Vulns & Alerts


ICS-CERT: Siemens Tecnomatix FactoryLink ActiveX

January 05, 2012 Added by:Headlines

Researchers identified two vulnerabilities affecting ActiveX components in the Siemens Tecnomatix FactoryLink application, including buffer overflow and data corruption. Successful exploitation of the vulnerabilities could allow an attacker to perform denial of service and arbitrary code execution...

Comments  (0)


Update: File Appears to Contain 2006 Norton AV Source Code

January 05, 2012 Added by:Anthony M. Freed

Infosec Island has been provided with a file that appears to contain source code for the 2006 version of Norton antivirus. We have provided Symantec with the file and are awaiting their analysis. We will not be releasing the file due to the sensitive nature of the information...

Comments  (6)


US CERT: Hash Table Collision Attack Vulnerability

January 04, 2012 Added by:Headlines

US-CERT is aware of reports stating that multiple programming language implementations, including web platforms, are vulnerable to hash table collision attacks. This vulnerability could be used by an attacker to launch a denial-of-service attack against websites using affected products...

Comments  (0)


Fallout from the Christmas Hack of Stratfor

January 03, 2012 Added by:Richard Stiennon

The most painful lesson the Stratfor hack is about to demonstrate is the importance of email security. Anonymous will be recruiting volunteers to analyze the 3.3 million emails they stole that have the potential for real harm equal to the infamous WikiLeaks State Department leak...

Comments  (0)


Was Stratfor Breached By an Insider?

January 03, 2012 Added by:Jeffrey Carr

I'm not accusing Michael Mooney of being involved. I am, however, stating that attacks by insiders who hold a grudge against their employer are common and Mooney's position along with the circumstances around his departure will certainly be explored by law enforcement...

Comments  (4)


Stratfor Hack Proves a Few Things

January 03, 2012 Added by:

How many more companies believe they can get by with half-baked security? Why are budgets being cut for information security by CIOs who just don’t get it? Why is it that organizations do business with other organizations without performing due diligence on the entity?

Comments  (0)


Cybersecurity in Today's World

December 31, 2011 Added by:Larry Karisny

Curt Massey spent a 35-year career protecting our national security. His military service, civilian law enforcement, corporate security and military contracting experiences have imbued him with the unpleasant knowledge of our core vulnerabilities and a visceral drive to build a team capable of finding answers...

Comments  (0)


Secure Communications for CERTs and Stakeholders

December 29, 2011

ENISA seeks to identify the most suitable technology and platform to provide secure channels to improve communications with CERTs and other stakeholders. Secure transportation of information assures some combination of confidentiality, integrity and authenticity of the data...

Comments  (0)


Father Noel Delivers His Second Lump of "LulzXmas" to Stratfor

December 27, 2011 Added by:Kevin McAleavey

While many of us were nestled in our beds and enjoying Christmas day with family and friends, opening our gifts and downing the holiday grog, a nasty lump of coal was left once again under the tree for Stratfor by the LulzSec/Lulzboat crew...

Comments  (0)


Restaurant Depot Customers Alerted of Data Breach

December 12, 2011 Added by:Headlines

"Trustwave found that that the thieves inserted malicious software or 'malware' into the credit and debit card processing systems used in Restaurant Depot stores. The malware collected card information as it was processed, stored it temporarily, and then sent it to a computer server in Russia..."

Comments  (0)


Santa Gets Hacked - Naughty List Leaked (video)

December 09, 2011

Breaking News (video): Networks at the North Pole have been breached by unidentified hackers leading to the disclosure of sensitive data - Santa's naughty list. Don’t worry – your secrets are safe! Included is a list of the things we really think are just that - a little bit naughty...

Comments  (3)


CERT Warns of Holiday Phishing and Malware Campaigns

December 06, 2011 Added by:Headlines

"US-CERT encourages users and administrators to use caution when encountering email messages and take the following preventative measures to protect themselves from phishing scams and malware campaigns..."

Comments  (0)


Is the Security Response System for SCADA-ICS Broken?

December 05, 2011 Added by:Headlines

"Publicly disclosing affected identity names and incident information is highly unusual and not part of ICS-CERT's normal incident reporting and triage procedures. In this particular case, because unconfirmed information had already been leaked to the public..."

Comments  (0)


ICS-CERT Issues Illinois Water Pump Failure Report

November 24, 2011 Added by:Headlines

ICS-CERT and the FBI found no evidence of a cyber intrusion... In addition, there is no evidence to support claims made in the initial Illinois STIC report... that any credentials were stolen, or that the vendor was involved in any malicious activity that led to a pump failure...

Comments  (0)


Rethinking Sensitive Information - Social Security Numbers

November 05, 2011 Added by:Rafal Los

Public and private entities have proven that a single nine-digit number as the gateway to our identities is not appropriate. Data breaches and identity theft cost organizations billions - perhaps we need to push the government to come up with a new way of verifying citizenship?

Comments  (1)


SEC Issues Guidance on Security Incident Disclosure

October 31, 2011 Added by:David Navetta

What the guidance document does stress, however, is process and risk assessment. One read of this guidance is that companies internally are going to have to more carefully forecast and estimate the impact of cyber incidents and the consequences of failing to implement adequate security...

Comments  (0)

Page « < 18 - 19 - 20 - 21 - 22 > »