RSS Subjects — Blogs about "Vulnerability"

Vulnerability

Google fixes severe Chrome flaws
2009-08-31 15:03:00
Google has been forced to release new security fixes for multiple high severity vulnerabilities in its Chrome browser which could lead to an attacker taking over a victim’s PC remotely. The flaws, which were issued as part of the Chrome 2.0.172.43 update sent automatically to users, include two rated ‘high severity’ and one ‘medium risk’, according ...

By: The Network Security. Org

WINS attacks now in the wild
2009-08-19 15:18:00
The "critical" WINS vulnerability that Microsoft issued a patch for last week is now being exploited actively in the wild, according to the SANS Institute. The Internet Storm Center (ISC), which is operated by SANS, is receiving preliminary reports that hackers are targeting Microsoft’s WINS service on Windows NT, 2000 and 2003 servers. WINS attacks now ...

By: The Network Security. Org

PC, Mac and Linux open to Abode Reader vulnerability
2009-04-30 04:20:00
This release is today 29 Apr 09: Adobe has acknowledged a security vulnerability in the newer readers (8.1.4 & 9.1) which may allow execution of arbitrary code with the privileges of the user running the application. The Linux versions definitely have the bug and other platforms that

By: Conference Room 4 (CR4)

Conficker reprogrammed for new attack run
2009-04-11 14:23:00
Researchers are warning that the Conficker worm has been reprogrammed to strengthen its defences and boost its ability to attack more machines. Conficker takes advantage of a vulnerability in Microsoft’s software, and has infected at least 3 million PCs and possibly as many as 12 million, making it into a huge botnet and one of the ...

By: The Network Security. Org

Security Vulnerability of a MNC Detected
2009-03-18 03:42:00
When I was trying to automate some tasks with Microsoft Excel, I was exploring a website of a MNC in detail. As I was browsing through different pages and exploring different permutations of the URLs, I got a great surprise. I was able to see information of clients that I am not supposed to be ...

By: First Million Challenge

How to Safeguard Against New IE Vulnerability
2008-12-17 14:59:00
From Extremetech: Internet Explorer has sprung a leak, and Microsoft advises that you batten down the hatches. A recent security advisory explains that a vulnerability in all modern versions of IE could allow an attacker to execute malicious code. As pointed out earlier, there are

By: Conference Room 4 (CR4)

Free eBook Download: Vulnerability Management for Dummies
2008-11-13 20:31:00
Original Post on The Sun's Financial Diary Free eBook Download: Vulnerability Management for Dummies Don’t know how useful this book is, but if you are interested, you can download a free copy of Vulnerability Management for Dummies. Here’s a brief description of the book: This eBook explains why businesses need vulnerability management and shows you how to ... Related posts:Quicken Online Review: A FREE Online Money Management ToolGet Your Free ZoneAlarm Pro Firewall TodayThe Secrets of Successful Credit ManagementGet Your Free EASEUS Partition Manager ProZecco Trading Promotion: A FREE Book Plus $20 Bonus

By: The Sun’s Financial Diary

Adobe Flash Player Clickjacking Vulnerability
2008-10-08 15:16:00
The recently reported clickjacking vulnerability affecting Adobe Flash Player could also allow a hacker to remotely activate a computer’s microphone and webcam (meaning they could see and hear what you were doing). The Adobe Security Blog is reporting that a Flash Player patch should be available by the end of October and until it is released, ...

By: Technology News and Software Reviews

Autodesk Design Review DWF Viewer Vulnerability
2008-09-30 19:21:00
Secunia is reporting a vulnerability with Autodesk’s Design Review DWF Viewer which can lead to a compromised PC. The vulnerability stems from a flaw in the ActiveX control including the insecure “SaveAs()” method. If exploited, arbitrary files on the compromised computer can be overwritten. This vulnerability was originally discovered by “bruiser” from Nine Situations Group and outlined ...

