Updates Mac OS X; Will Release Lion 10.7 Next Month (June 24, 2011)
- ChronoPay Co-Founder Arrested Over Alleged DDoS Attack (June 27, 2011)
- CitiBank Account Thieves Steal US $2.7 Million (June 24 & 27, 2011)
- Group Claims List Identifies Some LulzSec Members (June 27, 2011)
- LulzSec Says Its Closing Up Shop (June 25 & 26, 2011)
- Righthaven Claims Legal Standing to Sue After Modifying Agreement with Publisher (June 24, 2011)
- Class Action Lawsuit Filed Against Sony (June 24, 2011)
- DHS Moves To Boost Security of Software (June 27, 2011)
- FCC Net Neutrality Rules Heading to OMB (June 27, 2011)
- Film Industry Seeks to Block Site That Hosts Pirated Movies (June 27, 2011)
- Supreme Court to Consider Issue of Warrantless GPS Tracking (June 27, 2011)
- Mozilla Releases Updates for Firefox and Thunderbird (June 21 & 23, 2011)
- Confiscated Servers Take Down Sites Unrelated to Investigation (June 22, 2011)
- EFF No Longer Accepting Donations Through Bitcoin (June 22, 2011)
- European Commission Tells Web Companies to Finalize Do-Not-Track Standard (June 22 & 23, 2011)
- FBI Shuts Down Server Used Against Coreflood Botnet (June 21 & 23, 2011)
- iPad User Data Hacker Pleads Guilty (June 23, 2011)
SANS @Risk
- (1) HIGH: Microsoft Word Memory Corruption
- (2) HIGH: Mozilla Products Multiple Vulnerabilities
- (1) HIGH: Oracle Java Multiple Security Vulnerabilities
- (2) HIGH: Novell iPrint Multiple Vulnerabilities
- (3) MEDIUM: Google Chrome Multiple Vulnerabilities
- (1) HIGH: HP 3COM/H3C Intelligent Management Center img recv Buffer Overflow Affected: current versions of H3C Intelligent Management Center Description: In accordance with its 180-day deadline, the Zero Day Initiative has disclosed an 0-d
- (2) HIGH: IBM Tivoli Endpoint lcfd.exe opts Argument Remote Code Execution Vulnerability Affected: IBM Tivoli Management Framework 3.7.1, 4.1, 4.1.1, 4.3.1 Description: IBM has released a patch for its Tivoli Management Framewo
- SANS Network Security 2010
- (1) HIGH: Google Chrome Multiple Security Vulnerabilities
- (2) HIGH: Microsoft Windows Media '.dvr-ms' Vulnerability
- 11.11.1 Microsoft Windows Media Player/Windows Media Center ".dvr-ms" File Code Execution
- 11.11.10 Samba "FD_SET" Memory Corruption
- 11.11.11 PDF-Pro Multiple Security Vulnerabilities
- 11.11.12 Wireshark 6LoWPAN Packet Denial of Service
- 11.11.13 Apple iTunes JPEG Image Heap-Based Buffer Overflow
- 11.11.14 Mozilla Firefox/SeaMonkey Text Run Construction Memory Corruption
- 11.11.15 Apache Tomcat "@ServletSecurity" Annotations Security Bypass
- 11.11.16 Subversion "mod_dav_svn" Apache Server NULL Pointer Dereference Denial of Service
- 11.11.17 IBM WebSphere Application Server prior to 7.0.0.15 Multiple Security Vulnerabilities
- 11.11.18 WebKit "Runin" Box Use-After-Free Memory Corruption
SANS Reading Room
- An Overview Of The Casper RFI Bot
- A Summary of DoS/DDoS Prevention, Monitoring and Mitigation Techniques in a Service Provider Environment
- Data Center Physical Security Checklist
- Electromagnetic Attack: Is Your Infrastructure and Data at Risk?
- OpenVPN and the SSL VPN Revolution
- Social Engineering Your Employees to Information Security
- Wireless Networks and the Windows Registry - Just where has your computer been?
- Mass SQL Injection for Malware Distribution
- Malcode Context of API Abuse
- SANSFIRE 2011
- Four Attacks on OAuth - How to Secure Your OAuth Implementation
- Following Incidents into the Cloud
- Animal Farm: Protection From Client-side Attacks by Rendering Content With Python and Squid.
