Latest IT security alerts....
Heise: The H Roundup for the week ending 19 May
In the last seven days: a beta for PostgreSQL 9.2 arrived, Chrome 19 was declared stable, and Oracle changed its mind about damages in the Android case. Also, The H provided some tools and tips for the systemd Linux init system, and Andrew Back took a practical look at the Internet of Things
2012-05-19 11:59: read more...
Heise: Twitter refines tracking, adds Do Not Track support
Do Not Track is based on the idea that user changes to default browser settings related to privacy should have an effect on the way service providers online handle personal data
2012-05-18 14:26: read more...
Heise: Global Payments breach reportedly worse than expected
According to a report, the security breach at credit card processing company Global Payments extends back even further than was previously believed and may affect more than seven million accounts
2012-05-18 12:39: read more...
Heise: British hackers get jail terms
One hacker took over a Facebook account and received 12 months in jail while the other ran keylogging trojans and sold stolen credentials as a sideline to committing a series of burglaries; this earned 18 months in jail
2012-05-18 09:19: read more...
Heise: DoS vulnerability in Bitcoin
The developers of the Bitcoin software have fixed a problem in the client that allowed users to perform DoS attacks on other user's nodes. Details of the nature of the vulnerability have not yet been disclosed
2012-05-17 17:00: read more...
Heise: Apache details OpenOffice 3.4 security fixes
Following the release of 3.4.0 last week, the Apache Software Foundation has now detailed the security fixes in the new version of the open source productivity suite and said that it has already been downloaded more than one million times
2012-05-17 16:35: read more...
Heise: The Pirate Bay and WikiLeaks recover from DDoS attacks
The Pirate Bay fell under a DDoS attacks for which, an ex-Anonymous member has claimed responsibility while in an apparently unrelated DDoS attack Wikileaks was down for over 72 hours
2012-05-17 16:29: read more...
Heise: Security vulnerability in sudo's netmask function patched
The sudo developers have fixed a bug in the privilege elevating utility that would allow an attacker, under certain circumstances, to execute commands that they should not be able to access on the machine in question
2012-05-17 16:08: read more...
Heise: RealPlayer update fixes security vulnerabilities
RealNetworks is warning users about multiple security vulnerabilities in its RealPlayer media player application for Windows, one of which could be exploited by an attacker to remotely execute arbitrary code on a victim's system
2012-05-17 12:02: read more...
Heise: Avira update puts behaviour recognition on hold
When Avira's behaviour recognition module disabled important system processes after a Service Pack, the company issued an update to fix the problem. The catch: the update completely removes the behaviour recognition feature for the time being
2012-05-16 18:40: read more...
Heise: .secure domains require proof of security
Under the .secure gTLD, Artemis plans to create a form of high security zone on the internet that will offer trustworthy and secure services. Potential .secure services must meet various conditions
2012-05-16 16:36: read more...
Heise: Chrome 19 released with tab syncing
The headline feature of the new stable chrome is tab synchronisation, but Google has also slipped in an experimental version of Web Intents
2012-05-16 11:26: read more...
Heise: QuickTime for Windows update plugs security holes
Version 7.7.2 of QuickTime for Windows addresses a total of 17 security vulnerabilities in the media player, all of which could be could exploited by an attacker to crash the application or execute arbitrary code on a victim's system
2012-05-16 10:37: read more...
Heise: Avira update fixes Service Pack bug
Avira has fixed the problem in this week's Service Pack which resulted in the software blocking harmless processes. Affected users need to manually install an update to implement the fix
2012-05-16 09:27: read more...
Microsoft: MS12-034 - Critical : Combined Security Update for Microsoft Office, Windows, .NET Framework, and Silverlight (2681578) - Version: 1.1
2012-05-16 08:00: read more...
Heise: Avira AV update hangs systems - Update
Avira's paid-for anti-virus software product is currently hanging users' computers and, in some cases, causing them not to boot. Users who have not yet installed the latest update should refrain from doing so
2012-05-15 13:21: read more...
