NIST Site Search
Google
Web NIST.org
NIST.gov
Product Research

Advertise on this site
Headlines

»Mozilla Releases Firefox 3.6.9
»Apple Releases Safari 5.0.2 and 4.1.2
»Apple Releases iTunes 10
»Google Releases Chrome 6.0.472.53
»Insecure Loading of Dynamic Link Libraries in Windows Applications
»VMware Releases Updates for ESX Service Console Packages
»Cisco Releases Security Advisory for IOS XR Software Border Gateway Protocol
»RealNetworks Releases Update to Address Vulnerabilities in RealPlayer
»Cisco Releases Advisories for Unified Communications Manager and Unified Presence
»APWG Fax Back Phishing Education Program

Date published: not known
Details

»T-433: Security Advisory for Adobe Reader and Acrobat
Security Advisory for Adobe Reader and Acrobat
»T-432: Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code
Google Chrome Multiple Flaws Let Remote Users Execute Arbitrary Code
»T-431: Linux Kernel Null Pointer Dereference in irda_bind() May Let Local Users Gain Elevated Privileges
Linux Kernel Null Pointer Dereference in irda_bind() May Let Local Users Gain Elevated Privileges
»T-430: Apple QuickTime Flaw in QTPlugin.ocx ActiveX Control Lets Remote Users Execute Arbitrary Code
Apple QuickTime Flaw in QTPlugin.ocx ActiveX Control Lets Remote Users Execute Arbitrary Code
»T-429: WaspTime MS-SQL Database instance with blank password for sa account
WaspTime MS-SQL Database instance with blank password for sa account
»T-428: Vulnerability in Help and Support Center
Vulnerability in Help and Support Center
»T-427: VMWare WebAccess Vulnerability
VMWare WebAccess Vulnerability
»T-426: Microsoft Windows Shortcut 'LNK/PIF' Files Automatic File Execution Vulnerability
Microsoft Windows Shortcut 'LNK/PIF' Files Automatic File Execution Vulnerability
»T-425: Desktop Java running in web browsers
Desktop Java running in web browsers
»T-424: Windows TCP/IP Stack IcmpSendEcho2Ex() Bug Lets Local Users Deny Service
Windows TCP/IP Stack IcmpSendEcho2Ex() Bug Lets Local Users Deny Service
»T-423: Microsoft Security Advisory (2269637) - Insecure Library Loading Could Allow Remote Code Execution
Microsoft Security Advisory (2269637) - Insecure Library Loading Could Allow Remote Code Execution
»T-422: Adobe Flash Player and AIR (CVE-2010-2216) Unspecified Memory Corruption Vulnerability
Adobe Flash Player and AIR (CVE-2010-2216) Unspecified Memory Corruption Vulnerability
»T-421: Multiple CACTI Security Vulnerabilities
Multiple CACTI Security Vulnerabilities
»T-420: Microsoft Windows TCP/IP IPv6 Extension Header Remote Denial of Service Vulnerability
Microsoft Windows TCP/IP IPv6 Extension Header Remote Denial of Service Vulnerability
»T-419: PHP 'ibase_gen_id()' Function off-by-one Buffer Overflow Vulnerability
PHP 'ibase_gen_id()' Function off-by-one Buffer Overflow Vulnerability

Date published: not known
Details

»September issue of VB published
The September issue of Virus Bulletin is now available for subscribers to download.
»ARF published as IETF standard
Abuse report format helps auto-handling of email complaints
»Microsoft releases new fix for DLL vulnerability
Earlier workaround believed to be too complex for most users.
»Malicious tweets link to fake TweetDeck update
Twitter resets passwords for accounts that appear to have been hacked.
»94% of Internet users befriend unknown 'good-looking woman'
Sensitiva data shared after two-hour chat.
»Investment boost for Quick Heal
Indian security firm gets hefty cash injection.
»41% of spam sent via Rustock botnet
Botnet spam back after short summer break.
»Avast gets $100m investment boost
Growth equity firm invests in Czech firm
»Computer chip giant buys AV giant
Intel becomes new owner of McAfee for the princely sum of $7.8bn

