Internet Storm Center
Training
Certification
Cyber Security Graduate School
Security Awareness Training
Computer Forensics
Penetration Testing
IT Audit
Software Security
We also offer the following RSS Feeds:
- ISC Diaries (headline + first sentence)
- ISC Diaries with content (headline + full content)
- Security News Feeds (same as the 'Last 20' list here)
- Security News feed selected and rated by the handlers
We do collect a number of security related news feeds in this page. To suggest additional news sources or suggest other changes, use our contact form. We try hard to keep the feeds RSS, XML, CSS, RFC, IETF, ISO, DIN, TüV, ANSI compliant, but may fail occasionally. Let us know if things don't work for you and we may fix it.
Last 20
- US power grid the target of 'numerous and daily' cyber-attacks
- Wireshark 1.10.0rc2 is now available http://www.wireshark.org/download.html, (Thu, May 23rd)
- 3D Printers For Peace Contest
- Apple QuickTime 7.7.4 for Windows updated, MANY security vulnerabilities: http://support.apple.com/kb/HT1222, (Wed, May 22nd)
- Chrome 24.0.1312.52 has been updated for Windows, Mac, Linux, and Chrome Frame, (Wed, May 22nd)
- Dish on national security PR offensive against SoftBank
- Rough Roving: Curiosity's Wheels Show Damage
- Intel's Linux OpenGL Driver Faster Than Apple's OS X Driver
- Twitter locks down logins by adding two-factor authentication
- Four Ways ShoreTel Dock Helps Drive UC
- Tesla Motors Repays $465M Government Loan 9 Years Early
- MS13-037 - Critical : Cumulative Security Update for Internet Explorer (2829530) - Version: 1.1
- MS12-081 - Critical : Vulnerability in Windows File Handling Component Could Allow Remote Code Execution (2758857) - Version: 1.1
- Twitter beefs up security after hacking spree on media
- Check Out BI Blogger Datakeyworld!
- Why the 'Star Trek Computer' Will Be Open Source and Apache Licensed
- How to Stop Worrying and Love Twitter's New Two-Factor Verification
- Solving VDI Problems with SSDs and Data Deduplication
- "IPv6 Multicast Address Scopes" - Ralph Droms
- Vuln: RadioCMS 'playlist_id' Parameter SQL Injection Vulnerability
InternetStormCenter
- Wireshark 1.10.0rc2 is now available http://www.wireshark.org/download.html, (Thu, May 23rd)
- Apple QuickTime 7.7.4 for Windows updated, MANY security vulnerabilities: http://support.apple.com/kb/HT1222, (Wed, May 22nd)
- Chrome 24.0.1312.52 has been updated for Windows, Mac, Linux, and Chrome Frame, (Wed, May 22nd)
- Wireshark 1.8.7 and 1.6.15 Released http://www.wireshark.org/news/20130517.html, (Wed, May 22nd)
- Privilege escalation, why should I care?, (Wed, May 22nd)
- ISC StormCast for Wednesday, May 22nd 2013 http://isc.sans.edu/podcastdetail.html?id=3323, (Wed, May 22nd)
- Chrome 27 stable released http://googlechromereleases.blogspot.ca/ some security fixes, (Tue, May 21st)
- Moore, Oklahoma tornado charitable organization scams, malware, and phishing, (Tue, May 21st)
- ISC StormCast for Tuesday, May 21st 2013 http://isc.sans.edu/podcastdetail.html?id=3320, (Tue, May 21st)
- Safe - Tools, Tactics and Techniques, (Mon, May 20th)
- Ubuntu Package available to submit firewall logs to DShield, (Mon, May 20th)
- Sysinternals Updates for Accesschk, Procdump, RAMMap and Strings http://blogs.technet.com/b/sysinternals/archive/2013/05/17/updates-accesschk-v5-11-procdump-v6-0-rammap-v1-22-strings-v2-51.aspx, (Mon, May 20th)
- ISC StormCast for Monday, May 20th 2013 http://isc.sans.edu/podcastdetail.html?id=3317, (Mon, May 20th)
- Port 51616 - Got Packets?, (Sun, May 19th)
- SSL: Another reason not to ignore IPv6, (Fri, May 17th)
- ISC StormCast for Friday, May 17th 2013 http://isc.sans.edu/podcastdetail.html?id=3314, (Fri, May 17th)
