HP Snags Application Testing Firm Fortify

The drumbeat for more secure application development picked up pace on Tuesday, with news that software giant HP had acquired privately funded Fortify Software, a maker of static code analysis tools, for an undisclosed amount. HP said that Fortify’s static analysis tools will complement its dynam...

It's Official: DNSSEC Fully Updated

Two years after a major flaw was exposed in the Internet’s Domain Name System DNS, a major upgrade to the infrastructure protocol that fixes that weakness is now up and running in all of the Internet root servers. Read the full article. Dark Reading...

Default configuration

The default configuration of HP Client Automation HPCA Enterprise Infrastructure aka Radia allows remote attackers to read log files, and consequently cause a denial of service or have unspecified other impact, via web requests...

Attackers Moving to Social Networks For Command and Control

Bot herders and the crimeware gangs behind banker Trojans have had a lot of success in the last few years with using bulletproof hosting providers as their main base of operations. But more and more, they’re finding that social networks such as Twitter and Facebook are offering even more fertile...

'Perfect Citizen' is an Imperfect Solution

Few phrases in the English language are as terrifying as, “We’re from the government and we’re here to help.” And that’s essentially what the Obama administration, in the form of the National Security Agency, is saying to the companies that run the country’s utilities and other privately owned...

Splunk Web Detection

The web interface for Splunk is running on the remote host. Splunk is a search, monitoring, and reporting tool for system administrators. Note that HTTP Basic Authentication credentials may be required to retrieve version information for some recent Splunk releases. TRUSTED...

Microsoft to Share Vulnerability Details with Governments

Microsoft today announced plans to share pre-patch details on software vulnerabilities with governments around the world under a new program aimed at securing critical infrastructure and government assets from hacker attacks. The program, codenamed Omega, features a Defensive Information Sharing...

Top 20 'Critical Controls' from SANS Institute

The SANS Institute has released critical security controls for cyber defense agreed to by a consortium of agencies including: “NSA, US Cert, DoD, DoD JTF-GNO, the Department of Energy Nuclear Laboratories, Department of State, DoD Cyber Crime Center plus the top commercial forensics experts and p...

DHS Studying Global Response to Conficker Botnet

One year after the Conficker botnet was front-page news around the world, the U.S. Department of Homeland Security is preparing a report looking at the worldwide effort to keep it in check. The report, to be published within the month, shows how an ad hoc group of security researchers and Interne...

CVE-2010-1228

Multiple race conditions in the sandbox infrastructure in Google Chrome before 4.1.249.1036 have unspecified impact and attack vectors...

Design/Logic Flaw

The sandbox infrastructure in Google Chrome before 4.1.249.1036 does not properly use pointers, which has unspecified impact and attack vectors...

Race condition

Multiple race conditions in the sandbox infrastructure in Google Chrome before 4.1.249.1036 have unspecified impact and attack vectors...

CVE-2010-1228

Multiple race conditions in the sandbox infrastructure in Google Chrome before 4.1.249.1036 have unspecified impact and attack vectors...

Zabbix 1.8.1 - SQL Injection

Zabbix 1.8.1 - SQL Injection ============================================= - Release date: April 1st, 2010 - Discovered by: Dawid Golunski - Severity: High ============================================= I. VULNERABILITY ------------------------- Zabbix = 1.8.1 SQL Injection II. BACKGROUND...

Google Chrome < 4.1.249.1036 Multiple Vulnerabilities

Binary data 800911.prm...

Google Chrome < 4.1.249.1036 Multiple Vulnerabilities

The version of Google Chrome installed on the remote host is prior to 4.1.249.1036. It is, therefore, affected by multiple vulnerabilities : - Multiple race conditions and pointer errors in the sandbox infrastructure. Issue 28804, 31880 - An error relating to persisted metadata such as Web...

Mapping the Criminal-ISP Infrastructure

According to a report issued today, eight networks connect directly to the botnet-hosting ISP Troyak and four other upstream providers that “surround the malicious core,” and help to “mask the true malware-hosting armada and provide solid uptime to the malware servers” for ZeuS botnets, Gozi, and...

What If Bill Gates Never Wrote the Trustworthy Computing Memo?

The security industry has undergone massive changes in the last 15 years, and in some cases it’s hard to imagine what things would be like had these events not taken place. Think of a world in which Google focuses on security and privacy and Microsoft never started Trustworthy Computing, and you...

Energy, Chemical Companies Are Malware Targets

Critical infrastructure organizations, such as those in the energy, oil, pharmaceutical and chemical sectors, encountered at least twice as much web malware as other organizations during 2009, researchers found. Read the full article. Secure Computing...

U.S. Gov to Simulate Cyber Attack Next Week

Security industry analysts and lawmakers will get an unprecedented chance next week to evaluate how the government might respond to a cyber-attack on critical infrastructure targets. Read the full article. Computerworld...