News: Change in Focus

Change in Focus

News: Twitter attacker had proper credentials

Twitter attacker had proper credentials

News: PhotoDNA scans images for child abuse

PhotoDNA scans images for child abuse

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909

News: Conficker data highlights infected networks

Conficker data highlights infected networks

Brief: Google offers bounty on browser bugs

Google offers bounty on browser bugs

ST05-003: Securing Wireless Networks

Securing Wireless Networks

SA10-068A: Microsoft Updates for Multiple Vulnerabilities

Microsoft Updates for Multiple Vulnerabilities

ST04-022: Understanding Your Computer: Web Browsers

Understanding Your Computer: Web Browsers

ST04-021: Understanding Your Computer: Operating Systems

Understanding Your Computer: Operating Systems

SA10-040A: Microsoft Updates for Multiple Vulnerabilities

Microsoft Updates for Multiple Vulnerabilities

News to know: Palm's meltdown; Viacom vs. Google; Hacking the iPhone

Palm, Google vs. Viacom and hacking the iPhone are the themes of the day. Also see: Cell phones with the most and least radiation. by Larry Dignan

Facebook password reset themed malware campaign in the wild

Facebook is warning its users on an ongoing BredoLab malware serving campaign using the well known "Facebook Password Reset Confirmation Customer Support" social engineering theme. by Dancho Danchev

Kernel vulnerabilities discovered in Ubuntu

Kernel vulnerabilities have been uncovered across a range of Ubuntu releases, covering 6.06 LTS to 9.10, also including Kubuntu, Edubuntu, and Xubuntu distros. by Adrian Kingsley-Hughes

Patched cybersecurity act proposed in the Senate

Senator Jay Rockefeller introduces to the Senate an upgraded cybersecurity bill that requires cyber security certification and removal of Presidential power to shut down the Internet in the United States. by Doug Hanchard

Pwn2Own predictions: iPhone will be hacked

Experts are predicting that hackers at this year's CanSecWest Pwn2Own contest will definitely break into an Apple iPhone by exploiting a remote code execution vulnerability. by Ryan Naraine

IBM sees Conficker hitting 4 percent of PCs

IBM is the second company in two days to suggest that the number of computers infected by the Conficker.C worm may be higher than previously thought.

Hackers seize on 0-day flaw in Microsoft's PowerPoint

Microsoft warned Thursday that hackers are actively exploiting a software vulnerability in PowerPoint, the company's presentation application.

IBM continues push for Sun, but will the deal kill Solaris?

The high-stakes, but still under-the covers battle by IBM to take over Sun Microsystems is still in play, but IBM may be rethinking what it is willing to pay for the enterprise vendor.

Bill would give feds role in private sector cybersecurity

Two U.S. senators are proposing legislation that would give federal officials significant new authority to create and enforce data security standards both for government agencies and key parts of the private sector.

Conficker may be more widespread than previously thought

The Conficker worm may have infected more machines than previously thought, according to Internet infrastructure provider OpenDNS.

Judge approves Facebook's settlement offer in Beacon case

A federal judge has approved a proposed settlement by Facebook in a class-action lawsuit involving its now defunct Beacon behavioral tracking service.

Fired CISO says his comments never put Penn.'s data at risk

Former Pennsylvania CISO Robert Maley, who was fired after speaking at RSA without proper authorization, offer his side of the events that led to his dismissal.

IE8, iPhone will fall first day of hacking contest, predicts organizer

Microsoft's Internet Explorer 8, not Apple's Safari, will be the first browser to fall in next week's Pwn2Own hacking challenge, the contest organizer said today.

Hackers offered $100,000 for browser and phone exploits

Security company 3Com TippingPoint has jacked up to $100,000 (£65,000) the prize money on offer to anyone able to hack a range of browsers and mobile devices at the forthcoming CanSecWest security conference.

O2 says net piracy letters 'bully' web users

O2 has slammed a UK law firm for issuing letters to web users suspected of illegal file-sharing, saying they "bully or threaten" consumers.

MS10-017 - Important: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (980150)

Bulletin Severity Rating:Important - This security update resolves seven privately reported vulnerabilities in Microsoft Office Excel. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS10-016 - Important: Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (975561)

Bulletin Severity Rating:Important - This security update addresses a privately reported vulnerability in Windows Movie Maker and Microsoft Producer 2003. Windows Live Movie Maker, which is available for Windows Vista and Windows 7, is not affected by this vulnerability. The vulnerability could allow remote code execution if an attacker sent a specially crafted Movie Maker or Microsoft Producer project file and persuaded the user to open the specially crafted file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS10-015 - Important: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (977165)

Bulletin Severity Rating:Important - This security update resolves one publicly disclosed and one privately reported vulnerability in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logged on to the system and then ran a specially crafted application. To exploit either vulnerability, an attacker must have valid logon credentials and be able to log on locally. The vulnerabilities could not be exploited remotely or by anonymous users.

MS10-014 - Important: Vulnerability in Kerberos Could Allow Denial of Service (977290)

Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if a specially crafted ticket renewal request is sent to the Windows Kerberos domain from an authenticated user on a trusted non-Windows Kerberos realm. The denial of service could persist until the domain controller is restarted.

MS10-013 - Critical: Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (977935)

Bulletin Severity Rating:Critical - This security update resolves a privately reported vulnerability in Microsoft DirectShow. The vulnerability could allow remote code execution if a user opened a specially crafted AVI file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.