- Auditing for Policy Compliance with QualysGuard and CIS Benchmarks
- Tracking Malware With Public Proxy Lists
- SANS 2011
- Protecting Users: The Importance Of Defending Public Sites
- Application Whitelisting: Panacea or Propaganda
- Measuring Psychological Variables of Control In Information Security
- Reducing Organizational Risk Through Virtual Patching
Application Security Streetfighter Blog
- Exchanging and sharing of assessment results
- Insecure Handling of URL Schemes in Appleʼs iOS
- Weekly Roundup of @Risk Web Application Vulnerabilities
- Weekly Roundup of Web Hacking Incidents
- UI Spoofing Safari on the iPhone
- ASP.NET Padding Oracle Vulnerability
- WASC Web Hacking Incident Database Semi-Annual Report
- Some Thoughts About Passwords
- Seven Security (Mis)Configurations in Java web.xml Files
- Hacking, Reviewing, and Fixing a Real-World Open Source Web App
- Free AppSec Webcasts
- Hard-Coded Password in Critical SCADA Software
- Social Zombies: Your Friends Want to Eat your Brains Webcast
- Top 25 Series – Rank 21 – Incorrect Permission Assignment for Critical Response
- Top 25 Series – Rank 22 – Allocation of Resources Without Limits or Throttling
- Top 25 Series – Rank 23 – Open Redirect
- Top 25 Series – Rank 24 – Use of a Broken or Risky Cryptographic Algorithm
- Top 25 Series – Rank 20 – Download of Code Without Integrity Check
- Top 25 Series – Rank 25 – Race Conditions
- Top 25 Series – Summary and Links
CGISecurity.com
- Secure Application Development on Facebook Platform
- TJX Hacker Gets Pwned, 20 Years In Prison
- Random FireFox URL handling Behavior
- Cryptography experts bicker with former NSA director at RSA panel
- Watcher 1.3.0 passive Web-vulnerability testing tool released
- Web Security Dojo v1.0 release
- XSS, SQL Injection and Fuzzing Barcode Cheat Sheet
- Multiple Adobe products vulnerable to XML External Entity Injection And XML Injection
- Post on Abusing Windows Communication Foundation to Perform Remote Port Scans
- 2010 SANS Top 25 Most Dangerous Programming Errors Released
- Larry Suto Web Application Security Scanner Comparison Report Inaccurate Vendors Say
- R.I.P. Apache 1.x: Apache 1.3.42 marks of end life
- Nikto version 2.1.1 released
- Weaning the Web off of Session Cookies Making Digest Authentication Viable
- WASC RSA Meet-Up 2010!
- Facebook security pretty much what you'd expect?
- Hacker Messes With Student's Schedule
- WASC Threat Classification to OWASP Top Ten RC1 Mapping
- Announcement: WASC Threat Classification v2 is Out!