By: Technology News and Software Reviews

Vulnerability Management for Dummies
2008-07-30 05:42:00
Get all the Facts and See How to Implement a Successful Vulnerability Management Program. As a business owner, or someone responsible for network security within your organization, you need to understand how to prevent attacks and eliminate network weaknesses that leave your business exposed and at risk. Vulnerability Management for Dummies arms you with the facts and ...

By: Freeware Download List

Exploitation of Adobe Flash Vulnerability Cyber Alert
2008-06-01 00:00:00
A vulnerability that affects Adobe Flash Player is being actively exploited to install malicious software.

By: U.S. Government News Alerts

Exploitation of Adobe Flash Vulnerability Cyber Alert
2008-05-30 00:00:00
A vulnerability that affects Adobe Flash Player is being actively exploited to install malicious software.

By: U.S. Government News Alerts

Academic paper: Children and vulnerability in Tanzania: a brief synthesis
2008-05-29 20:58:00
Source: ELDIS Children and vulnerability in Tanzania: a brief synthesis Authors: Leach,V. Produced by: Research on Poverty Alleviation, Tanzania (2007) The intention of this paper is to highlight the key issues of children and vulnerability in Tanzania. The paper states that a national framework for social protection must be established to address these overwhelming facets of insecurity and vulnerability for ...

By: SocioLingo Africa

Advisory: CiscoWorks Arbitrary Code Execution Vulnerability
2008-05-29 03:56:00
Summary Name: CiscoWorks Arbitrary Code Execution Vulnerability Release Date: 28 May 2008 Reference: LSD003-2008 Discover: Dave Lewis CVE Number: CVE-2008-2054 Vendor: Cisco Systems Systems Affected: CiscoWorks Common Services (various versions): Cisco Unified Operations Manager (CUOM), Cisco Unified Service Monitor (CUSM), CiscoWorks QoS Policy Manager (QPM), CiscoWorks LAN Management Solution (LMS), Cisco Security Manager (CSM), Cisco TelePresence Readiness Assessment Manager (CTRAM) Risk: High Status: ...

By: Liquidmatrix Security Digest

Cognitive Vulnerability to Emotional Disorders | Medical Ebook
2008-05-23 18:52:00
DescriptionCognitive Vulnerability to Emotional Disorders Publisher: Lawrence Erlbaum AssociatesNumber Of Pages: 464Publication Date: 2005-08-16Sales Rank: 989294ISBN / ASIN: 0805857745EAN: 9780805857740Binding: PaperbackManufacturer: Lawrence Erlbaum AssociatesStudio: Lawrence Erlbaum AssociatesEmotional disorders such as anxiety, depression, and dysfunctional patterns of eating are clearly among the most devastating and prevalent confronting practitioners, and they have received much attention from researchers?in personality, social, cognitive, and developmental psychology, as well as in clinical psychology and psychiatry. A major recent focus has been cognitive vulnerability, which seems to set the stage for recurrences of symptoms and episodes. In the last five years there has been a rapid proliferation of studies. In this book, leading experts present the first broad synthesis of what we have now learned about the nature, of cognitive factors that seem to play a crucial role in...

By: e Medical Software

Trillian Hit With Security Bug
2008-05-23 15:23:00
From the Register: The discovery of a trio of security bugs means that users of the popular Trillian instant messaging client need to update their software. All three of the newly discovered bugs create a means for hackers to inject malware onto the PCs of surfers running vulnerable versions of the multi-protocol chat application from Cerulean Studios. ...

By: Liquidmatrix Security Digest

Vulnerability Management for Dummies
2008-05-22 21:20:00
Our friends at Qualys are offering free copies of the electronic version of Vulnerability Management for Dummies. Vulnerability Management for Dummies: Explains the critical need for vulnerability management Details the essential best-practice steps of a successful vulnerability management program Outlines the various vulnerability management solutions - including the advantages and disadvantages of each Highlights the award-winning QualysGuard vulnerability management solution Provides ...

By: Tech FAQ Blog

The SaaS Approach to Web (and Blog) Vulnerability Management
2008-05-22 10:22:00
Ask any CIO or CTO the number one concern or risk in implementing Software as a Service (SaaS) or Enterprise on-demand system, and they will most likely tell you security. Here is a good view last week from White Hat Security that explains people live in a false sense of security (no pun intended) when it ...

