2013-10-18 - [slackware-security] hplip (SSA:2013-291-01)

2013-10-18 - [slackware-security] libtiff (SSA:2013-290-01)

2013-10-14 - [slackware-security] xorg-server (SSA:2013-287-05)

2013-10-14 - [slackware-security] libgpg-error (SSA:2013-287-04)

2013-10-14 - [slackware-security] gnutls (SSA:2013-287-03)

Downloader.Busadom!g1

Infostealer.Posteal

Downloader.Busadom

Trojan.Ladocosm

SONAR.SuspDocRun

SONAR.SuspHelpRun

W32.Tempedreve.D!inf

SONAR.PUA!AlnadInsta

SONAR.Infostealer!g5

SONAR.Infostealer!g4

Microsoft released Fix it tool for the zero-day vulnerability in GDI component in Microsoft Windows and Office

The flaw allows remote execution of arbitrary code on the target system via a specially crafted TIFF image.

Open source hardware can protect against NSA spying

It will more effectively detect backdoors and vulnerabilities that are built by NSA or other government agencies in the system of certain companies.

vBulletin Vulnerability allows unauthorized administrative access

Exploit for this vulnerability has already spread over hacking forums.

Microsoft to drop cookies

The company is going to apply its own technology that will store this sort of information on Redmond’s servers.

A fake Facebook login page steals user credentials

The phishers can also get access to personal and financial information.

Google to bounty fixing bugs in non-Google open source code software

Initially, the bounty program will be active for OpenSSL and OpenSSH libraries, BIND DNS and security critical components in Linux kernel.

CMU researchers created leak-proof messenger app

Messages remain encrypted until recipient gets them due to end-to-end method of encryption.

BlackHole exploit kit developer arrested in Russia

Ministry of Internal Affairs of the Russian Federation did not comment on the arrest.

EFF to sue FBI for usage of facial recognition software

The Electronic Frontier Foundation has filed a suit against the Federal Bureau of Investigation.

Facebook paid 20 grand for critical bug

UK-based security researcher was awarded with $20, 000 for discovery of critical vulnerability.

U.S. Department of Defense blocked The Guardian website

According to authorities, the resource published secret documents, access to which should be restricted.

Expert: Apple can get access to your iMessages

This is possible because the storage of messages in iCloud.

Researchers have doubted the relevance of the Common Vulnerability Scoring System

According to experts, the system does not provide the most relevant information on whether a vulnerability is used in real time for attacks on computer systems.

Backdoor in HP StoreOnce

Security experts discovered unchangeable admin account in HP StoreOnce SAN system software.

Attacker, distributing Ghost RAT Trojan, arrested in Taiwan

The virus spread via phishing email-messages.

Symantec: Pretending to be antivirus, malware blocks mobile devices

To unblock the device Fakedefender asks for a special code.

Carberp banking Trojan source code leaked

Guys from Russian security firm GROUP-IB published screen shots of a famous banking trojan Carberp.

CIA illegally read SMS of the Chinese

Snowden claimed that U.S. intelligence hacked the Chinese mobile operators’ databases.

Anonymous attack oil companies around the world

Hackers perform DDoS-attacks, compromise accounts of social networks, companies’ servers and websites, as well as hijack confidential data.

LinkedIn users were redirected to the false site because of the domain name registrar's error

Network Solutions suffered from a DDoS-attack and replaced 5 000 DNS records, which affected LinkedIn services.

Microsoft to pay up to $100,000 for new vulnerabilities in Windows 8.1 products

“New Bounty Programs” for finding flaws in Windows 8.1 Preview starts on June 26.

China to establish agency on cyber diplomacy

Ministry of Foreign Affairs of China told about creating secretariat to deal with diplomatic issues in the field of cyber security.

About 12% small businesses are ready to protect their customers’ personal data

Strengthening cybersecurity is hindered by a lack of funds and lack of awareness of the possible consequences of being compromised.

Hackers paralyzed the U.S. NSA site for 13 hours

In such a manner hackers expressed their outrage at the usage of the spy program PRISM by the govenment.

Assange: Google is an arm of US government

Assange is sure that the representatives of Google - are agents of the State Department.

France disconnects torrent users from the internet

Authorities started to apply stricter penalties, which are covered in the antipiracy law, adopted in 2010.