- Stephen Watt sentenced to 2 years in prison for role in TJX
E-Week Security
- 11 Internet Security Myths That Delude Computer Users
- DHS Unveils Security Scoring System for Software Flaws, Attack Vectors
- Northrop Grumman Regularly Repels Advanced Attacks Seeking Sensitive Data
- Another Certificate Authority Compromised: No Fake SSL Certificates Issued
- U.S. Military Expanding Arsenal of Cyber-Warfare Capabilities
- SCADA Vulnerabilities Patched in Industrial Control Software From China
- Dropbox Accidentally Turned Off Passwords on File Storage Service
- English Teen Accused of Hacking, Police Hint LulzSec Link
- How Security Experts Dodge Scams, Malware Online
- OpenDNS Launches DNS-Based Malware Protection Service for Enterprises
- U.S. Congress Wants to Make Hacking Government Networks a Felony
- Poisoned iCloud Search Results Lead to Fake Antivirus Pages
- SCADA Vulnerabilities Patched in Two Industrial Control Software from China
- Microsoft's Kinect SDK, Patch Tuesday, Phone Scam Pushback Marked Week
- Password Security Remains the Weakest Link Even After Big Data Breaches
- Conn. AG Says Facebook Facial Recognition Software Violates Privacy
- Adobe Fixes 36 Critical Bugs in Quarterly Security Update
- Application Security Adds Threat Blocking to DbProtect Database Monitoring Tool
- Citigroup: 360,083 Credit Card Accounts Compromised
- Facebook Facial Recognition Draws EPIC Privacy Concern
Network Computing Security
- E-Discovery Needs To Move To The Cloud, Survey Finds
- Romonet Offers Predictive Modeling Tool For Data Center Planning
- Share And Share Alike With HomePipe
- Yahoo Spins Out Hadoop Startup
- Enterprise Social Networks And Security Risks
- Determining a Private Cloud Delivery Model
- E-Discovery Needs To Move To The Cloud Survey Finds
- FlashSoft Says Not When Flash, But Where
- Goodbye Dropbox
- Ipanema Guarantees Cloud App Performance
- SolidFire Aims SSD System At Cloud Providers
- Symantec Improves Virtualized App Recovery With VMware DR Support, Dashboard Management
- Businesses Have Tough Decisions To Make About Cloud Computing
- New HP Server, Storage And Networking Products Aimed At SMB Market
- Scality: Climbing The Cloud Storage Heights
- Egnyte Brings Simple File Sharing To Local Clouds
- Of Course I Build My Own Apps. Doesn't Everybody?
- ServiceNow Makes Help Desk Social
- Zenoss Prescribes Cure For The Common Cloud
- Private Cloud Automation, Orchestration, And Measured Service
Microsoft
- MS11-037 - Important: Vulnerability in MHTML Could Allow Information Disclosure (2544893)
- MS11-038 - Critical: Vulnerability in OLE Automation Could Allow Remote Code Execution (2476490)
- MS11-039 - Critical: Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2514842)
- MS11-040 - Critical: Vulnerability in Threat Management Gateway Firewall Client Could Allow Remote Code Execution (2520426)
- MS11-041 - Critical: Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2525694)
- MS11-042 - Critical: Vulnerabilities in Distributed File System Could Allow Remote Code Execution (2535512)
- MS11-043 - Critical: Vulnerability in SMB Client Could Allow Remote Code Execution (2536276)
- MS11-044 - Critical: Vulnerability in .NET Framework Could Allow Remote Code Execution (2538814)
- MS11-045 - Important: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2537146)
- MS11-046 - Important: Vulnerability in Ancillary Function Driver Could Allow Elevation of Privilege (2503665)
- MS11-047 - Important: Vulnerability in Hyper-V Could Allow Denial of Service (2525835)
- MS11-048 - Important: Vulnerability in SMB Server Could Allow Denial of Service (2536275)
- MS11-049 - Important: Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure (2543893)
- MS11-050 - Critical: Cumulative Security Update for Internet Explorer (2530548)
- MS11-051 - Important: Vulnerability in Active Directory Certificate Services Web Enrollment Could Allow Elevation of Privilege (2518295)