Date published: not known
Details

»String Of Deals Shows Demand for Cloud-Based Authentication
Acquisitions highlight how authentication-as-a-service is now part of identity and access management ...
»Tech Insight: Retooling Vulnerability Scanning, Penetration Testing For IPv6
Traditional host discovery via network scanning won't work with IPv6, but alternative methods are av ...
»Five Ways To Stop Mass SQL Injection Attacks
The best practices for mitigating this popular form of attack often are not being deployed
»IPv6 Transition Poses New Security Threats
Next-generation IP protocol comes with more security as well as some potential flaws of its own ...
»Networked Scanners Offer A Window Into The Enterprise, Researcher Says
Emerging Web-based features make it possible to capture document contents remotely from networked sc ...
»U.S. Businesses Could Lose Up To $1 Billion In Online Banking Fraud This Year
Small- to midsized businesses taking the biggest hit, experts say, but consumer banking customers co ...
»Product Watch: Verizon, VMware Team Up With Hybrid Cloud Service
New Verizon service offers private public-cloud option
»Could USB Flash Drives Be Your Enterprise's Weakest Link?
The Pentagon last week conceded that a USB flash drive carried an attack program inside a classified ...
»Delaware Contractor Mistakenly Posts Personal Data Of 22,000 Employees
State of Delaware contractor Aon mistakenly posts personal data of 22,000 retirees without randomiza ...

Date published: not known
Details
Possible Cross-Platform 0Day in Apple's Quicktime Music Player
Apple's Quicktime music player in combination with Safari has been identified as the attack vector that won last week's $10,000 prize at the CanSecWest security conference in Vancouver. But it turns out that the vulnerability not only extends to other OSX browsers but also possibly to Windows and PPC Macs as well. Updated: Possible Exploit Released. Fix released on May 1st. See below.

[ Read the rest of the article... ]
Posted by NIST.org on Wednesday 25 April 2007 - 16:11:18 | Read/Post Comment: 0 |LAN_EMAIL_7 printer friendly

Reply to this COMLAN_321 COMLAN_322
Translate to: French German Italian Spanish Portuguese GTM_LAN_DUTCH Russian Chinese Arabic Korean English
Latest NIST.org news and comments
Google Ads




NIST Site Menu
·Home

NIST Security Books
NIST IT Security Books

Training / Books

»Security Certifications -
» CISSP, SSCP, Security+, etc.

»Computer Forensics

»Ethical Hacking

»Malware, Spyware, Viruses

»FISMA Compliance, Policies, etc

»PKI, Encryption, Smartcards

»Windows Security Guides

»HIPAA, SOX, CISP, etc.

NIST.org Security Bookstore
Current Security News
 
SANS Internet Storm Center, InfoCON: green

» Infocon: green

» Adobe Acrobat/Reader 0-day in Wild, Adobe Issues Advisory, (Wed, Sep 8th)
[08 Sep 2010 12:03pm]

» Mozilla Thunderbird updated to version 3.1.3 also, more here: http://www.mozillamessaging.com/en-US/thunderbird/3.1.3/releasenotes/, (Wed, Sep 8th)
[08 Sep 2010 11:46am]

» Patches issued for multiple vulnerabilities in Cisco Wireless LAN Contoller product family, more here: http://cisco.com/warp/public/707/cisco-sa-20100908-wlc.shtml, (Wed, Sep 8th)
[08 Sep 2010 09:59am]

» Mozilla's SeaMonkey version 2.0.7 released for Security Updates: http://www.seamonkey-project.org/releases/seamonkey2.0.7/, (Wed, Sep 8th)
[08 Sep 2010 09:59am]