Microsoft provides security services with information about existing flaws before the release of patches

Many other U.S. telecommunication companies provide security services with information on voluntary basis.

Anonymous initiated a campaign against the government of Greece

Hackers broke into the website of one of the courts of Athens and broadcasted on it the programs from the Greek radio and television ERT.

Experts now know the price of user’s personal data

The cost may vary due to importance of collected information.

Edward Snowden: USA has been hacking China since 2009

For the several past years, USA has organized hundreds of cyberattacks against targets in China.

Gartner: By 2016, the global market of cyber security will reach $ 86 billion

Formation of the market can be carried out basing on three different tendencies: mobile security, “big data” and sophisticated targeted attacks.

Edward Snowden wants to reveal more information about PRISM

Snowden gave the Guardian some really important material, and it will be published really soon.

British police offers ‘kill switch’ to disable stolen mobile handsets

Emergency lock button makes the device unusable.

Fraudsters earned $ 200 mln, selling stolen credit card data

Criminals have created a special web portal for their operations.

Windows 8.1 will provide an option to secure folders with fingerprints

The operating system will recognize fingerprints without any additional software.

Google developer posted description of a 0-day vulnerability in Windows

Researcher asked other specialists to find a way to use the flaw.

Russia Today hacked by AntiLeaks

As the result of attack, three websites became unavailable.

Researchers will hack iOS devices, using a modified charger

The hack will be demonstrated at the Black Hat security conference by the team from Georgia Institute of Technology.

Jailbreak creator advised Apple to create an alternative version of iOS 7

According to the developers, in this case hackers won’t need to look for vulnerabilities to create a jailbreak and Apple representatives – to fix them.

Major internet-companies won’t spy on British users

Companies state that Theresa May’s plan is too expensive and contentious.

Google wants vendors to fix 0day vulnerabilities within one week

Company demands that software vendors issue a fix or at least suggest temporary solution for zero-day bugs.

Motorola wants to replace passwords with pills and tattoos

Still the company doubts that the alternative means of authentication will appear in the nearest future.

FBI ran child porn website for two weeks to track its users

Court records indicate the site continued to distribute child pornography online while under FBI control.

U.S. government to use videogames in developing cyber war strategies

Pentagon is working on Plan X to make cyber warfare as comprehensible and easy as firing a gun.

Chinese hackers stole Australian intelligence data

The attackers now own documents detailing the ASIO building's communication cable layouts, server locations and security systems.

U.S. military accuses China of compromising advanced weapons designs

U.S. intelligence agencies believe that hackers from China were able to obtain data on more than 20 cutting-edge developments.

Brian Krebs on Liberty Reserve being closed and accounts being frozen

When payments were made, the owners of the system did not check users’ documents properly.

British company Sky – a victim of Syrian hackers

As a result of an incident, the users of Sky News, Sky Sports News and Sky WiFi may be affected.

Journalists accused of hacking after reporting data breach

The company, which leaked the data, accuses journalists of illegal access to information and the violation of Computer Fraud and Abuse Act.

Kim Dotcom claims he invented two-factor authentication

Researcher filed patent back in 1998.

Reckz0r claims hacking CNN website

Attacker managed to publish four fake articles.

HD Moore: Embedded systems vendors are careless

While systems administrators are doing their best to protect systems, they can not deal with threats contained in routers, modems, handsets, etc.

The number of Russian sites with child pornography declined by half

The greatest number of resources with child pornography is now registered in the Netherlands and the United States.

Guantanamo jail disconnected

The American military has turned off its Wi-Fi service following threats by Anonymous.

Developers hacked Google Glass

At the company’s I/O developer conference Google showed how to root the device.

The Conpot honeypot helps catching hackers targeting SCADA-systems

Conpot detects cybercriminals scanning IP addresses for SCADA systems and then tracking their activities.

Symantec: Hackers attack European companies with Shadesrat Trojan

Cybercriminals begin attacks with a phone call to one of the victim’s employee.

Chinese university accused of cyberattacks on USA

U.S. intelligence agencies suspect the representatives of Wuhan University.

ZPanel website hacked after abusive message of one of the developers of the control panel

Use of unsafe method of encoding in ZPanel was repeatedly criticized.

Vulnerability in Apache mod_rewrite

The flaw allows executing arbitrary command when viewing the log file by the server administrator.