By: CRM Help Desk Software

Windows Vulnerability Scanner
2008-05-21 14:00:00
Windows system will never free from security issues. While this security issues will always haunted Windows users, what we can do is to make our system less insecure ( or more secure ) by updating our system with the right patch. Windows Vulnerability Scanner is a must-have Windows application that checks your Windows OS for Windows ...SHARETHIS.addEntry({ title: "Windows Vulnerability Scanner", url: "http://mytechquest.com/windows-/windows-vulnerability-scanner/-" });

By: My Tech Quest

Vulnerability Management for Dummies
2008-05-19 19:55:00
As a business owner, or someone responsible for network security within your organization, you need to understand how to prevent attacks and eliminate network weaknesses that leave your business exposed and at risk. Vulnerability Management for Dummies arms you with the facts and shows you how to implement a successful Vulnerability Management program. Whether your network consists of just a handful...

By: Asiaing.com

China upgrades nuclear enabled missiles, threat to India?
2008-05-17 19:53:00
China has completed the upgrade of its intermediate range CSS2 ballistic missiles in Tibet from liquid to solid fuel. Missile experts say the upgrade reduces the logistic train for these missiles and will enable shorter launch times, increasing India’s vulnerability to a pre-emptive strike. Read More… China’s Boomers [Ballistic missile submarines are called "boomers".] This summer’s public revelation that China ...

By: 1913 Intel

Vulnerability of ILL Appointments
2008-05-12 11:00:00
?If we look at the appointments and their office holder on national and provincial ministerial offices probably none of the individual qualifies as expert in the field on technical ground??????????. it?s not the expertise of your tenure and services as politician but your technical knowledge that takes you to a fruitful decision and long term benefit as nation?.

By: The Pakistani Spectaor

Microsoft News-Quicktime Flaw In Windows Could Be Dangerous
2008-05-06 22:04:00
Windows Media Player is the only video player that windows users can use in order to watch videos. It seems unlikely that anyone would use Quicktime to watch videos in Windows, since it?s mostly use for Apple computers. This should give you a reason why you shouldn?t use it. According to GNUCitizen’s blog, the exploit ...

By: Hyper Tech Ninja

Geographical location of Bangladesh and vulnerability to AIDS
2008-05-02 15:48:00
Bangladesh, with a population of 136 million, had about 13,000 adults and children living with HIV infection at the end 2002, according to UNAIDS estimates. However, only 248 HIV cases have actually been reported. Significant underreporting of cases occurs because of the country's limited voluntary testing and counseling capacity and the social stigma, which leads to the fear of being identified and detected as HIV positive. The HIV-prevalence rate among adults between the ages of 15 and 49 is still relatively low, at 0.1 percent of the population. As expected, rates are higher in specific groups, such as injecting drug users who have left treatment (1.7 percent) and commercial sex workers (0.5 percent), according to a national behavioral and serological surveillance undertaken in 2001. Although overall HIV prevalence is low, behavior patterns and extensive risk factors that facilitate the rapid spread of the infection are prevalent, making Bangladesh highly vulnerable to an HIV/...

By: hiv-aids awareness

Gmail Vulnerability caused Domain loss
2008-04-23 12:22:00
Even though this vulnerability has been fixed by now, I felt it was important to underline the dangers we face as we use global mail providers for all our personal/business communication needs. A couple of months ago David Airey’s blog was hacked. David Airey is a blogger and designer but you can read more about him ...

By: Domain Name News Blog

Microsoft discloses vulnerability affecting multiple Windows Versions
2008-04-22 16:59:00
After investigating public reports, Microsoft has published Microsoft Security Advisory 951306, which describes a vulnerability that affects multiple versions of Windows (including Windows XP Professional Service Pack 2, all supported versions and editions of Windows Server 2003, Windows Vista, Windows Vista Service Pack 1, and Windows Server 2008.) The newly found security flaw could potentially allow a malicious local ...

