Vulns & Alerts

39728eff8ac87a48cfb050f0df29ceaa

Effective SIEM: Less Turtle - More Awareness

January 12, 2012 Added by:John Linkous

SIEM tools are highly focused on events. Even in cases where a SIEM can look outside of the world of events at one or two other pieces of data - say, at network traffic - that’s still woefully inadequate. We certainly need events and network traffic data...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: 3S Smart Software CoDeSys Vulnerabilities

January 10, 2012 Added by:Headlines

Mr. Auriemma publicly disclosed the five vulnerabilities along with proof-of-concept exploit code, including the vulnerability previously coordinated with ICS-CERT by Celil Unuver, without coordination with 3S Smart Software Solutions, ICS-CERT, or any other coordinating entity...

Comments  (0)

959779642e6e758563e80b5d83150a9f

On the Israeli Credit Card Breach

January 08, 2012 Added by:Danny Lieberman

The biggest vulnerability of PCI DSS is that it’s about 10 years behind the curve. When people in the PCI DSS Security Council in Europe confess to never having heard of DLP and when the standard places an obsessive emphasis on anti-virus, you know you're still in Kansas...

Comments  (0)

03b2ceb73723f8b53cd533e4fba898ee

Symantec Norton AV Hack: Some Further Considerations

January 07, 2012 Added by:Pierluigi Paganini

The information was obtained by hacking India's military computer network. The Indian intelligence agencies were in possession of the source code thanks to an agreement with Symantec. The source code seems to be part of the Norton Antivirus version 2006...

Comments  (0)

Ba829a6cb97f554ffb0272cd3d6c18a7

Symantec Gets Pwn3d: The Fallout

January 06, 2012 Added by:Kevin McAleavey

YamaTough provided Infosec Island with compelling evidence that he did indeed have the secret sauce and planned to release it in order to embarrass Symantec over Indian government policies towards obtaining source code to eavesdrop on cell phones and other communications...

Comments  (0)

Af9c34417f8e5e0d240850bb353b5d40

Is It Really the Norton AV Source Code?

January 06, 2012 Added by:Keith Mendoza

The best part, the archive file that YamaTough floated does not contain any code that does the actual scanning for viruses. That's the good news, now for the part that would keep me awake tonight if I were a developer in the Norton Anti-virus team...

Comments  (5)

6d117b57d55f63febe392e40a478011f

Symantec Confirms Norton AV Source Code Exposed

January 05, 2012 Added by:Anthony M. Freed

"Symantec can confirm that a segment of its source code has been accessed. Symantec’s own network was not breached, but rather that of a third party entity. We are still gathering information on the details and are not in a position to provide specifics on the third party involved..."

Comments  (21)

69dafe8b58066478aea48f3d0f384820

Update 3: Hackers May Leak Norton Antivirus Source Code

January 05, 2012 Added by:Headlines

YamaTough has posted more information from the alleged breach on Google+ in an effort to prove this is not a spoof, an excerpt is as follows...

Comments  (23)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: Siemens Tecnomatix FactoryLink ActiveX

January 05, 2012 Added by:Headlines

Researchers identified two vulnerabilities affecting ActiveX components in the Siemens Tecnomatix FactoryLink application, including buffer overflow and data corruption. Successful exploitation of the vulnerabilities could allow an attacker to perform denial of service and arbitrary code execution...

Comments  (0)

6d117b57d55f63febe392e40a478011f

Update: File Appears to Contain 2006 Norton AV Source Code

January 05, 2012 Added by:Anthony M. Freed

Infosec Island has been provided with a file that appears to contain source code for the 2006 version of Norton antivirus. We have provided Symantec with the file and are awaiting their analysis. We will not be releasing the file due to the sensitive nature of the information...

Comments  (6)

69dafe8b58066478aea48f3d0f384820

US CERT: Hash Table Collision Attack Vulnerability

January 04, 2012 Added by:Headlines

US-CERT is aware of reports stating that multiple programming language implementations, including web platforms, are vulnerable to hash table collision attacks. This vulnerability could be used by an attacker to launch a denial-of-service attack against websites using affected products...

Comments  (0)

924ce315203c17e05d9e04b59648a942

Fallout from the Christmas Hack of Stratfor

January 03, 2012 Added by:Richard Stiennon

The most painful lesson the Stratfor hack is about to demonstrate is the importance of email security. Anonymous will be recruiting volunteers to analyze the 3.3 million emails they stole that have the potential for real harm equal to the infamous WikiLeaks State Department leak...

Comments  (0)

296634767383f056e82787fcb3b94864

Was Stratfor Breached By an Insider?

January 03, 2012 Added by:Jeffrey Carr

I'm not accusing Michael Mooney of being involved. I am, however, stating that attacks by insiders who hold a grudge against their employer are common and Mooney's position along with the circumstances around his departure will certainly be explored by law enforcement...

Comments  (4)

0ff0a77035f9569943049ed3e980bb0d

Stratfor Hack Proves a Few Things

January 03, 2012 Added by:

How many more companies believe they can get by with half-baked security? Why are budgets being cut for information security by CIOs who just don’t get it? Why is it that organizations do business with other organizations without performing due diligence on the entity?

Comments  (0)

8a958994958cdf24f0dc051edfe29462

Cybersecurity in Today's World

December 31, 2011 Added by:Larry Karisny

Curt Massey spent a 35-year career protecting our national security. His military service, civilian law enforcement, corporate security and military contracting experiences have imbued him with the unpleasant knowledge of our core vulnerabilities and a visceral drive to build a team capable of finding answers...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

Secure Communications for CERTs and Stakeholders

December 29, 2011

ENISA seeks to identify the most suitable technology and platform to provide secure channels to improve communications with CERTs and other stakeholders. Secure transportation of information assures some combination of confidentiality, integrity and authenticity of the data...

Comments  (0)

Page « < 18 - 19 - 20 - 21 - 22 > »