Microsoft Office Excel Scenario Record Buffer Overflow (MS11-045; CVE-2011-1275)

Microsoft Excel is a popular spreadsheet application. This is a remote code execution vulnerability. When Microsoft Excel validates record information upon opening a specially crafted Excel file, a memory handling error may corrupt system memory in such a way that an attacker could execute...

Microsoft Excel Series Integer Underflow (MS11-045; CVE-2011-1278)

Microsoft Excel is a popular spreadsheet application. A vulnerability has been identified in Microsoft Excel. When Microsoft Excel validates record information upon opening a specially crafted Excel file, a memory handling error may corrupt system memory in such a way that an attacker could execu...

A Rocky Road Ahead for Apple On Security

Computer security experts have been forecasting the arrival of malicious programs that target Apple’s products for so long that they had begun to sound like the kind of Rapturistas and Mayan Calendar sleuths that we all smartly ignore. But if May didn’t bring Harold Camping’s Judgement Day, as...

Facebook Prepares to Launch Bug Bounty Program !

Facebook Prepares to Launch Bug Bounty Program ! Facebook is working on setting up a bug bounty program that would encourage security researchers to discover vulnerabilities on its platform and report them responsibly. Mr. Joe Sullivan, Facebook's chief security officer, told us today at the Hack...

Fedora Update for acpid FEDORA-2011-6460

Check for the Version of acpid OpenVAS Vulnerability Test Fedora Update for acpid FEDORA-2011-6460 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms ...

[SECURITY] Fedora 15 Update: acpid-2.0.9-4.fc15

acpid is a daemon that dispatches ACPI events to user-space programs...

Fedora Update for mozvoikko FEDORA-2011-6215

Check for the Version of mozvoikko OpenVAS Vulnerability Test Fedora Update for mozvoikko FEDORA-2011-6215 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under th...

Windows Servers Hacked at The Hartford Insurance Company !

Hackers have broken into The Hartford insurance company and installed password-stealing programs on several of the company's Windows servers. In a warning letter sent last month to about 300 employees, contractors, and a handful of customers, the company said it discovered the infection in late...

New Chinese MBR Rootkit Identified

A new rootkit that uses the master boot record MBR to hide itself has been discovered in China and is being used to install an online game password stealer. The bootkit is installed on the computer by a trojan downloader distributed from a Chinese adult site and is detected by Kaspersky as...

Directory traversal

Directory traversal vulnerability in dc.exe 9.00.00.11059 and earlier in 7-Technologies Interactive Graphical SCADA System IGSS allows remote attackers to execute arbitrary programs via ..\ dot dot backslash sequences in opcodes 1 0xa and 2 0x17 to TCP port 12397...

CVE-2011-1566

Directory traversal vulnerability in dc.exe 9.00.00.11059 and earlier in 7-Technologies Interactive Graphical SCADA System IGSS allows remote attackers to execute arbitrary programs via ..\ dot dot backslash sequences in opcodes 1 0xa and 2 0x17 to TCP port 12397...

glibc: ld.so insecure handling of privileged programs' RPATHs with $ORIGIN

ld.so in the GNU C Library aka glibc or libc6 2.13 and earlier expands the $ORIGIN dynamic string token when RPATH is composed entirely of this token, which might allow local users to gain privileges by creating a hard link in an arbitrary directory to a 1 setuid or 2 setgid program with this RPA...

The Pharmaceutical Spam Machine

In this Lab Matters webcast, Kaspersky Lab senior spam analyst Maria Namestnikova looks closely at the pharmaceutical spam operations and discusses how spammers are using affiliate programs and rebuilt botnets to recover from last year’s crackdown...

HP OpenView Network Node Manager execvp_nc Buffer Overflow

This module exploits a stack buffer overflow in HP OpenView Network Node Manager 7.53 prior to NNM01207 or NNM01206 without the SSRT100025 hotfix. By specifying a long 'sel' parameter when calling methods within the 'webappmon.exe' CGI program, an attacker can cause a stack-based buffer overflow...

Step 5: Re-install Security Software

Once the scareware has been removed from your system, reinstall a reputable anti virus software package then use it to scan and clean your machine, once again. Scareware and rogue antivirus programs will often download and install other kinds of malicious programs while they have control of your...

Where to Begin

Scareware is one of the most pernicious online threats. For those who have been infected, it is also one of the hardest to forget. Rogue antivirus software and other forms of scareware hold victims hostage: shutting off access to their desktop and most of the Internet, disabling security software...

JDK unspecified vulnerability in Deployment component

Unspecified vulnerability in the Java Runtime Environment JRE in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.229 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown...

Kevin Mitnick's latest Book : Ghost in the Wires - My Adventures As The World's Most Wanted Hacker !

Kevin Mitnick's latest Book : Ghost in the Wires - My Adventures As The World's Most Wanted Hacker ! Kevin Mitnick, the world's most wanted computer hacker, managed to hack into some of the country's most powerful - and seemingly impenetrable - agencies and companies. By conning employees into...

Cyber Ethics, Safety and Security Education is essential for Indian users ?

India is an emerging economy investing in computerization and broadband for rapid and balanced economic development. The Indian government has embarked on large egovernance programs and enablers like the Unique ID program UID which provides a unique biometric based ID for all Indian residents. Th...

Attackers Find Point-of-Sale Software an Easy Target

While most consumers worry about their credit card or debit card numbers or other valuable data being stolen from their home computers or leaked via a data breach at their banks, a new report shows that the vast majority of attacks that harvest this sensitive data actually target weak software on...