- MS11-052 - Critical: Vulnerability in Vector Markup Language Could Allow Remote Code Execution (2544521)
- MS11-701 - Low: Test MNP bulletin #1 (test0701)
- MS11-702 - Moderate: Test MNP bulletin #2 (test0702)
- MS11-703 - Important: Test MNP bulletin #3 (test0703)
- MS11-024 - Important: Vulnerabilities in Windows Fax Cover Page Editor Could Allow Remote Code Execution (2527308)
milw0rm
- BigAnt Server <= 2.50 SP6 Local (ZIP File) Buffer Overflow PoC #2
- Joomla com_jinc (newsid) Blind SQL Injection Vulnerability
- Joomla com_mytube (user_id) Blind SQL Injection Exploit
- Snort < 2.8.5 Unified1 Output Denial of Service Exploit
- Loggix Project <= 9.4.5 Multiple Remote File Inclusion Vulnerabilities
- WX Guest Book 1.1.208 (SQL/XSS) Multiple Remote Vulnerabilities
- ProdLer <= 2.0 (prodler.class.php sPath) RFI Vulnerability
- CMScontrol 7.x (index.php id_menu) SQL Injection Vulnerability
- cP Creator 2.7.1 (Cookie tickets) Remote SQL Injection Exploit
- BAROSmini 0.32.595 Remote File Inclusion Vulnerabilities
- Winplot (.wp2 File) Local Buffer Overflow Exploit
- Joomla com_jbudgetsmagic (bid) Remote SQL Injection Vulnerability
- DDL CMS 1.0 Multiple Remote File Inclusion Vulnerabilities
- Joomla com_surveymanager (stype) SQL Injection Vulnerability
- FSphp 0.2.1 Multiple Remote File Inclusion Vulnerabilities
- FanUpdate 2.2.1 (show-cat.php listingid) SQL Injection Vuln
- Xerver HTTP Server 4.32 Remote Denial of Service Vulnerability
- Xerver HTTP Server 4.32 XSS / Directory Traversal Vulnerabilities
- Xerver HTTP Server <= 2.50 SP6 Remote Denial of Service Vulnerability
- ClearSite 4.50 (cs_base_path) Remote File Inclusion Vulnerability
NetworkWorld Virus/Worms
- Google builds developer tool to flag Web app vulnerabilities
- Feds seize Swiss bank account of scareware mogul
- Warning: Urgent Microsoft update may be Firefox malware
- 5 ways to stay safe from fake anti-virus malware attack on Macintosh
- 7 questions about the Mac malware scare
- Top 5 things to do before buying more security technology
- Osama bin Laden's death key topic on Internet
- Safeguarding critical infrastructure from the next Stuxnet
- First Look: Norton 2012
- Man-in-the-Browser attacks target the enterprise
- Anti-Virus Software Driving You Mad? 5 Fight-Back Tips
- European agency warns of botnet dangers
- Bank says application whitelisting is answer for AV blues
- AVG bets on Android, but competitors loom
- Kaspersky mobile software now covers Android, BlackBerry
- ShmooCon 2011: The MacGyver approach
- As PC Virus Turns 25, New Worry Emerges: Attack Toolkits
- Spam Traffic Returns after Holiday Break
- Text Message of 'Death' Threatens Smartphone Security
- The Best Free Downloads of 2010
NetworkWorld Security
- Federal agency issues new security rules for financial institutions
- Hackers steal info on military, defense personnel
- Microsoft patents spy tech for Skype
- Tumblr hit with huge phishing attack
- Google patches 7 bugs in Chrome browser
- Inventor of SecurID token has new authentication system
- MasterCard blames ISP outage for site's downtime
- OECD declaration on Internet policy angers EFF
- Cellcrypt releases encrypted voice call app for the iPhone
- Groupon India data published on Internet, said researcher
- LulzSec's parting Trojan is a false positive
- Man sentenced to 13 years in Operation 'Phish Phry'
- Mastercard.com slammed again as punishment over WikiLeaks
- New scoring systems for software security: CWSS and CWRAF
- Supreme Court to weigh in on warrantless GPS tracking
- Symantec compares iOS and Android security
- Symantec finds big differences in iOS, Android security
- Why Google Health failed: Too litle, too soon
- Anonymous claims LulzSec members, steps up attacks
- Facing wildfire threat, Los Alamos National Lab closes
NWC Security
- Anti-Spam Server Fits The Job
- Rolling Review: Patch Up Your Windows