Hacker gets 1 year of house arrest for PlayStation Network hack

23- year-old man destroyed all evidence and authorities couldn’t prove he was involved in the hack.

U.S. government – biggest buyer of malware

White House owns not only data centers that perform DoS-attacks against enemies’ systems, but also such software as Stuxnet.

Critical vulnerability in NGINX fixed

Vulnerability allowed execution of arbitrary code on the target system.

D-Link fixes vulnerabilities in several models of routers and IP cameras

Bug allowed unauthenticated users to gain access to video stream.

Zero-day vulnerability in Microsoft Internet Explorer

Attackers used a zero-day vulnerability to perform the attack on visitors of federal institutions websites.

CWE weaknesses explained

Guys from High-Tech Bridge did a good job creating glossary that explains CWE classification of different vulnerabilities in software.

FaaS offerings marketed via Facebook

There are distinct sale items being offered by the developers of the Zeus-like botnets.

Reuters employee fired for assisting Anonymous

The suspect assisted to commit attacks on The Tribune Company.

Face recognition system could not identify Boston terrorists

According to experts, the system did not work because the photos were of poor quality.

One more way to unlock MS Office 2007/2010 documents

Specially created program allows opening any document protected by a password.

LulzSec hacker gets a year in prison for Sony breach

The attack cost Sony Corporation $ 600 000 in damage.

Microsoft releases fix for MS13-036

Company created a program capable of removing the bad update automatically.

Google paid $ 30 thousand for vulnerabilities in Chrome OS

Vulnerabilities were found by a researcher who wrote demo exploit code and a detailed description of flaws.

The House of Representatives will reconsider CISPA

Intelligence Committee approved the introduction of legislation for a second vote on Wednesday.

New details on bug on PayPal’s website

The critical flaw allowed hackers to inject commands through the vulnerable web app.

Bitcoin-exchange Mt. Gox suffered second DDoS-attack

Exchange was not available for the users most of the day on April 11.

Researcher hacks airplanes navigation systems

Hugo Teso used Android-based smartphone to perform the attack.

Jimmy Wales offers three solutions of blocking Wikipedia in Russia

The founder of the online encyclopedia said that the situation can be managed in three ways.

Microsoft account getting two-factor authentication soon

Experts will create special password generator for devices that do not support the functionality.

Microsoft, Nokia and Oracle: Google violates antitrust laws

The complaint filed against Google concerns the mobile operating system Android.

Saudi Arabia wants Skype, Viber and WhatsApp to comply with government rules

Authorities state that the apps will be banned if they fail to follow their recommendations.

New Trojan targets computers in the Middle East

BaneChant contains fileless malicious code and uses short URL or dynamic DNS-servers for users’ redirection.

Hundreds of Android apps for Google Play infected with malware

More than two hundred apps containing ‘XXX’ content are infected with malware that uses “one-click fraud” technology.

Anonymous stole 15 thousand passwords from North Korean site

Hackers oppose to North Korea government’s dictatorship.

Vulnerabilities in Apple iMessage allow performing DoS-attacks and blocking the device

The attacks appear to have originated with a Twitter account involved in selling UDIDs.

Backdoor uses Evernote as C&C server

Malware also uses the service as a drop-off point for hijacked data.

One of Anonymous arrested for attack on Koch Industries

Hacker is convicted of helping Anonymous to take down the Koch Industries’ website.

Experts: Any mobile phone user can be easily identified

Researchers need only four locations and times to identify a particular user.

Matthew Garrett: Samsung notebooks’ UEFI-firmware gets locked when memory is full

According to the security expert, in order to function normally, the variable store must be less than 50% full.

Windows Blue Build Leaked

The developers managed to grant users with higher level of personalization control.

Five critical vulnerabilities found in Android-smartphones

Samsung was notified about the problems in January 2013 but didn’t respond to the researcher’s messages.

NATO: Killing hackers is justified

Commissioners made a couple of suggestions on how to make cyberwars more peaceful.

Chameleon botnet steals $ 6.2 million from advertisers per month

The botnet has about 120,000 hosts, located in the United States.

Trend Micro: SCADA-systems are the main target of hackers

Experts analyzed attacks on ICS / SCADA-device by setting up honeypot.

