Monthly Archives: January 2013

Aerospace And Defense Firms Targeted With Clever Spear Phishing


January 31, 2013 By
The Vigilant Application Owner

Help Net Security – (National) Aerospace and defense firms targeted with clever spear phishing. A new spearphishing campaign is targeting directors, vice presidents, and other top management of companies in the aerospace and defense industry and the U.S. government via a malicious .PDF file, which, once opened, creates a permanent backdoor and exfiltrates data from […]

Continue reading...

Turkish Hackers Upload Malicious Browser Extension To Official Chrome Web Store


By
The Vigilant Application Owner

Softpedia – (International) Turkish hackers upload malicious browser extension to official Chrome web store. Kaspersky discovered that hackers are attempting to distribute malicious browser extensions through the official Google Chrome store. Google is attempting to remove the malware; similar fake extensions have been found for Mozilla’s Firefox browser. Source: http://news.softpedia.com/news/Turkish-Hackers-Upload-Malicious-Browser-Extension-to-Official-Chrome-Web-Store-325708.shtml

Continue reading...

Join Us: SANS Webcast – The Hidden Risk of Component Based Software Development


January 30, 2013 By
Emily Blades

Sonatype has teamed up with SANS institute to bring you this informative webcast: Best Practices for Managing Software Development Risks Eighty percent of a typical application is assembled from open source and proprietary components. Development teams turn to components to gain efficiencies and speed innovation. While the promise of components is significant, organizations must mitigate […]

Continue reading...

Over 85,000 HP Printers Found to be Publicly Accessible Via the Internet


January 29, 2013 By
The Vigilant Application Owner

Softpedia – (International) Over 85,000 HP printers found to be publicly accessible via the Internet. A software researcher discovered that over 85,000 printers made by HP are available via a focused Google search, allowing remote access. Source: http://news.softpedia.com/news/Over-85-000-HP-Printers-Found-to-Be-Publicly-Accessible-Via-the-Internet-324836.shtml

Continue reading...

Ruby On Rails 3.0.20 and 2.3.16 Released to Address Extremely Critical Vulnerability


By
The Vigilant Application Owner

Softpedia – (International) Ruby on Rails 3.0.20 and 2.3.16 released to address extremely critical vulnerability. The developers of Ruby on Rails released versions 3.0.20 and 2.3.16 and advised users to immediately apply the update to close a major vulnerability in past versions. Source: http://news.softpedia.com/news/Ruby-on-Rails-3-0-20-and-2-3-16-Released-to-Address-Extremely-Critical-Vulnerability-324866.shtml

Continue reading...

5 Years After Major DNS Flaw is Discovered, Few US Companies Have Deployed Long-term Fix


By
The Vigilant Application Owner

Network World – (International) 5 years after major DNS flaw is discovered, few US companies have deployed long-term fix. Very few U.S. online retailers, internet service providers (ISP), and financial institutions have implemented a major vulnerability in the Domain Name System (DNS), five years after the vulnerability was discovered. Source: http://www.networkworld.com/news/2013/012913-dnssec-266197.html

Continue reading...

Security Hole Found on IO, AC, SH, TM Domain Registrar Sites


January 28, 2013 By
The Vigilant Application Owner

Softpedia – (International) Security hole found on IO, AC, SH, TM domain registrar sites. Hacker recently uncovered a vulnerability in the Web sites of domain registrars who oversee the .io (Indian Ocean), .tm (Turkmenistan), .ac (Ascension Island), and .sh (Saint Helena) domains that allow attackers to gain access – 8 – to DNS records. Source: […]

Continue reading...

SCADA Password Cracking Code Available


January 25, 2013 By
The Vigilant Application Owner

Help Net Security – (International) SCADA password cracking code available. The Industrial Control Systems Cyber Emergency Response Team (ICSCERT) warned that a proof-of-concept exploit code was released that can brute force passwords to programmable logic controllers (PLC) before the vulnerability could be addressed by the manufacturer, Siemens. Source: http://www.net-security.org/secworld.php?id=14303

Continue reading...

GitHub Forced To Diable Search After Exposing Private SSH Keys


By
The Vigilant Application Owner

Softpedia – (International) GitHub forced to disable search after exposing private SSH keys. GitHub disabled its new search function after it returned results that included private Secure Shell (SSH) keys used by several Web sites. Source: http://news.softpedia.com/news/GitHub-Forced-to-Disable-Search-After-Exposing-Private-SSH-Keys-324200.shtml

Continue reading...

Web Server Hackers Install Rogue Apache Modules And SSH Backdoors, Researchers Say


January 24, 2013 By
The Vigilant Application Owner

IDG News Service – (International) Web server hackers install rogue Apache modules and SSH backdoors, researchers say. Researchers from Securi reported that a group of attackers using rogue Apache modules has been replacing Secure Shell (SSH) binary files in compromised servers with backdoored versions that collect user information and passwords from incoming and outgoing SSH […]

Continue reading...