Vulns & Alerts

69dafe8b58066478aea48f3d0f384820

ICS-CERT: Cogent DataHub Application Vulnerability

January 18, 2012 Added by:Headlines

A cross-site scripting vulnerability exists in the Cogent DataHub application because it lacks server-side validation of query string parameter values. Attacks require that a user visit a URL which injects client-side scripts into the server’s HTTP response...

Comments  (0)

03b2ceb73723f8b53cd533e4fba898ee

Symantec: The Inconvenient Truth Behind the Data Breach

January 17, 2012 Added by:Pierluigi Paganini

Initially, Symantec spokesman Cris Paden said the hackers had stolen only the source code of Symantec Endpoint Protection 11.0 and Symantec AntiVirus 10.2, minimizing the seriousness of the breach. The situation has now changed dramatically...

Comments  (0)

3750d420f6c2a9844b529978894dc0be

2012 Has Delivered Her First Giant Data Breach

January 17, 2012 Added by:Josh Shaul

We consumers need to pressure business to change their practices and protect our information. By asking questions, we’ll force organizations to recognize the importance of effective security, and to either do it properly or lose customers to a competitor who will...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Symantec Hacked in 2006? Claim Raises More Questions

January 17, 2012 Added by:Headlines

Symantec now claims that the company's own networks were in fact breached back in 2006, leading to the loss of proprietary product data: "...an investigation into the matter had revealed that the company's networks had indeed been compromised"...

Comments  (3)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: 7T IGSS Graphical SCADA System Vulnerability

January 17, 2012 Added by:Headlines

Researcher Kuang-Chun Hung of ICST has identified an unsafe search path vulnerability. Successful exploitation may allow an attacker using social engineering to execute arbitrary code and gain the same privileges as the user that is currently logged into the system...

Comments  (0)

03b2ceb73723f8b53cd533e4fba898ee

T-Mobile: Hacktivism Strikes Again

January 16, 2012 Added by:Pierluigi Paganini

The technique is always the same: ridicule the opponents, show their inability to secure their networks, and express disagreement with the decisions and policies pursued by companies and government organizations...

Comments  (2)

6d117b57d55f63febe392e40a478011f

Hacker to Release Symantec's PCAnywhere Source Code

January 16, 2012 Added by:Anthony M. Freed

YamaTough, spokesperson for the hacktivist group “The Lords of Dharmaraja”, informed Infosec Island of plans to release source code for Symantec's PCAnywhere. The release is to be made prior to the threatened exposure of the full source code for the Norton antivirus...

Comments  (19)

69dafe8b58066478aea48f3d0f384820

Zappos.com Hack: 24 Million Customer Records Breached

January 15, 2012 Added by:Headlines

A source has provided Infosec Island with a copy of a message they received while logging in to their account regarding a "security update". The message advises customers to change their password, but makes no mention of the massive data loss event...

Comments  (2)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: Open Automation Software OPC Systems Vulnerability

January 13, 2012 Added by:Headlines

Researcher Luigi Auriemma publicly reported a malformed packet vulnerability in Open Automation Software’s OPC Systems.NET. A malformed packet could be sent remotely to cause a denial of service. Public exploits are known to target this vulnerability...

Comments  (0)

39728eff8ac87a48cfb050f0df29ceaa

Effective SIEM: Less Turtle - More Awareness

January 12, 2012 Added by:John Linkous

SIEM tools are highly focused on events. Even in cases where a SIEM can look outside of the world of events at one or two other pieces of data - say, at network traffic - that’s still woefully inadequate. We certainly need events and network traffic data...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: 3S Smart Software CoDeSys Vulnerabilities

January 10, 2012 Added by:Headlines

Mr. Auriemma publicly disclosed the five vulnerabilities along with proof-of-concept exploit code, including the vulnerability previously coordinated with ICS-CERT by Celil Unuver, without coordination with 3S Smart Software Solutions, ICS-CERT, or any other coordinating entity...

Comments  (0)

959779642e6e758563e80b5d83150a9f

On the Israeli Credit Card Breach

January 08, 2012 Added by:Danny Lieberman

The biggest vulnerability of PCI DSS is that it’s about 10 years behind the curve. When people in the PCI DSS Security Council in Europe confess to never having heard of DLP and when the standard places an obsessive emphasis on anti-virus, you know you're still in Kansas...

Comments  (0)

03b2ceb73723f8b53cd533e4fba898ee

Symantec Norton AV Hack: Some Further Considerations

January 07, 2012 Added by:Pierluigi Paganini

The information was obtained by hacking India's military computer network. The Indian intelligence agencies were in possession of the source code thanks to an agreement with Symantec. The source code seems to be part of the Norton Antivirus version 2006...

Comments  (0)

Ba829a6cb97f554ffb0272cd3d6c18a7

Symantec Gets Pwn3d: The Fallout

January 06, 2012 Added by:Kevin McAleavey

YamaTough provided Infosec Island with compelling evidence that he did indeed have the secret sauce and planned to release it in order to embarrass Symantec over Indian government policies towards obtaining source code to eavesdrop on cell phones and other communications...

Comments  (0)

Af9c34417f8e5e0d240850bb353b5d40

Is It Really the Norton AV Source Code?

January 06, 2012 Added by:Keith Mendoza

The best part, the archive file that YamaTough floated does not contain any code that does the actual scanning for viruses. That's the good news, now for the part that would keep me awake tonight if I were a developer in the Norton Anti-virus team...

Comments  (5)

6d117b57d55f63febe392e40a478011f

Symantec Confirms Norton AV Source Code Exposed

January 05, 2012 Added by:Anthony M. Freed

"Symantec can confirm that a segment of its source code has been accessed. Symantec’s own network was not breached, but rather that of a third party entity. We are still gathering information on the details and are not in a position to provide specifics on the third party involved..."

Comments  (21)

Page « < 18 - 19 - 20 - 21 - 22 > »