Google will pay $ 7 million for illegal interception of data transmitted over Wi-Fi

The company is accused of American citizens’ privacy breach while using the Street View program.

Attacks on Microsoft and Facebook carried out using mobile app development sites

Nearly 40 companies were the victims of such attacks over the last few months, including car manufacturers, U.S. government agencies and a candy company.

“Reporters Without Borders” named main enemies of the Internet

International organization published a new report containing a list of countries that are the main threat to the freedom of the Web.

Chinese authorities use Skype to spy on users

Database of tracked keywords of the Chinese Skype version contains thousands of items and is continually enlarging.

61-year-old hacker convicted in corporate hacking case

The former president of transportation logistics firm Exel hacked into the servers of his former employer.

SCADA-sandbox allows testing the impact of cyberattacks on critical infrastructure

The new organization, which operates in Montreal, is capable of finding methods to block cyberthreats in real time.

PayPal: The era of online passwords comes to an end

The company wants to use embedded fingerprint scanners on mobile phones to authenticate users.

US start unprecedented counter-attack on Chinese hackers

Such measures will be held as a response to attacks of Chinese hackers who are accused of stealing American industrial secrets.

Fake Chrome extension compromises Facebook profiles

Hackers use malware which allows them to gain full control over Facebook profiles.

KrebsOnSecurity: Bit9 Breach Started in July 2012

The custom-made malicious software was deployed last year in attacks against U.S. Defense contractors.

Hacker attacked the computers of Apple’s employees

The company said in a statement that sensitive information was not compromised.

More Than 6 000 Users Signed Microsoft’s “Scroogled” Petition

Analysts call Microsoft’s campaign a failure, if taking into account that only 0.002 percent of Google’s users signed the petition.

Rodpicom worm aims at infecting Skype and MSN Messenger users

The worm installs a backdoor on the user's system to download additional malware, sends spam, and connects to the C&C server to download its new versions.

YouTube will be blocked in Egypt for “Innocence of Muslims”

Google was not notified about the recent court ruling and didn't receive any orders.

Researchers warn about Whitehole Exploit Kit

New toolkit is notable for an ability to hide itself from antimalware detections.

MITRE: Three Possible Ways of New CVE Identification

New ways of identifying will give a possibility to register about 999 999 vulnerabilities per year.

Fortinet on “Crime-as-a-Service”

According to the company’s report, criminals are trying to create a definite structure in order to organize cybercrimes.

FBI busted cybercriminal ring responsible for $850 losses

Criminals infected the computers of Facebook users with the malware ‘Yahos’.

Iranian authorities have opened access to Gmail

Gmail is now available as users can no longer switch from Gmail to YouTube.

Operation b70: Microsoft has the right to take over domains

US District Court ruling allows Microsoft to take over domains related to the Nitol virus.

Insiders assisted the hackers to breach Saudi Aramco

The attack was carried out with the help of Shamoon - virus, which was distributed to the company’s intranet and deleted all the data from computers’ hard drives.

The Big Brother gathers IPs of BitTorrent users

The lists of BitTorrent users are usually updated once in three hours.

Antisec leak data on 12 million Apple clients

Hackers posted a file with 1 million Unique Device Identifiers.

Hackers repeatedly broke into Saudi Aramco

The second attack allowed the hackers to steal company’s confidential information.

Saudi Arabia's National Oil Company attacked with virus originated from external sources

In the official statement the company noted that roughly 30,000 workstations were affected via cyberattack.

Google: USA needs to ditch software patents

According to Google, software patents are not helpful to innovation.

Multiple vulnerabilities in Flash Player, Apache and Foxit Reader found and patched

Naked-Security.com recommends users to install security patches as soon as possible.

Crooks use iPhone rush to exploit fresh Flash Player flaw

The malicious .doc attachments contain CVE-2012-1535 exploit.

Krebs got new details about Grum botnet

The researcher claimed that the Grum control server hosted a large number of email addresses — more than 350 GB.

Court: Dotcom has the right to see FBI evidence against him

According to the judge, suppression of evidence limits Dotcom lawyers’ ability to participate in hearings.

Washington uses TrapWire technology to spy on people

Secret documents revealing the government spy network that uses ordinary surveillance cameras were leaked on WikiLeaks.

Google will punish pirate sites with low search rankings

Search ranking will depend on valid takedown notices from right holders.