- Rolling Review: LANDesk Patch Manager
- StillSecure Steps Up
- Rolling Review: BigFix Enterprise Suite 7.0.7.96
- 7 Whole-Disk Encryption Apps Put A Lock On Data
- Rolling Review Kickoff: Network Behavior Analysis Systems
- Rollout: Mazu Profiler 8
- From The Labs: Palo Alto's Firewall Appliance
- Nevis Nails In-Band NAC
- Rolling Review: Shavlik Technologies NetChk Protect 5.9
- In-Band NAC: Three Products You Should Know About
- Log Management Gets SLIM
- Rolling Review: Host-Based NAC
- Vernier's In-Band NAC Product Takes Work
- Rollout: Vernier Networks' Control Server and EdgeWall 8800
- Analysis: PC Control
- PatchLink's Sanctuary
- RippleTech's Informant
- Identity Theft Has Gone to the Dogs
The Register
- Smut lure powers Tumblr phish scam
- 'Indestructible' rootkit enslaves 4.5m PCs in 3 months
- Anonymous smites Orlando after charity arrests
- Key internet address server sees spike in traffic
- Microsoft confirms departure of ID, access boss
- Accused autistic hacker Ryan Cleary freed on bail
- US Supremes to hear warrantless GPS tracking case
- Actor Simon Pegg warns over banking Trojan Twitter hack
- Groupon India publishes 300,000 user passwords
- Mastercard blitzed again in further DDoS attack
- McAfee to wipe mess off .xxx pr0n sites
- Mosman Council Website copied by Anonymous
- MS advises drastic measures to fight hellish Trojan
- Russian payment processing boss held over DDoS-for-hire plot
- Travelodge still doesn't know who hacked it
- Anonymous claims LulzSec merger
- Avast still focused on Windows, despite new Mac security app
- Google turns over user data in 94% of US demands
- Hackers pierce network with jerry-rigged mouse
- Liverpool cops compulsively snooped footballer's record
Secunia Vulnerabilities
- [3/5] Fedora update for dnsmasq
- [3/5] Fedora update for fail2ban
- [2/5] Debian update for websvn
- [2/5] Openfiler "redirect" Cross-Site Scripting Vulnerability
- [1/5] Gentoo update for valgrind
- [2/5] UniversalIndentGUI "SettingsPaths::init()" Insecure Temporary Files
- [3/5] Free Joke Script Multiple SQL Injection Vulnerabilities
- [3/5] PHP Krazy Image Host Script "id" SQL Injection Vulnerability
- [3/5] Swann DVR4-SecuraNet Directory Traversal Vulnerability
- [2/5] Sun Java System Directory Server Directory Proxy Server Denial of Service
- [2/5] Sun Solaris / SEAM Kerberos PAM Module Privilege Escalation
- [2/5] IBM HTTP Server "mod_proxy_ftp" Cross-Site Scripting Vulnerability
- [2/5] IBM WebSphere Application Server "PerfServlet" Information Disclosure
- [3/5] Gentoo update for xterm
- [3/5] Fedora update for moodle
- [3/5] Ubuntu update for php5
- [1/5] Fedora update for asterisk and dahdi-tools
- [2/5] Fedora update for python-fedora
- [2/5] Ubuntu update for pam-krb5
- [4/5] Mac OS X update for Java
Secunia Viruses
SecurityFocus News
- News: Change in Focus
- News: Google: 'no timetable' on China talks
- News: 'Severe' OpenSSL vuln busts public key crypto
- News: Monster botnet held 800,000 people's details
- News: Latvian hacker tweets hard on banking whistle
- News: MS uses court order to take out Waledac botnet
- News: Almost 2,500 firms breached in ongoing hack attack
- News: Two Chinese schools implicated in Google Aurora attacks
- News: Adobe pushes out Flash security fix
- Brief: Google offers bounty on browser bugs
- News: CIA, PayPal under bizarre SSL assault
- News: Most consumers reuse banking passwords
- Brief: Cyberattacks from U.S. "greatest concern"
- Brief: Microsoft patches as fraudsters target IE flaw
- Brief: MS readies patch, as fraudsters target IE flaw
- Brief: Attack on IE 0-day refined by researchers
- Brief: IE flaw gave attackers entry, says McAfee
- Brief: Law firm suing China suffers attack
- Brief: Microsoft, Oracle, Adobe issue patches
- Brief: Google, Adobe attacked through China
SecurityFocus Vulnerabilities
- Bugtraq: APPLE-SA-2011-06-28-1 Java for Mac OS X 10.6 Update 5
