Vulns & Alerts
January 18, 2012 Added by:Headlines
A cross-site scripting vulnerability exists in the Cogent DataHub application because it lacks server-side validation of query string parameter values. Attacks require that a user visit a URL which injects client-side scripts into the server’s HTTP response...
January 17, 2012 Added by:Pierluigi Paganini
Initially, Symantec spokesman Cris Paden said the hackers had stolen only the source code of Symantec Endpoint Protection 11.0 and Symantec AntiVirus 10.2, minimizing the seriousness of the breach. The situation has now changed dramatically...
January 17, 2012 Added by:Josh Shaul
We consumers need to pressure business to change their practices and protect our information. By asking questions, we’ll force organizations to recognize the importance of effective security, and to either do it properly or lose customers to a competitor who will...
January 17, 2012 Added by:Headlines
Symantec now claims that the company's own networks were in fact breached back in 2006, leading to the loss of proprietary product data: "...an investigation into the matter had revealed that the company's networks had indeed been compromised"...
January 17, 2012 Added by:Headlines
Researcher Kuang-Chun Hung of ICST has identified an unsafe search path vulnerability. Successful exploitation may allow an attacker using social engineering to execute arbitrary code and gain the same privileges as the user that is currently logged into the system...
January 16, 2012 Added by:Pierluigi Paganini
The technique is always the same: ridicule the opponents, show their inability to secure their networks, and express disagreement with the decisions and policies pursued by companies and government organizations...
January 16, 2012 Added by:Anthony M. Freed
YamaTough, spokesperson for the hacktivist group “The Lords of Dharmaraja”, informed Infosec Island of plans to release source code for Symantec's PCAnywhere. The release is to be made prior to the threatened exposure of the full source code for the Norton antivirus...
January 15, 2012 Added by:Headlines
A source has provided Infosec Island with a copy of a message they received while logging in to their account regarding a "security update". The message advises customers to change their password, but makes no mention of the massive data loss event...
January 13, 2012 Added by:Headlines
Researcher Luigi Auriemma publicly reported a malformed packet vulnerability in Open Automation Software’s OPC Systems.NET. A malformed packet could be sent remotely to cause a denial of service. Public exploits are known to target this vulnerability...
January 12, 2012 Added by:John Linkous
SIEM tools are highly focused on events. Even in cases where a SIEM can look outside of the world of events at one or two other pieces of data - say, at network traffic - that’s still woefully inadequate. We certainly need events and network traffic data...
January 10, 2012 Added by:Headlines
Mr. Auriemma publicly disclosed the five vulnerabilities along with proof-of-concept exploit code, including the vulnerability previously coordinated with ICS-CERT by Celil Unuver, without coordination with 3S Smart Software Solutions, ICS-CERT, or any other coordinating entity...
January 08, 2012 Added by:Danny Lieberman
The biggest vulnerability of PCI DSS is that it’s about 10 years behind the curve. When people in the PCI DSS Security Council in Europe confess to never having heard of DLP and when the standard places an obsessive emphasis on anti-virus, you know you're still in Kansas...
January 07, 2012 Added by:Pierluigi Paganini
The information was obtained by hacking India's military computer network. The Indian intelligence agencies were in possession of the source code thanks to an agreement with Symantec. The source code seems to be part of the Norton Antivirus version 2006...
January 06, 2012 Added by:Kevin McAleavey
YamaTough provided Infosec Island with compelling evidence that he did indeed have the secret sauce and planned to release it in order to embarrass Symantec over Indian government policies towards obtaining source code to eavesdrop on cell phones and other communications...
January 06, 2012 Added by:Keith Mendoza
The best part, the archive file that YamaTough floated does not contain any code that does the actual scanning for viruses. That's the good news, now for the part that would keep me awake tonight if I were a developer in the Norton Anti-virus team...
January 05, 2012 Added by:Anthony M. Freed
"Symantec can confirm that a segment of its source code has been accessed. Symantec’s own network was not breached, but rather that of a third party entity. We are still gathering information on the details and are not in a position to provide specifics on the third party involved..."
Hacker to Release Symantec's PCAnywhere Sour... Jerry Shaw on 10-05-2015
PoS Malware Kits Rose in Underground in 2014... on 03-17-2015
New PCI Compliance Study... on 03-17-2015