"Kaspersky Lab" found new cyber-weapons used in the Middle East

The new virus affected the customers of Citibank and of the payment system Paypal.

Twitter disclosed the data of the user who threatened to attack people at the Broadway theatre

Subpoena allowed the NYPD to get the needed information and continue the investigation of the incident.

LinkedIn spent $1 million on data breach investigation

The company wants to implement more reliable technologies for users’ data protection to prevent data breaches in the future.

Breaking iCloud account allowed hackers to remotely wipe iPhone, iPad and MacBook Air

Hackers got access to journalist’s account via Apple tech support and some clever social engineering that let them bypass security questions.

Missile Defense Agency staff banned from surfing porn sites

Access to the pornography resources can result in disciplinary action for agency staff.

Linux-based systems affected by bogus leap second

Experts believe that under the guise of another time synchronization, Linux-based systems were the target of DoS-attack.

Ubisoft patch critical Uplay vulnerability

The Uplay flaw allowed specially crafted web pages to run arbitrary files.

Report: Free mobile apps pose security threats

The Appthority’s report indicates risks that top 50 free apps bring.

Leak cost Global Payments more than $100 million

Global Payments has paid $84 million for investigation and compensation and is going to pay additional $25-35 million next year.

Dr. Web discovers new cross platform Trojan

The BackDoor.DaVinci.1 malware features a special bomb module that can destroy an OS installation completely.

Intego spots new Mac OS X Trojan

Crisis malware could compromise a system with low level of privileges.

US President calls for Cybersecurity act 2012

Barack Obama encourages Congress to send him comprehensive legislation on cybersecurity.

Russian hacker arrested in Cyprus

The man is accused of conducting DDoS attacks on Amazon, Ebay and Priceline.

Criminals who stole money from bank accounts were arrested in Russia

Criminals had a hidden remote access to banks’ computers and that helped them to steal the money.

German police investigates Anonymous activities

German law enforcement agencies are interested in actions of the hacking group Anonymous aimed at the struggle against the spread of child pornography on the Internet.

American journalists can be prosecuted for leaked information

Lawmakers claim that journalists publish confidential information for personal gain, endangering U.S. national security.

The founder of poker site stole $ 430 million operating a Ponzi scheme

Full Tilt Poker CEO is accused of gambling, bank fraud, and money laundering offenses.

453,000 Yahoo! user creds leaked

Hackers claim that they used a union-based SQL injection method to penetrate Yahoo! subdomain.

Copyright infringement in Japan may result in jail sentence

The Recording Industry Association of Japan has developed a spying system, that  automatically detects the unauthorized music downloads.

Malware writers develop pricing system

According to Trusteer, malware writers implement an “a la carte” pricing system.

US Senate seeks control of data breach notification process

The government is trying to improve the process of notifying users about leaks of personal data.

Two co-founders of The Pirate Bay to appeal with the European Court of Human Rights

The process in the European Court of Human Rights can last for 4-5 years.

Fresh IE bug being actively exploited

IE 8 users are strongly recommended to upgrade or patch the browser.

Google calls government requests to censor Internet content “alarming”

Governments of different countries want to block mainly political content.

Skype is officially illegal in Ethiopia

Ethiopia authorities consider VoIP a threat to national security.

LinkedIn e-mail alerts erroneously considered to be spam

Social network reported that stolen user data was not compromised.

Last.fm passwords leaked

Popular internet radio confirmed the leak of the user passwords and reported the beginning of the investigation.

RIAA: Google and Bing should censor pirate sites

Search engines should implement specific mechanisms to reduce the number of pirate sites in search results.

Facebook notifies users of DNSChanger infection

A message from Facebook will contain a link to the DNSChanger Working Group's website, which provides all the necessary data about malware and instructions on how to remove it.

Kaspersky Lab labeled Mac OS X “really vulnerable”

Kaspersky Lab has recently initiated the analysis of the Mac platform.

Critical flaw in PHP found & patched

The vulnerability allows attacker to execute arbitrary code.

Children suffer from identity theft 35 times more often than adults.

Hackers are interested in identity of young children as they have yet to apply for anything to start a credit history.

“The Unknowns” attack NASA, ESA and US Air Force

The information posted on Pastebin includes usernames, passwords and other data obtained from the breached sites.