- Bugtraq: APPLE-SA-2011-06-28-2 Java for Mac OS X 10.5 Update 10
- Bugtraq: AST-2011-011: Possible enumeration of SIP users due to differing authentication responses
- Bugtraq: Resolved - NNT Change Tracker - Hard-Coded Encryption Key Originally posted as http://seclists.org/fulldisclosure/2011/May/460
- Vuln: Apple Mac OS X Quicktime 'Apple Lossless Audio Codec' Integer Overflow Vulnerability
- Vuln: BalaBit IT Security syslog-ng PCRE Denial of Service Vulnerability
- Vuln: ejabberd XML Parsing Denial of Service Vulnerability
- Vuln: HP OpenView Storage Data Protector CVE-2011-1865 Op Codes Remote Buffer Oveflow Vulnerability
- Bugtraq: Ashampoo 3D CAD Professional 3 ActiveX control Insecure Method
- Bugtraq: Multiple vulnerabilities in Open-Realty
- Bugtraq: NGS00057 Technical Advisory: Apple Mac OS X ImageIO Integer Overflow
- Bugtraq: XSS in FlatPress
- Vuln: Oracle Java SE and Java for Business CVE-2011-0865 Remote Java Runtime Environment Vulnerability
- Vuln: Oracle Java SE and Java for Business CVE-2011-0867 Remote Information Disclosure Vulnerability
- Vuln: Oracle Java SE and Java for Business CVE-2011-0868 Remote Denial of Service Vulnerability
- Bugtraq: Arbitrary files deletion in Novell File Reporter 1.0.4.2
- Bugtraq: MySQLDriverCS Cross-Parameter SQL Injection Vulnerability
- Bugtraq: Off-by-one in Sybase Advantage Server 10.0.0.3
- Bugtraq: Upload directory traversal in Novell ZenWorks Handheld Management 7.0.2
- Vuln: Mozilla Firefox/SeaMonkey 'OnChannelRedirect' Method Memory Corruption Vulnerability
SecurityForest
- User talk:Sijialgc88
- User talk:Sijialgc89
- User talk:Sijialgc90
- User talk:Sijialgc91
- User talk:Sijialgc92
- User talk:Sijialgc93
- User talk:Sijialgc94
- User talk:Sijialgc95
- User talk:Sijialgc96
- User talk:Sijialgc97
- User talk:Sijialgc98
- User talk:Sijialgc99
- User talk:Fengliucaot49
- User talk:Fengliucaot50
- User talk:Sijialgc
- User talk:Sijialgc1
- User talk:Sijialgc2
- User talk:Sijialgc3
- User talk:Sijialgc4
- User talk:Sijialgc5
SecurityNewsPortal
- New release of Intellitactics Security Manager features security know how
- Ubuntu Security Notice - pptpd vulnerability (USN-459-1)
- Verizon Business to acquire Cybertrust and ICSA Labs
- Cisco Security Response - HTTP Full-Width and Half-Width Unicode Encoding Evasion
- Criminologists pwn AusCERT
- Former Oracle VP pays $198,000 in trading charge
- Google Warns of Web Malware Epidemic
- Microsoft desperate, says target OpenOffice.org
- Players in potential patent battle hunker down
- Re: What RedHat doesnt want you to know about ExecShield (without NX)
- Re: [Dailydave] What RedHat doesnt want you to know about ExecShield (without NX)
- RE: Apple Safari on MacOSX may reveal users saved passwords
- Researcher: Apple TV, iTunes video dead ends
- Some Windows users get system freeze with May patches
- U.S. piracy crackdown nets 50th conviction
- Windows Update used to download malware updates
- Wordpress Akismet XSS flaw
- [USN-459-1] pptpd vulnerability
- AGs Ask MySpace For Predator Data
- Exchange Server 2007 Webcast Series - Most Frequently Asked Follow Up Questions (1 - 6)
Stupidsecurity
- FBI Tells Wikipedia to Remove FBI Seal from Wikipedia
- *Way* beyond stupid.... Military banned from wikileaks
- Man prints fake pilot's license on printer at home, flies commercial jets for 13 years
- Note on security gate... with code.
- Airport scanners being misused--quelle surprise!!
- Homeland Security out of a job?
- Arabic-language flashcards don't fly with TSA
- TSA Worker Fired For "White Powder" Prank
- TSA Logo Competition
- 8 year old on watch list
- Roundup of Web "Security" Articles
- Full Body Scanners - Millimeter Waves Pass Through Powder
- Slovak Air Security Test Goes Very Wrong
- Books banned on Canada flights to US
- TSA Says Historical Canal Mule Skinners Need Biometric ID
- Former Asst. Chief of Police asks TSA "Do I have to submit to this search?"
