|
Latest IT security alerts.... |
|
Heise: The H Roundup for the week ending 19 May In the last seven days: a beta for PostgreSQL 9.2 arrived, Chrome 19 was declared stable, and Oracle changed its mind about damages in the Android case. Also, The H provided some tools and tips for the systemd Linux init system, and Andrew Back took a practical look at the Internet of Things 2012-05-19 11:59: read more... |
|
Heise: Twitter refines tracking, adds Do Not Track support Do Not Track is based on the idea that user changes to default browser settings related to privacy should have an effect on the way service providers online handle personal data 2012-05-18 14:26: read more... |
|
Heise: Global Payments breach reportedly worse than expected According to a report, the security breach at credit card processing company Global Payments extends back even further than was previously believed and may affect more than seven million accounts 2012-05-18 12:39: read more... |
|
Heise: British hackers get jail terms One hacker took over a Facebook account and received 12 months in jail while the other ran keylogging trojans and sold stolen credentials as a sideline to committing a series of burglaries; this earned 18 months in jail 2012-05-18 09:19: read more... |
|
Heise: DoS vulnerability in Bitcoin The developers of the Bitcoin software have fixed a problem in the client that allowed users to perform DoS attacks on other user's nodes. Details of the nature of the vulnerability have not yet been disclosed 2012-05-17 17:00: read more... |
|
Heise: Apache details OpenOffice 3.4 security fixes Following the release of 3.4.0 last week, the Apache Software Foundation has now detailed the security fixes in the new version of the open source productivity suite and said that it has already been downloaded more than one million times 2012-05-17 16:35: read more... |
|
Heise: The Pirate Bay and WikiLeaks recover from DDoS attacks The Pirate Bay fell under a DDoS attacks for which, an ex-Anonymous member has claimed responsibility while in an apparently unrelated DDoS attack Wikileaks was down for over 72 hours 2012-05-17 16:29: read more... |
|
Heise: Security vulnerability in sudo's netmask function patched The sudo developers have fixed a bug in the privilege elevating utility that would allow an attacker, under certain circumstances, to execute commands that they should not be able to access on the machine in question 2012-05-17 16:08: read more... |
|
Heise: RealPlayer update fixes security vulnerabilities RealNetworks is warning users about multiple security vulnerabilities in its RealPlayer media player application for Windows, one of which could be exploited by an attacker to remotely execute arbitrary code on a victim's system 2012-05-17 12:02: read more... |
|
Heise: Avira update puts behaviour recognition on hold When Avira's behaviour recognition module disabled important system processes after a Service Pack, the company issued an update to fix the problem. The catch: the update completely removes the behaviour recognition feature for the time being 2012-05-16 18:40: read more... |
|
Heise: .secure domains require proof of security Under the .secure gTLD, Artemis plans to create a form of high security zone on the internet that will offer trustworthy and secure services. Potential .secure services must meet various conditions 2012-05-16 16:36: read more... |
|
Heise: Chrome 19 released with tab syncing The headline feature of the new stable chrome is tab synchronisation, but Google has also slipped in an experimental version of Web Intents 2012-05-16 11:26: read more... |
|
Heise: QuickTime for Windows update plugs security holes Version 7.7.2 of QuickTime for Windows addresses a total of 17 security vulnerabilities in the media player, all of which could be could exploited by an attacker to crash the application or execute arbitrary code on a victim's system 2012-05-16 10:37: read more... |
|
Heise: Avira update fixes Service Pack bug Avira has fixed the problem in this week's Service Pack which resulted in the software blocking harmless processes. Affected users need to manually install an update to implement the fix 2012-05-16 09:27: read more... |
|
Microsoft: MS12-034 - Critical : Combined Security Update for Microsoft Office, Windows, .NET Framework, and Silverlight (2681578) - Version: 1.1 2012-05-16 08:00: read more... |
|
Heise: Avira AV update hangs systems - Update Avira's paid-for anti-virus software product is currently hanging users' computers and, in some cases, causing them not to boot. Users who have not yet installed the latest update should refrain from doing so 2012-05-15 13:21: read more... |
|
Heise: Avira AV update hangs systems Avira's paid-for anti-virus software product is currently hanging users' computers and, in some cases, causing them not to boot. Users who have not yet installed the latest update should refrain from doing so 2012-05-15 13:21: read more... |
|
Heise: Fraunhofer Institute finds security vulnerabilites in cloud storage services The Fraunhofer Institute for Secure Information Technology has tested the security of several cloud storage services. It identified security problems in several areas, including encryption and data protection 2012-05-15 12:43: read more... |
|
Heise: Flashback removal tool arrives for Mac OS X 10.5 Leopard Even though the operating system is no longer officially supported, Apple has published a standalone Flashback malware removal tool for computers running Mac OS X 10.5 Leopard, as well as a Security Update that disables older versions of the Adobe Flash Player 2012-05-15 11:00: read more... |
|
Heise: Kickstarter security vulnerability exposes projects A security vulnerability on crowd-funding platform Kickstarter means that outsiders have been able to access details of unpublished projects. Kickstarter has reassured project backers that their personal data has not been affected 2012-05-15 10:01: read more... |
|
TrendMicro: ANDROIDOS_FAKE.DQ Low 2012-05-15 08:00: read more... |
|
