4094 BAT/KillWin.NAN (3), BAT/Qhost.NBG, BAT/Qhost.NBN (3), BAT/StartPage.NAV (4), BAT/StartPage.NAW (5), IRC/SdBot, JS/Exploit.Pdfka.NKA (6), PDF/Exploit.Pidief.OMY, SWF/TrojanDownloader.Agent.BB, SWF/TrojanDownloader.Agent.NAW (2), Win32/Adware.AntiSpyware2008, Win32/Adware.BHO.GMI, Win32/Adware.BHO.NCX, Win32/Adware.Coolezweb (4), Win32/Adware.PersonalAntivirus (4), Win32/Adware.PrivacyComponents (5), Win32/Adware.SpywareProtect2009, Win32/Adware.SystemSecurity (4), Win32/Adware.Virtumonde (2), Win32/Adware.Virtumonde.NDH, Win32/Adware.WinPCDefender (4), Win32/Agent.NWW, Win32/Agent.NXT (8), Win32/Agent.OAF, Win32/Agent.PLF, Win32/Agent.PLG, Win32/AutoRun.ADR, Win32/AutoRun.Agent.FC, Win32/AutoRun.Autoit.AK, Win32/AutoRun.Autoit.P, Win32/AutoRun.FlyStudio.JN, Win32/BHO.NOE, Win32/BHO.NOR, Win32/BHO.NPD (4), Win32/Cimag.AL, Win32/Daonol.C (4), Win32/Delf.ODU (2), Win32/Dialer.NHM [...]
Posts Tagged ‘Lab’
OSS attacks will grow with adoption
OSS attacks will grow with adoption Open source software (OSS) is not impenetrable, and will likely be an increasing target of hackers if it grows in adoption, said a security expert. Speaking at a briefing Wednesday, Rohit Dhamankar, director of security research, DVLabs at TippingPoint, said computer criminals tend to work for profit gain and [...]
How much is your identity worth?
How much is your identity worth? HOW curious. Early this year my bank sent me a replacement credit card. I hadn’t asked for one, and the bank did not elaborate except to refer vaguely to “security” issues. I still don’t know why my card was replaced, but I have a hunch: a massive electronic heist [...]
Angered by Apple delay, hacker posts Mac Java attack code
Angered by Apple delay, hacker posts Mac Java attack code In an effort to draw attention to a long-standing security problem in Apple’s Mac OS X operating system, a security researcher has posted attack code that exploits the flaw. The software, which could be used by hackers to run an unauthorized system on a Mac, [...]
CiscoWorks TFTP Directory Traversal Vulnerability, (Wed, May 20th)
CiscoWorks TFTP Directory Traversal Vulnerability, (Wed, May 20th) Cisco has announced that a directory traversal flaw has been discovered in its CiscoWorks product line. According to the announcement: Products that have TFTP services enabled and that run CiscoWorks Common Services versions 3.0.x, 3.1.x, and 3.2.x are vulnerable. Only CiscoWorks Common Services systems running on Microsoft [...]
IBM AIX libc MALLOCDEBUG File Overwrite Vulnerability
iDefense Security Advisory 05.20.09: IBM AIX libc MALLOCDEBUG File Overwrite Vulnerability Posted by iDefense Labs on May 20 iDefense Security Advisory 05.19.09 labs.idefense.com/intelligence/vulnerabilities/ May 19, 2009 I. BACKGROUND IBM’s AIX is a Unix operating system based on System V, which runs on the PowerPC (PPC) architecture. For more information, visit the product web site at [...]
Multiple XSS in Sun Communications Express
CORE-2009-0109 – Multiple XSS in Sun Communications Express Posted by CORE Security Technologies Advisories on May 20 Core Security Technologies – CoreLabs Advisory http://www.coresecurity.com/corelabs/ Multiple XSS in Sun Communications Express 1. *Advisory… URL: http://seclists.org/fulldisclosure/2009/May/0177.html
Netbook comes with factory-sealed malware
Netbook comes with factory-sealed malware In a rare occurrence, a brand-new factory-sealed netbook has been found to contain malware, according to researchers at Kaspersky Labs. URL: http://feedproxy.google.com/~r/SCMagazineHome/~3/tO5uE3BHlkw/
Web Toolz, (Wed, May 20th)
Web Toolz, (Wed, May 20th) Ok, a couple of web app testing tools have been recently updated/released: My buddies Kevin Johnson, Justin Searle, and the rest of the SamuraiWTF dev team have released version 0.6 of the SamuraiWTF live web testing framework CD. From the announcement: The SamuraiWTF project team is proud to announce the [...]
Gone With the WINS – Part II, (Wed, May 20th)
Follow the Bouncing Malware: Gone With the WINS – Part II, (Wed, May 20th) Imagine, if you will, that you’re the newest contestant on the latest reality-tv show, Idle American Apprentice to the Dancing Bachelorette Stars. Like all good reality shows (now there’s an oxymoron…), you have the opportunity to earn your way to be [...]
Cybersecurity groups band together in malware fight
Cybersecurity groups band together in malware fight Three cybersecurity groups said Tuesday they plan to band together to combat the growing scourge of malware. The Anti-Spyware Coalition, National Cyber Security Alliance, and StopBadware.org said the Chain of Trust Initiative will link together vendors, researchers, government agencies, network providers, and other groups involved in internet security. [...]
Where is Vista SP2?
Where is Vista SP2? Even though Microsoft seems increasingly reticent to say the ¡§V¡¨ word (Vista), some users still do care. I¡¦ve had several readers ask me when the Redmondians are going to release Vista SP2 on the Microsoft Download site. The answer, from Microsoft, is no answer (beyond the already-stated ¡§some time in the [...]
HTC Hero Android firmware leaks onto a G1
HTC Hero Android firmware leaks onto a G1 he HTC Hero¡¦s Android firmware has been leaked onto the internet and wily hackers over at the XDA Developers Forum have managed to cram it inside a T-Mobile G1 (an HTC Dream by any other name). The new version of Android has some interesting new features and [...]
Microsoft takes Security Development Lifecycle to all developers
Microsoft takes Security Development Lifecycle to all developers Microsoft will launch new additions to its Security Development Lifecycle (SDL) programme today, designed to enable all software developers to integrate the SDL more tightly into the development process, and ultimately create a more secure software ecosystem. A free Visual Studio process template has been made available [...]
New DNS Bug and Fix Announced
New DNS Bug and Fix Announced Domain name registries are scrambling to patch a newly discovered bug in popular open source DNS software that could be exploited for denial-of-service attacks. The bug and a corresponding fix were announced Monday by NLnet Labs, a research group that provides authoritative domain name server software called NSD to [...]