Heise: Avira AV update hangs systems
Avira's paid-for anti-virus software product is currently hanging users' computers and, in some cases, causing them not to boot. Users who have not yet installed the latest update should refrain from doing so
2012-05-15 13:21: read more...
Heise: Fraunhofer Institute finds security vulnerabilites in cloud storage services
The Fraunhofer Institute for Secure Information Technology has tested the security of several cloud storage services. It identified security problems in several areas, including encryption and data protection
2012-05-15 12:43: read more...
Heise: Flashback removal tool arrives for Mac OS X 10.5 Leopard
Even though the operating system is no longer officially supported, Apple has published a standalone Flashback malware removal tool for computers running Mac OS X 10.5 Leopard, as well as a Security Update that disables older versions of the Adobe Flash Player
2012-05-15 11:00: read more...
Heise: Kickstarter security vulnerability exposes projects
A security vulnerability on crowd-funding platform Kickstarter means that outsiders have been able to access details of unpublished projects. Kickstarter has reassured project backers that their personal data has not been affected
2012-05-15 10:01: read more...
TrendMicro: ANDROIDOS_FAKE.DQ
Low
2012-05-15 08:00: read more...
Heise: Notepad++ web site compromised
The web site of the text editor was breached last week. The attackers tried to harvest the Facebook account credentials of visitors and defaced the site. Downloads of the software do not seem to have been affected
2012-05-14 16:52: read more...
Heise: Skype for Linux hotfix plugs security hole
Nearly one year after the last update arrived, Skype has issued a new hotfix release for Linux that includes a newer version of libpng, which closes a security hole
2012-05-14 16:12: read more...
Heise: Bitcoinica Bitcoin site breached
Virtual bank robbery with real-world damage: criminals have stolen 18,547 virtual currency coins from the Bitcoinica Bitcoin site - valued at approximately £55,000. The attackers also managed to access the entire database including user data
2012-05-14 15:05: read more...
Heise: Fifth Debian 6.0 "Squeeze" update released
The developers at the Debian Project have announced the release of the fifth update to version 6.0 of their popular Linux distribution
2012-05-14 10:04: read more...
Heise: Worth Reading: Confessions of a botnet operator
A self-confessed operator of a Zeus botnet has hosted a Q&A session on his personal motivations, his area of operations and computer security in general
2012-05-14 09:18: read more...
Heise: Sniffer tool displays other people's WhatsApp messages
An Android app is able to display messages from WhatsApp users connected to the same network. Since WhatsApp transfers messages in plain text format, this is no great feat
2012-05-13 13:35: read more...
Heise: The H Roundup for the week ending 12 May
In the last seven days: Apache OpenOffice 3.4.0 made its debut, Adobe put a price on security updates for Photoshop, and Dell and Red Hat signed an OEM partnership. Also, The H took a look at the systemd Linux init system and provided more details about what's coming in Linux 3.4
2012-05-12 11:59: read more...
Heise: Adobe backs down, will release patches for critical holes
Adobe says it is now developing patches for its Photoshop, Illustrator and Flash Professional CS5.x products to close critical holes that it told users could be closed by buying the just-released CS6 versions of the applications
2012-05-12 11:11: read more...
Heise: Opera 11.64 closes critical code execution hole
Version 11.64 of the web browser closes a critical hole that could have been exploited by attackers to inject malicious code into a victim's system
2012-05-11 12:43: read more...
Heise: Version 5 of OpenVAS vulnerability scanning and management tool arrives
Version 5 of the OpenVAS software framework for vulnerability scanning and management has been released with 20 new features, including "asset management" which adds a second view of scan results
2012-05-11 11:34: read more...
Heise: DNSCrypt arrives for Windows
Following up on last December's Mac-only release of the "last mile" DNS encryption software, OpenDNS has now made a Windows version of the software available
2012-05-11 10:42: read more...
Microsoft: MS11-100 - Critical : Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2638420) - Version: 1.4
2012-05-11 08:00: read more...