» Firefox Releases Version 3.6.9 and 3.5.12 to fix Security Vulnerabilities: 3.6.9 is http://www.mozilla.com/en-US/firefox/3.6.9/releasenotes/ and 3.5.12 is http://www.mozilla.com/en-US/firefox/3.5.12/releasenotes/, (Wed, Sep 8th)
[08 Sep 2010 09:56am]

» SSH password authentication insight and analysis by DRG, (Tue, Sep 7th)
[07 Sep 2010 07:59am]

» US Department of Defense and National Policy, (Sun, Sep 5th)
[06 Sep 2010 08:16am]

» What's not to Like about "Like?", (Sat, Sep 4th)
[04 Sep 2010 12:46pm]

» Investigating Malicious Website Reports, (Sat, Sep 4th)
[04 Sep 2010 11:18am]

» Apple Releases Two Security Updates (One for OSX, One for iTunes) : http://support.apple.com/kb/HT4312 and http://support.apple.com/kb/HT4328, (Fri, Sep 3rd)
[03 Sep 2010 01:56pm]
***
CNET News.com

» Adobe warns of zero-day hole in Reader, Acrobat
[08 Sep 2010 11:34am]

» Antivirus isn't dead--it's growing up
[08 Sep 2010 05:00am]

» Mozilla fixes Firefox holes, curtails clickjacking
[08 Sep 2010 04:00am]

» Norton's new Power Eraser goes free
[08 Sep 2010 01:09am]

» Study: Two-thirds of Web surfers fall prey to online crime
[08 Sep 2010 01:01am]

» Trend Micro bets on the cloud
[07 Sep 2010 09:00pm]

» Court allows warrantless cell location tracking
[07 Sep 2010 02:44pm]

» Facebook closes hole that let spammers auto-post to walls, friends
[07 Sep 2010 01:37pm]

» Apple's Ping dinged by spam
[03 Sep 2010 08:01am]

» U.N. exec: Cyberwar could be 'worse than tsunami'
[03 Sep 2010 07:28am]

» Facebook adds new remote log-out security feature
[02 Sep 2010 02:30pm]

» Nigerian scam tops list of decade's online cons
[02 Sep 2010 11:16am]

» India wants local servers from RIM, Google, Skype
[02 Sep 2010 10:45am]

» Twitter plans to record all links clicked
[02 Sep 2010 12:33am]

» China requires cell phone subscriber IDs
[01 Sep 2010 05:40pm]
***
Computerworld Security News

» Hackers exploit new PDF zero-day bug, warns Adobe
[08 Sep 2010 02:09pm]

» Apple ships iOS 4.1, patches FaceTime flaw
[08 Sep 2010 01:16pm]

» Apple matches Mozilla, patches DLL hijacking bug in Safari
[08 Sep 2010 10:55am]

» Mozilla fixes Firefox's DLL load hijacking bug
[08 Sep 2010 04:53am]

» Symantec: Most hacking victims blame themselves
[08 Sep 2010 01:50am]

» Spammers exploit second Facebook bug in a week
[07 Sep 2010 01:58pm]

» More Security News
***


***


More IT Security
News Feeds
More Sponsors

Advertise on this site
NIST - Books You Need

NIST Bookstore
RSS Feeds
Our comments can be syndicated by using these rss feeds.
rss1.0
rss2.0
rdf
Add to NetVibes
Add to Bloglines
Add to NewsGator
Add to Google
Add to My Yahoo
Add to My MSN
Add to Technorati
Add to Pluckit
Add to My AOL
Subscribe in FeedLounge
Add to ProtoPage
Symantec News
Welcome
Username:

Password:


Remember me

[ ]
[ ]
[ ]
Other News

NIST.org is in no way connected to the U.S. government site NIST.gov

This site is © John Herron, CISSP. All Rights Reserved.

Please visit daily to stay up to date on all your IT Security compliance issues.

http://www.nist.org -
Hosted by BlueHost. We've never had a better hosting company.