Heise: Notepad++ web site compromised The web site of the text editor was breached last week. The attackers tried to harvest the Facebook account credentials of visitors and defaced the site. Downloads of the software do not seem to have been affected 2012-05-14 16:52: read more... |
|
Heise: Skype for Linux hotfix plugs security hole Nearly one year after the last update arrived, Skype has issued a new hotfix release for Linux that includes a newer version of libpng, which closes a security hole 2012-05-14 16:12: read more... |
|
Heise: Bitcoinica Bitcoin site breached Virtual bank robbery with real-world damage: criminals have stolen 18,547 virtual currency coins from the Bitcoinica Bitcoin site - valued at approximately £55,000. The attackers also managed to access the entire database including user data 2012-05-14 15:05: read more... |
|
Heise: Fifth Debian 6.0 "Squeeze" update released The developers at the Debian Project have announced the release of the fifth update to version 6.0 of their popular Linux distribution 2012-05-14 10:04: read more... |
|
Heise: Worth Reading: Confessions of a botnet operator A self-confessed operator of a Zeus botnet has hosted a Q&A session on his personal motivations, his area of operations and computer security in general 2012-05-14 09:18: read more... |
|
Heise: Sniffer tool displays other people's WhatsApp messages An Android app is able to display messages from WhatsApp users connected to the same network. Since WhatsApp transfers messages in plain text format, this is no great feat 2012-05-13 13:35: read more... |
|
Heise: The H Roundup for the week ending 12 May In the last seven days: Apache OpenOffice 3.4.0 made its debut, Adobe put a price on security updates for Photoshop, and Dell and Red Hat signed an OEM partnership. Also, The H took a look at the systemd Linux init system and provided more details about what's coming in Linux 3.4 2012-05-12 11:59: read more... |
|
Heise: Adobe backs down, will release patches for critical holes Adobe says it is now developing patches for its Photoshop, Illustrator and Flash Professional CS5.x products to close critical holes that it told users could be closed by buying the just-released CS6 versions of the applications 2012-05-12 11:11: read more... |
|
Heise: Opera 11.64 closes critical code execution hole Version 11.64 of the web browser closes a critical hole that could have been exploited by attackers to inject malicious code into a victim's system 2012-05-11 12:43: read more... |
|
Heise: Version 5 of OpenVAS vulnerability scanning and management tool arrives Version 5 of the OpenVAS software framework for vulnerability scanning and management has been released with 20 new features, including "asset management" which adds a second view of scan results 2012-05-11 11:34: read more... |
|
Heise: DNSCrypt arrives for Windows Following up on last December's Mac-only release of the "last mile" DNS encryption software, OpenDNS has now made a Windows version of the software available 2012-05-11 10:42: read more... |
|
Microsoft: MS11-100 - Critical : Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2638420) - Version: 1.4 2012-05-11 08:00: read more... |
|
Microsoft: MS12-035 - Critical : Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2693777) - Version: 2.0 2012-05-11 08:00: read more... |
|
Heise: Teens arrested in connection with attack on UK Police Agency Two Norwegian teenagers have been arrested in connection with the distributed denial-of-service attacks on the web site of the UK's Serious Organised Crime Agency and other sites that took place earlier this month 2012-05-10 16:46: read more... |
|
Heise: Adobe: Photoshop is not a target for attackers Adobe says it is not planning to close the holes in Photoshop and Illustrator CS5 and CS5.5 because they have not historically been attacked and they don't know of any exploits. But a proof-of-concept exploit does exist for one vulnerability 2012-05-10 14:15: read more... |
|
Heise: Plaxo online address book service warns of security breach Plaxo has confirmed that an unknown malicious third-party gained access to the company's API connection to Google's address book and calendar 2012-05-10 11:37: read more... |
|
Heise: Apple closes numerous holes in Mac OS X and Safari Once the update to 10.7.4 has been installed, Lion will no longer store user passwords in plain text on the hard disk during login. Apple has also released a security update for Safari and other fixes 2012-05-10 11:12: read more... |
|
Heise: Critical vulnerability in vBSEO patched Developers have patched a critical SQL injection vulnerability in the SEO enhancement plugin for vBulletin. As an exploit exists in the wild, users are advised to update their installations as soon as possible 2012-05-10 09:31: read more... |
|
SANS: 12.11.14 Google Chrome Remote Code Execution
2012-05-10 05:30: read more... |
|
SANS: 12.11.24 Jenkins Multiple Cross-Site Scripting and Directory Traversal Vulnerabilities
2012-05-10 05:30: read more... |
|
SANS: 12.11.25 Zend Server Multiple HTML Injection Vulnerabilities
2012-05-10 05:30: read more... |
|
SANS: 12.11.15 OpenLDAP LDAP Search Request Remote Denial of Service
2012-05-10 05:30: read more... |
|
SANS: 2.8 Mozilla Firefox/Thunderbird/SeaMonkey "shlwapi.dll" Use-After-Free Memory Corruption
2012-05-10 05:30: read more... |
|
SANS: (3) HIGH: Mozilla Firefox Use-After-Free Vulnerability
2012-05-10 05:30: read more... |
|
SANS: 12.11.19 SquirrelMail Autocomplete Plugin Email Addresses Cross-Site Scripting
2012-05-10 05:30: read more... |
|
SANS: (1) HIGH: Google Chrome Sandbox Escapes
2012-05-10 05:30: read more... |
|
SANS: 12.11.4 Microsoft Windows "DirectWrite" API Denial of Service
2012-05-10 05:30: read more... |
|
SANS: (2) HIGH: Microsoft Remote Desktop Protocol Vulnerability
2012-05-10 05:30: read more... |
|
SANS: 12.11.16 Apple Safari International Domain Name URI Spoofing
2012-05-10 05:30: read more... |
|
This page is also available as an RSS feed. This site is maintained by Hubertus A. Haniel (hubba@unixcook.com) Last Updated: 2012-05-20 03:02 |