- Hospital Baby Abduction Security
- Iraq Swears by Bomb Detector U.S. Sees as Useless
- XKCD on airport security
- Fake Card-readers In a Hotel Elevator
US-Cert Alerts
- SA11-165A: Microsoft Updates for Multiple Vulnerabilities
- SA11-166A: Adobe Updates for Multiple Vulnerabilities
- SA11-130A: Microsoft Updates for Multiple Vulnerabilities
- SA11-102A: Microsoft Updates for Multiple Vulnerabilities
- SA11-067A: Microsoft Updates for Multiple Vulnerabilities
- SA11-039A: Microsoft Updates for Multiple Vulnerabilities
- SA11-011A: Microsoft Updates for Multiple Vulnerabilities
- SA10-348A: Microsoft Updates for Multiple Vulnerabilities
- SA10-313A: Microsoft Updates for Multiple Vulnerabilities
- SA10-285A: Microsoft Updates for Multiple Vulnerabilities
- SA10-279A: Adobe Reader and Acrobat Affected by Multiple Vulnerabilities
- SA10-263A: Adobe Flash Vulnerabilities
- SA10-257A: Microsoft Updates for Multiple Vulnerabilities
- SA10-231A: Adobe Reader and Acrobat Vulnerabilities
- SA10-224A: Apple Updates iOS for Multiple Vulnerabilities
- SA10-223A: Adobe Flash and AIR Vulnerabilities
- SA10-222A: Microsoft Updates for Multiple Vulnerabilities
- SA10-194A: Microsoft Updates for Multiple Vulnerabilities
- SA10-162A: Adobe Flash and AIR Vulnerabilities
- SA10-159A: Adobe Flash, Reader, and Acrobat Vulnerability
US-Cert Bulletins
- SB11-178: Vulnerability Summary for the Week of June 20, 2011
- SB11-171: Vulnerability Summary for the Week of June 13, 2011
- SB11-164: Vulnerability Summary for the Week of June 6, 2011
- SB11-157: Vulnerability Summary for the Week of May 30, 2011
- SB11-150: Vulnerability Summary for the Week of May 23, 2011
- SB11-143: Vulnerability Summary for the Week of May 16, 2011
- SB11-136: Vulnerability Summary for the Week of May 9, 2011
- SB11-115: Vulnerability Summary for the Week of April 18, 2011
- SB11-129: Vulnerability Summary for the Week of May 2, 2011
- SB11-122: Vulnerability Summary for the Week of April 25, 2011
- SB11-108: Vulnerability Summary for the Week of April 11, 2011
- SB11-094: Vulnerability Summary for the Week of March 28, 2011
- SB11-087: Vulnerability Summary for the Week of March 21, 2011
- SB11-080: Vulnerability Summary for the Week of March 14, 2011
- SB11-073: Vulnerability Summary for the Week of March 7, 2011
- SB11-066: Vulnerability Summary for the Week of February 28, 2011
- SB11-059: Vulnerability Summary for the Week of February 21, 2011
- SB11-052: Vulnerability Summary for the Week of February 14, 2011
- SB11-045: Vulnerability Summary for the Week of February 7, 2011
- SB11-038: Vulnerability Summary for the Week of January 31, 2011
US-CERT Techalerts
- TA11-165A: Microsoft Updates for Multiple Vulnerabilities
- TA11-166A: Adobe Updates for Multiple Vulnerabilities
- TA11-130A: Microsoft Updates for Multiple Vulnerabilities
- TA11-102A: Microsoft Updates for Multiple Vulnerabilities
- TA11-067A: Microsoft Updates for Multiple Vulnerabilities
- TA11-039A: Microsoft Updates for Multiple Vulnerabilities
- TA11-011A: Microsoft Updates for Multiple Vulnerabilities
- TA10-348A: Microsoft Updates for Multiple Vulnerabilities
- TA10-313A: Microsoft Updates for Multiple Vulnerabilities
- TA10-287A: Oracle Updates for Multiple Vulnerabilities
- TA10-285A: Microsoft Updates for Multiple Vulnerabilities
- TA10-279A: Adobe Reader and Acrobat Affected by Multiple Vulnerabilities
- TA10-263A: Adobe Flash Vulnerabilities
- TA10-257A: Microsoft Updates for Multiple Vulnerabilities
- TA10-238A: Microsoft Windows Insecurely Loads Dynamic Libraries
- TA10-231A: Adobe Reader and Acrobat Vulnerabilities
- TA10-223A: Adobe Flash and AIR Vulnerabilities
- TA10-222A: Microsoft Updates for Multiple Vulnerabilities
- TA10-194B: Oracle Updates for Multiple Vulnerabilities
- TA10-194A: Microsoft Updates for Multiple Vulnerabilities
US-Cert Tips
- ST04-014: Avoiding Social Engineering and Phishing Attacks
- ST08-001: Using Caution with USB Drives
- ST05-008: How Anonymous Are You?