Iranian police finds evidence of cyberattacks on country’s ministries

Hackers recently attacked some of Iranian ministries and companies.

VKontakte used its users as bots in a DDoS attack

The most popular social network in Russia “VKontakte” used its users as bots in a DDoS attack against another Russian project antigate.com.

Chinese filmmakers accused YouTube of copyright infringement

The Hong Kong Motion Pictures Industry Association (MPIA) has found more than 500 illegally posted clips of 200 Hong Kong films on YouTube.

Windows 8 cred steal hole found

Hack tool will be presented by security expert called gentilkiwi.

Hackers attacked Iranian oil terminal

Sensitive information about Iran’s oil industry was not affected.

YouTube lost a lawsuit in Germany over music videos

During the court hearing the German industry group claimed that YouTube had not done enough to stop copyrighted clips being posted.

Anonymous launched a site to post any material with complete anonymity

The new site offers 256-bit AES encryption at the browser level.

"Dr. Web" informed about a botnet with 1,5 million hosts

Virus Win32.Rmnet.12 enables the attacker to execute any command on the user’s computer and even to crash down the operating system.

The Dutch Pirate Party filed a lawsuit against the anti-piracy organization

The Dutch Pirates claim that the actions of the anti-piracy organization are the violation of human rights.

Busty girl pic got hacker busted

FBI tracked down a hacker using his girlfriend’s photo.

Backdoor in HP ProCurve switches, act ASAP

Hewlett Packard issued a security advisory about HP ProCurve 5400 zl switches containing malware on CompactFlash (CF) cards.

Chinese app stores contain security vulnerabilities

The Chinese authorities are concerned about the security level in the app stores run by mobile operators China Mobile and China Telecom.

Backtrack Linux 1.7.2 released, patched security hole

Privilege escalation vulnerability was spotted during Ethical Hacking class organized by InfoSec Institute.

Former Intel’s employee stole company’s sensitive information worth $400 million

At the trial the defendant pleaded guilty to illegally downloading the valuable computer chip manufacturing and design documents.

Virus Flashback affected 550,000 PCs

Malware was able to infect 550,000 computers based on Mac OS X.

Twitter starts fighting spammers in court

Twitter has filed a lawsuit in San Francisco federal court against five "most aggressive" spammers.

Arizona officials intend to censor the Internet

According to the bill, any use of electronic and digital devices for intimidation, threats, harassment or abuse of people is considered to be illegal and prohibited.

Kelihos.B had found a new and social way to expand

The researchers claim that criminals are able to regain control of the infected computers.

At least 1,5 million Visa and MasterCard credit card numbers were compromised

Visa and MasterCard credit card numbers have been compromised by the Global Payments security breach.

Google patches 9 vulnerabilities in Chrome

Three of the fixed vulnerabilities have a high risk rank.

US authorities caught the most dangerous carder

Chris Aragon pled guilty to 50 felony counts and property damage of more than $ 1 million.

AWOL soldier stole Microsoft co-founder’s identity

AWOL soldier is accused of trying to conduct more than $15,000 using the debit card, he illegally obtained.

Internet Watch Foundation: Paedophiles hide child abuse images in web shops

The sites used by abusers look legitimate but paedophiles can reach the images via a route, which takes them to a specific section of the site.

French users of terrorist Web sites will be criminally punished

Users in France are banned from visiting web-sites that encourage terrorism or hate crimes.

14 bank websites contain XSS vulnerabilities

Criminals could use XSS vulnerabilities to hack into bank accounts of their victims.

LulzSec Welcome Back

The hacking group LulzSec announced that they would reboot on April 1, 2012.

Duqu development team is still operational

Creators of Duqu Trojan are developing their threat and using it in attacks.

CIA plans to use bugs in home appliances

CIA director is confident that home appliances with bugs will transform the art of spying.

Law enforcement agencies will use Microsoft PhotoDNA technology to fight child pornography

The technology will help to carry out child sex abuse investigations, rescue the victims and bring abusers to justice.

Thai authorities block 5 thousand sites insulting royals

Some critics claim that such actions of Thai authorities are just an attempt to censor the Internet more harshly.

Microsoft: Dorkbot operators built a botnet with substantial number of zombies

Worm Win32/Dorkbot features rootkit component and uses a simple IRC protocol to communicate with C&C servers.