By: Windows Vista Compatible Software

Windows Vulnerability Scanner - Windows?????
2008-04-22 11:23:00
???????????????????????????????-?Windows???????????????????????-???????????????????????????????-??????????????????????OS???????-???????????????????????????????-???????Protector Plus for Windows????????????????????? ??????http://www.pspl.com/ ???? ESET SysInspector - NOD32??????????????? TrueTransparency - ???????? Active Lock - ??????????? ?????????? - WinDirStat ?????Premium(?????)??????? Auslogics Disk Defrag - ?????????????? Wow!USB Protector - ????????????????? Comodo AntiVirus - ????????

By: The Freebie Resources Network Group

Windows Vista One Year Vulnerability Report
2008-04-18 13:24:00
Windows Vista shipped to business customers on the last day of November 2006, so the end of November 2007 marks the one year anniversary for supported production use of the product. This paper analyzes the vulnerability disclosures and security updates for the first year of Windows Vista and looks at it in the context of its predecessor, Windows XP, along with other modern workstation operating systems Red Hat, Ubuntu and Apple products. The results of the analysis show that Windows Vista has an improved security vulnerability profile over its predecessor. Analysis of security updates also shows that Microsoft improvements to the security update process and development process have reduced the impact of security updates to Windows administrators significantly compared to its predecessor, Windows XP.Note that this report is an update to the previously published Windows Vista 90-Day Vulnerability Report and Windows Vista 6-Month Vulnerability Report. However, since one year is a more ...

By: Windows Vista Compatible Software

Wired?s Threat Level and the CIA
2008-04-15 16:47:00
I think that El Jefe must’ve slept in as the daily news isn’t up yet… I’m surprised at how quickly this story is spreading… It seems that the CIA has had a bit of an XSS problem (as it turns out, for a while now) and Wired’s Threat Level thought it would be a good one to ...

By: Liquidmatrix Security Digest

The First XP SP3 Security Vulnerability
2008-04-14 22:16:00
The third and final service pack for Windows XP is not even out, and Microsoft is already hammering away at it plugging security soles. Although it debuted in full development alongside Windows Vista SP1, Windows XP Service Pack 3 is yet to be finalized with the delivery planned by mid-2008. Since the end of March ...

By: Windows Guides | mintywhite.com

kb948590 - GDI Vulnerability , Microsoft security updates
2008-04-09 14:29:00
Vulnerabilities in GDI Could Allow Remote Code Execution (948590). Microsoft Security Bulletin MS08-021 (April 8, 2008)? Critical This security update - kb948590 - resolves two privately reported vulnerabilities in GDI, by modifying the way that GDI ...

By: ByREV Blog-u

Original iPhone DoS vulnerability still around in iPhone firmware v1.1.4?
2008-03-28 04:02:00
iPhoneWorld.ca: Recently we’ve decided to check up on a vulnerability originally discovered by Joshua Morin — it was the sort of code that would send iPhone’s Mobile Safari back to the Infinite Loop (for those that enjoy the puns). Originally we’ve reported that the issue was present in v1.1.3 firmware and traced it as ...

By: iPhone World

Hacker Torpedos Windows Server 2008 Security Design
2008-03-27 18:57:00
I can’t say that I’m overly surprised. I had loaded up a copy of 2008 that I received at Black Hat last year into a virtual machine. I poked around in it for a couple minutes and shut it down. I just didn’t have the stomach to deal with it at the time. Well, it ...

By: Liquidmatrix Security Digest

Cisco IOS Multiple Vulnerabilities
2008-03-27 13:44:00
Out today are multiple vulnerabilities from Cisco. There are patches available from Cisco to tackle data manipulation and denial of service issues in their IOS. From Secunia: Description: Some vulnerabilities have been reported in Cisco IOS, which can be exploited by malicious people to disclose sensitive information, manipulate certain data, or to cause a DoS (Denial of Service). 1) ...