- ST05-006: Recovering from Viruses, Worms, and Trojan Horses
- ST05-003: Securing Wireless Networks
- ST05-002: Keeping Children Safe Online
- ST05-001: Evaluating Your Web Browser's Security Settings
- ST04-024: Understanding ISPs
- ST07-001: Shopping Safely Online
- ST04-023: Understanding Your Computer: Email Clients
- ST04-022: Understanding Your Computer: Web Browsers
- ST04-021: Understanding Your Computer: Operating Systems
- ST04-020: Protecting Portable Devices: Data Security
- ST04-019: Understanding Encryption
- ST04-018: Understanding Digital Signatures
- ST04-017: Protecting Portable Devices: Physical Security
- ST04-016: Recognizing and Avoiding Spyware
- ST04-015: Understanding Denial-of-Service Attacks
- ST04-013: Protecting Your Privacy
- ST04-012: Browsing Safely: Understanding Active Content and Cookies
Windows IT Pro
- Bug Hunting in Greenborder Pro
- OS Haste Makes Waste
- Sam Spade on the Spam Case
- Who Is Connected To Your Systems?
- Security UPDATE--OS Haste Makes Waste--July 19, 2006
- Month of Browser Bugs
- Nmap Hackers Pick Top 100 Security Tools
- Seven Microsoft Security Patches Due In July
- Security UPDATE--Nmap Hackers Pick Top 100 Security Tools--July 5, 2006
- ADV: Get the facts about virtualization
- Security Diligence Is Overdue
- Security UPDATE--Security Diligence Is Overdue--June 28, 2006
- Singin' The Browser Blues?
- Voylent Encrypts Cell Phone Calls
- Is Vista's UAC Giving You The Blues?
- Biggest Known Targets
- Death of the Frog
- 8866 2288 6600 8800 9966 7700
- Crypto Class
- Security UPDATE--Death of the Frog--May 24, 2006
Yahoo Security
- Sony names Andrew House as head of games unit (AP)
- Vulnerabilities found in Google Chrome PC security (Reuters)
- Hacker group Anonymous targets Orlando websites (AP)
- Microsoft's Answer to Vicious Malware? Reinstall Windows (PC Magazine)
- LulzSec Hackers Bid Farewell as the Law Appears Near (NewsFactor)
- US rolls out plan to protect business websites (AP)
- LulzSec Shuts Down, Ends Hacking Campaign (Mashable)
- TeaMp0isoN hackers hit former British PM Tony Blair, leak address book (Digital Trends)
- Hackers school next generation at DEFCON Kids (AFP)
- LulzSec hits Arizona police computers, reveals sensitive data (Digital Trends)
- Want Mac OS X Lion? You're Going to Need This Snow Leopard Update (PC Magazine)
- Ariz. state police checking computers after attack (AP)
- Hacker Promises to Leak Personal Details of Tony Blair, MPs (PC Magazine)
- Hackers attack Electronic Arts website (Reuters)
- iPad hacker pleads guilty, receives minimum year in prison (Appolicious)
- LulzSec computer hackers release Arizona state files (AFP)
- AT&T, iPad Hacker Pleads Guilty (PC Magazine)
- British teenager detained over cyber hacking (Reuters)
- Ukraine says breaks up global hacker ring, banks targeted (Reuters)
- Exclusive: Forget Spy Kids, try kiddie hacker conference (Reuters)
Internet Storm Center
Training
Certification
SANS Technology Institute
Security Awareness
Latest News
Computer Forensics
IT Audit
Software Security