Microsoft patches Remote Control Desktop Protocol bug

The bug would allow network execution without any authentication, and has all the ingredients for a class worm.

Yahoo! claims Facebook infringes 10 of its patents

The patents, mentioned by Yahoo!, are essential for the social network Facebook.

Google gave out $120 000 as Pwnium prize

Two security researchers managed to bypass Chrome’s sandbox.

Sabu cooperated with FBI immediately after his arrest

Sabu helped U.S. authorities to arrest five other members of the hacking group LulzSec.

Ukrainian government plans to impose taxes on Skype users

Users of Skype and other similar applications used for communication might be taxed.

Hackers stole Michael Jackson’s music catalogue from Sony

50,000 Michael Jackson’s music files were stolen as a result of security breach at Sony Music.

Anonymous DoS tool included Zeus Trojan

The Trojan was built into the tool that Anonymous use to perform DDoS attacks the same day as the FBI Megaupload raid.

Ireland passed a local SOPA

Irish authorities claim that the bill will be enforced with respect for the ISPs.

Irish Senators want ISPs to block child abuse material online

Irish ISPs were accused of dealing with the problems of copyright infringement more than child abuse images.

Interpol arrested 25 members of hactivists group Anonymous

The arrests were made in Argentina, Chile, Colombia and Spain, 250 items of computer equipment and cellphones were seized.

Megaupload founder remains a free man

In court Dotcom and his wife asked for permission to have access to $185,130 to pay rent of their mansion, security guards and other household staff’s services.

Microsoft warned about possible financial information leak

Microsoft Store India web-site hack could cause customers’ financial information leak.

Google will give $1 million for Chrome hacking

Developers claim that exploits for vulnerabilities in Chrome browser will help them to learn and develop.

Five million Stratfor emails published by WikiLeaks

Stratfor claims that WikiLeaks actions are an attempt to silence and intimidate the company.

USA put the usage of personal data under control

Companies should provide users appropriate control over their personal data, clear description why they need it and how they will use it.

Web firms agreed to support do-not-track technology

Do-not-track technology will provide people with more control over the personal data collected about them.

Megaupload founder released on bail

Kim Dotcom was released on bail, as he had no resources to flee New Zealand.

Credentials exposure vulnerability discovered in Windows

Local administrator can disclose credentials of authenticated users.

British ISPs might block The Pirate Bay

According to UK high court, The Pirate Bay unlawfully shared copyrighted music.

Regime’s supporters in Syria use spyware against opposition activists

Malware steals personal information of its victims and sends it to a server of a government-owned telecommunications company in Syria.

Most of DNS server implementations are vulnerable to DNS-poisoning attacks

A study revealed that cybercrooks can keep the domain names that had been deleted by upper level DNS servers resolvable.

Anonymous threaten to “kill” the Internet

After cutting DNS servers, the HTTP Internet will be disabled, because nobody will be able to perform a domain name lookup.

Ukrainian governmental web-sites faced heavy DDoS-attacks for closing file-sharing service ex.ua

Ex.ua, one of the largest file-sharing services, was shut down by officials in Ukraine.

Bosnian national collected and distributed a great amount of child porn

The agents of the Bosnian Federal Police’s cybercrime unit arrested a Bosnian hacker, after they discovered he stored and distributed a great deal of child porn pictures and videos.

LibreOffice fixes virus-friendly Word import flaw

The latest version of the software contains a fix for the problem.

Developer function enables phishing at American Express

The vulnerability is found in a debugging function that is reachable over the Internet without further protection.

Mozilla to Firefox users: Ditch crashtastic McAfee plugin

Mozilla is advising Firefox users to disable a McAfee plugin that the open-source browser supplier blames for a high volume of crashes.

Android malware under blog control says Trend Micro

Beware the Chinese e-book reader.

Rackspace spins up OpenStack Foundation

Rackspace is letting go of key components of the OpenStack Linux-for-the-cloud initiative it is helping to lead, with the creation of an OpenStack Foundation.

Does Gove’s webmail policy breach Data Protection Act too?

Does the use of Gmail or Hotmail by a Minister's Private Office (in order to evade Freedom of Information (FOI) obligations) also lead to breaches in the Data Protection Act? Well, I can see how this could be the case.