Microsoft: MS12-035 - Critical : Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2693777) - Version: 2.0
2012-05-11 08:00: read more...
Heise: Teens arrested in connection with attack on UK Police Agency
Two Norwegian teenagers have been arrested in connection with the distributed denial-of-service attacks on the web site of the UK's Serious Organised Crime Agency and other sites that took place earlier this month
2012-05-10 16:46: read more...
Heise: Adobe: Photoshop is not a target for attackers
Adobe says it is not planning to close the holes in Photoshop and Illustrator CS5 and CS5.5 because they have not historically been attacked and they don't know of any exploits. But a proof-of-concept exploit does exist for one vulnerability
2012-05-10 14:15: read more...
Heise: Plaxo online address book service warns of security breach
Plaxo has confirmed that an unknown malicious third-party gained access to the company's API connection to Google's address book and calendar
2012-05-10 11:37: read more...
Heise: Apple closes numerous holes in Mac OS X and Safari
Once the update to 10.7.4 has been installed, Lion will no longer store user passwords in plain text on the hard disk during login. Apple has also released a security update for Safari and other fixes
2012-05-10 11:12: read more...
Heise: Critical vulnerability in vBSEO patched
Developers have patched a critical SQL injection vulnerability in the SEO enhancement plugin for vBulletin. As an exploit exists in the wild, users are advised to update their installations as soon as possible
2012-05-10 09:31: read more...
SANS: 12.11.14 Google Chrome Remote Code Execution
CVEs: CVE: CVE-2011-3047
Platform: Cross Platform
2012-05-10 05:30: read more...
SANS: 12.11.24 Jenkins Multiple Cross-Site Scripting and Directory Traversal Vulnerabilities
CVEs: CVE: CVE-2012-0325,CVE-2012-0324
Platform: Web Application
2012-05-10 05:30: read more...
SANS: 12.11.25 Zend Server Multiple HTML Injection Vulnerabilities
CVEs: CVE: Not Available
Platform: Web Application
2012-05-10 05:30: read more...
SANS: 12.11.15 OpenLDAP LDAP Search Request Remote Denial of Service
CVEs: CVE: Not Available
Platform: Cross Platform
2012-05-10 05:30: read more...
SANS: 2.8 Mozilla Firefox/Thunderbird/SeaMonkey "shlwapi.dll" Use-After-Free Memory Corruption
CVEs: CVE: CVE-2012-045410.0.3, Thunderbird versions prior to Thunderbird ESR versionsprior to and SeaMonkey versions prior to are affected.
Platform: Cross Platform
2012-05-10 05:30: read more...
SANS: (3) HIGH: Mozilla Firefox Use-After-Free Vulnerability
Category: Widely Deployed Software
Affected:
- Firefox prior to 11.0
2012-05-10 05:30: read more...
SANS: 12.11.19 SquirrelMail Autocomplete Plugin Email Addresses Cross-Site Scripting
CVEs: CVE: CVE-2012-0323
Platform: Web Application - Cross Site Scripting
2012-05-10 05:30: read more...
SANS: (1) HIGH: Google Chrome Sandbox Escapes
Category: Widely Deployed Software
Affected:
- Google Chrome Prior to 17.0.963.79
2012-05-10 05:30: read more...
SANS: 12.11.4 Microsoft Windows "DirectWrite" API Denial of Service
CVEs: CVE: CVE-2012-0156
Platform: Windows
2012-05-10 05:30: read more...
SANS: (2) HIGH: Microsoft Remote Desktop Protocol Vulnerability
Category: Widely Deployed Software
Affected:
- Windows 7
- Windows Server 2003
- Windows Server 2008
- Windows Vista
- Windows XP
2012-05-10 05:30: read more...
SANS: 12.11.16 Apple Safari International Domain Name URI Spoofing
CVEs: CVE: CVE-2012-0584
Platform: Cross Platform
2012-05-10 05:30: read more...
This page is also available as an RSS feed.
This site is maintained by Hubertus A. Haniel (hubba@unixcook.com)
Last Updated: 2012-05-20 03:02