By: Liquidmatrix Security Digest

Official Update: Sony say sorry for the Network Hack and PS3 Vulnerability
2008-03-27 13:21:00
As reported earlier on today about the PS3 Vulnerability and Network Hack which left weaknesses found on their PSN system (See Here), Sony have officially said sorry. Sony officially Apologizes for the PS3 Vulnerability and Network Hack, we deserve more than just an apology because this should never have happened. Hackers who discovered a way to hack ...

By: Product Reviews

Vulnerability in Microsoft Jet Database Engine (Jet) Could Allow Remote Cod
2008-03-22 11:26:00
I usually do not blog on Advisories we release as I guess that you subscribed to the corresponding alerts. If not, you should do that now here. This one is a little bit different as I know that quite some people within Microsoft are working during Easter because of this vulnerability. Therefore I want to make sure that you have seen it. Please read the Advisory called Vulnerability in Microsoft Jet Database Engine (Jet) Could Allow Remote Code Execution and make sure you do your proper risk assessment Roger

By: Roger's Security Blog

Overcoming Vulnerability to Rising Oil Prices: Options for Asia and the Pac
2008-03-21 07:08:00
Across Asia and the Pacific, soaring oil prices are threatening the prospects of millions of poor households – and posing an unforeseen challenge to the Millennium Development Goals. Since 2003, prices have been rising inexorably, from around US$22 to above US$80 a barrel now, and have been showing little sign of easing. Indeed, many developing countries in the region are likely...

By: Asiaing.com

Adobe Flash FLA File Parsing Vulnerabilities
2008-03-20 14:01:00
Adobe Flash is back in the news with a new vulnerability that affects how files are parsed. From Secunia: Description: cocoruder has reported some vulnerabilities in Adobe Flash, which can be exploited by malicious people to compromise a user’s system. The vulnerabilities are caused due to unspecified errors when parsing specially crafted FLA files. Successful exploitation may allow execution ...

By: Liquidmatrix Security Digest

First SCADA Vulnerability Database Launched
2008-03-13 18:28:00
Well, looky here. The folks at Wurldtech have launched a cyber security vulnerability database dedicated to SCADA. From The Standard: It is designed to provide vendors, operators, system integrators, and service providers unparalleled visibility into the reliability, safety and security of the systems and networks essential to the operation of the world’s critical infrastructure. Wurldtech CEO, Tyler Williams, ...

By: Liquidmatrix Security Digest

Office Fixes Dominate Microsoft Update
2008-03-12 12:38:00
Now that the dust is settling from yesterday’s “Patch Tuesday”, Office is the main culprit this time. There is a report from US-CERT that there is a trojan that leverages a hole in Excel making the rounds. From US-CERT: US-CERT is aware of public reports of a trojan that may exploit a vulnerability in Microsoft Excel. This ...

By: Liquidmatrix Security Digest

Vulnerability Scanner v5.1 Free Download
2008-03-12 01:06:00
Website security is possibly today's most overlooked aspect of securing the enterprise and should be a priority in any organization. Hackers are concentrating their efforts on web-based applications - shopping carts, forms, login pages, dynamic content, etc. Web applications are accessible 24 hours a day, 7 days a week and control valuable data since they often have direct access to backend data such as customer databases.Firewalls, SSL and locked-down servers are futile against web application hackingAny defense at network security level will provide no protection against web application attacks since they are launched on port 80 - which has to remain open. In addition, web applications are often tailor-made therefore tested less than off-the-shelf software and are more likely to have undiscovered vulnerabilities. Acunetix WVS automatically checks your web applications for SQL Injection, XSS & other web vulnerabilities. Download Web Vulnerability ScannerWebsites and related...

By: Google Tips And Tricks ,Hacking Tutorials

Advisory: Adobe LiveCycle Workflow XSS Vulnerability
2008-03-11 21:10:00
Summary Name: Adobe LiveCycle Workflow XSS Vulnerability Release Date: 11 March 2008 Reference: LSD002-2008 CVE Number: CVE-2008-1202 Discover: Dave Lewis Vendor: Adobe Systems Product: LiveCycle Workflow 6.2 Management Web Interface Systems Affected: version 6.2 (as tested) NB. Other versions may be affected. Risk: Important Status: Published Reference: 1) http://www.liquidmatrix.org/blo-g/2008/03/11/advisory-adobe--230;ility/ 2) http://www.adobe.com/support/se-curity/bulletins/apsb08-10.html- Time Line Discovered: 16 January 2008 Reported: 16 January 2008 Fixed: 5 March 2008 Patch Release: 11 March 2008 Published: 11 March ...