Mac malware uses Windows-style PDF camouflage ruse

Mac malware creators are adopting Windows malware camouflage trickery in a bid to trick users into running their malicious creations.

RBS megahack maestro sells flats to pay fine

A high-profile cybercrook who masterminded the $9m RBS Worldpay ATM heist in 2008 has sold two of his St Petersburg flats to pay off his fines.

Another Apache update due to byte range flaw

The new version corrects and complements the first fix, which was released only two weeks ago.

Sabu hacked a website forum alleged to be distributing child porn

Sabu has taken over a website dedicated to Asian games. In actual fact the site was distributing child porn

Kaspersky study finds Adobe software is biggest security risk

According to its newly released threat report for Q2 2011, software from anti-virus specialist Kaspersky Labs detected an average of twelve security vulnerabilities on its users' Windows systems.

The Case of Aaron Schwarz goes to Court

Schwarz is facing 35 years in prison and a $ 1 million fine under indictment.

Asian scammers hacked Irish computers to steal bank account details

Pseudo workers of Microsoft tricked Irish computer users.

WLAN Security Megaprimer DVD Released

SecurityTube.net released a DVD with over 40+HD videos containing 12+hours of Wireless Ownage.

UK police officers can check fingerprints on the spot now

UK police officers will have the new Mobile Identification service, which will allow them to scan the potential villain’s identity on the spot.

Lulz Security hackers attack Sun website

A group of hackers attacked the website of the British newspaper The Sun, owned by News International.

Oracle to patch 78 vulnerabilities

Oracle has announced that it plans to close a total of 78 security vulnerabilities.

Security Breach Found in International Monetary Fund

Foreign governments are accused of stealing sensitive information from International Monetary Fund.

Kino.to Shut Down by Police

Executed by Police raids in Germany, France, Spain and the Netherlands resulted in Kino.to shut down.

Sonny Suffers another Hack Attack

Personal information of 1 million Sony Pictures users has been exposed.

A $10 Million Worth Fraud

An identity theft costs Bank of America $10 million

DIY – First Malware Kit for Mac OS X Just For $1 000

A new malware kit discovered over this weekend brings advanced malware for Mac OS X users.

Mozilla Refused Homeland Security Request to Delete an Add-on

Mozilla decided to reject a request from the US Department of Homeland Security (DHS) to remove MAFIAAfire Redirector add-on.

Sony to Blame “Anonymous” for Successful Attacks on its Networks

During investigation security experts discovered that the intruders had planted a file on one of Sony`s Online Entertainment servers named “Anonymous” with the words “We are Legion.”

MACDefender – New Scareware for Mac OS X Users

New scareware spotted for Mac OS X users.

Adobe Implements Additional Privacy Enhancements for IE Users

Adobe announced that Flash Player 10.3 integrates with Internet Explorer`s Delete Browsing History.

Magix AG to Sue a Security Researcher

For reporting vulnerability you might be sued by a vendor.

FBI to Destroy Coreflood Botnet

A court has given the FBI permission to delete malware from infected computers.

Siemens May Have Helped to Create Stuxnet Malware

Siemens is accused of siphoning information about SCADA codes to a third party.

Remote Code Execution Vulnerability in Microsoft OpenType Font Driver

A remote attacker can execute arbitrary code on the target system.

Multiple Vulnerabilities in Linux kernel

SQL Injection Vulnerability in Piwigo

SQL inection vulnerability has been discovered in Piwigo.

Cross-site Scripting Vulnerability in DotNetNuke

A cross-site scripting (XSS) vulnerability has been discovered in DotNetNuke.

Cross-site Scripting Vulnerability in Hitachi Command Suite

A cross-site scripting vulnerability was found in Hitachi Command Suite.

Denial of service vulnerability in FreeBSD SCTP RE_CONFIG Chunk Handling

An attacker can perform a denial of service attack.

Denial of service vulnerability in Apache Traffic Server HTTP TRACE Max-Forwards

An attacker can perform a denial of service attack.

Denial of service vulnerability in MalwareBytes Anti-Exploit "mbae.sys"

An attacker can perform a denial of service attack.

Denial of service vulnerability in Linux Kernel splice

An attacker can perform a denial of service attack.

Denial of service vulnerability in Python Pillow Module PNG Text Chunks Decompression

An attacker can perform a denial of service attack.