By: Liquidmatrix Security Digest

UNIX/Linux as a poor vulnerability target
2008-03-05 16:31:00
UNIX has some characteristics that make it less attractive for security attacksUnix is still primarily used on different platforms. This use, make the average UNIX user more knowledgeable about the operating system and security.There are many scripting techniques in UNIX.Unlike Windows, the scripting is not integrated into applications (such as Outlook and Word). In UNIX, scripts can be integrated into applications such as mail and word processing, but not to be _the default configuration_. This makes UNIX much less vulnerable than a Windows system that is running Outlook and allows users to commonly run Visual Basic scripts.Also the inability of a common user to alter an executable is a severe restriction on viruses and worms that depend on users to propagate their malware.On the other hand in Unix, Physical Security is somehow perfectly controlled:(monitoring hardware changes)A software tool library like kudzu, detects and configures new and/or changed hardware on a RedHat Linux s...

By: Foo bar Lab

Cult of the Dead Cow turns Google into a vulnerability scanner
2008-02-26 07:16:00
The "Cult of the Dead Cow" hacker group ? cDc for short ? has published a tool that searches for vulnerabilities and private information across the web. Using well-chosen Google search queries, Goolag Scan discovers links to vulnerable web applications, back doors, or documents inadvertently put on the internet that contain sensitive information.

By: The Network Security. Org

VMware Releases Security Alert
2008-02-25 15:48:00
From US-CERT: VMware has released a security alert in response to a vulnerability in Windows-hosted VMware Workstation, VMware Player, and VMware ACE. This vulnerability exists in the host-to-guest shared folders feature and allows applications running in the guest operating system to access the host operating system’s file system. Exploitation of this vulnerability may allow an ...

By: Liquidmatrix Security Digest

Security vulnerability on Joomla!
2008-02-24 13:03:00
The Joomla! Project announced immediate release of Joomla! 1.0.15 [Daytime]. This release addresses a security vulnerability and it is recommended that you upgrade immediately. Begin by testing on a backup copy of your site. Once you have verified that your site works as expected, backup your live site and upgrade as soon as possible.Read More here ...

By: Flash Enabled - Get Ready with Flash...

Network Security Assessment: From Vulnerability to Patch
2008-02-24 02:03:00
This book will take readers from the discovery of vulnerabilities and the creation of the corresponding exploits, through a complete security assessment, all the way through deploying patches against these vulnerabilities to protect their networks.* Unique coverage detailing both the management and technical skill and tools required to develop an effective vulnerability management system* Vulnerability management is rated the #2 most pressing concern for security professionals in a poll conducted by Information Security Magazine* Covers in the detail the vulnerability management lifecycle from discovery through patch.http://www.megaupload.com-/?d=8QGWFYJ1

By: TECH SHELF - The FreeTech Certification Book Libr

Apple iPhone DoS Vulnerability Exposed
2008-02-22 16:13:00
McAfee Avert Labs Blogger Jimmy Shah identified a Denial of Service vulnerability in the iPhone’s Safari browser in a blog post on Wednesday. “The researchers who found the vulnerability were looking for a method to unlock the filesystem on iPhones with the latest firmware (1.1.3). Unlocking the file system allows the installing of custom ringtones and third party applications. read it here crn.com

By: iPhonetunes

iPhone denial of service vulnerability discovered
2008-02-22 07:21:00
iPhone World: One of the McAfee Avert Labs bloggers Jimmy Shah has found Denial of Service vulnerability in iPhones Safari browser. “The researchers who found the vulnerability were looking for a method to unlock the file system on iPhones with the latest firmware (1.1.3). Unlocking the file system allows the installing of custom ringtones ...

By: iPhone World