- e-netprotections.su ?, (Fri, May 17th)
- Extracting signatures from Apple .apps, (Thu, May 16th)
- Cisco TelePresence Supervisor MSE 8050 Denial of Service Vulnerability, (Thu, May 16th)
- ISC StormCast for Thursday, May 16th 2013 http://isc.sans.edu/podcastdetail.html?id=3311, (Thu, May 16th)
SANS Newsbites
- Apple iOS Approved for US Military Use (May 17 & 19, 2013)
- Future Version of Firefox Will Block Mixed Active Content by Default (May 17, 2013)
- Proposed Legislation Would Require Feds to Obtain Warrant to Seize Phone Records (May 16, 2013)
- SSL: Another Reason Not to Ignore IPv6 (May 17, 2013)
- Australian Government Shuts Down 1,200 Sites in Effort to Target Just One (May 17, 2013)
- Chinese Hackers Accessed Google's Surveillance Database (May 20, 2013)
- Chinese Hackers Resume Attacks on US Organizations (May 20, 2013)
- Federal Agency Seeks Funding for Research Into Security Issues of Automated Cars and Associated Networks (May 17 & 18, 2013)
- Italian Police Arrest Alleged Anonymous Members (May 17 & 19, 2013)
- Mac OS X Malware Found on Human Rights Activist's Laptop May Have Ties to Cyberespionage-for-Hire Service (May 16 & 17, 2013)
- Man Jailed for Role in Skimming Scheme Develops Anti-Skimming Device (May 17, 2013)
- SafeNet Cyberespionage Campaign Detected (May 17 & 20, 2013)
- Vendors Want Cybersecurity Rule Freeze Until National Standards are Issued (May 17, 2013)
- Adobe Issues Updates for Multiple Products (May 14, 2013)
- Attorney General Tells Senate Judiciary Committee That Government Should Get Warrants to Access Stored Cloud Content (May 16, 2013)
- California's Mobile App Privacy Law Test Case Unsuccessful (May 14, 2013)
- Critical Linux Kernel Flaw Patched, Exploit Code Released (May 15, 2013)
- FBI Shares Information About Financial Site DDoS Attacks With Bank Officials (May 14, 2013)
- IRS Sued for Allegedly Stealing Electronic Health Records of 10 Million Individuals (May 15, 2013)
- LulzSec Hackers Sentenced (May 16, 2013)
SANS @Risk
- (1) HIGH: Google Chrome Sandbox Escapes
- (2) HIGH: Microsoft Remote Desktop Protocol Vulnerability
- (3) HIGH: Mozilla Firefox Use-After-Free Vulnerability
- (2) MEDIUM: Google Chrome Multiple Vulnerabilities
- (1) HIGH: Samba Remote Code Execution Vulnerability
- (2) HIGH: Mozilla Firefox png_decompress_chunk Integer Overflow
- (3) HIGH: Adobe Flash Player Multiple Security Vulnerabilities
- (4) MEDIUM: Google Chrome Multiple Security Vulnerabilities
- (1) HIGH: Microsoft Patch Tuesday Vulnerabilities
- (2) HIGH: Mozilla Firefox Use-After-Free Vulnerability
- (3) HIGH: Adobe Shockwave Player Multiple Vulnerabilities
- (4) HIGH: Horde Groupware Webmail Edition Unauthenticated PHP Execution
- (5) MEDIUM: Google Chrome Multiple Security Vulnerabilities
- (2) MEDIUM: Novell iPrint Server Buffer Overflow
- (1) MEDIUM: Mozilla Firefox Multiple Security Vulnerabilities
- (2) MEDIUM: Symantec PCAnywhere Buffer Overflow
- (1) MEDIUM: Google Chrome Stable Channel Updates
- (3) HIGH: HP Easy Printer Care Multiple ActiveX Vulnerabilities
- (2) HIGH: McAfee Security-as-a-Service ActiveX Control
- (1) HIGH: HP Insight Diagnostics Buffer Overflow
SANS Reading Room
- Event Monitoring and Incident Response
- Dead Linux Machines Do Tell Tales
- Setting Up a Database Security Logging and Monitoring Program
- Managing the Implementation of a BYOD Policy
- Analysis of the building blocks and attack vectors associated with the Unified Extensible Firmware Interface (UEFI)
- Log2Pcap
- Information Risks & Risk Management
- Methodology for Firewall Reviews for PCI Compliance
- Using IOC (Indicators of Compromise) in Malware Forensics
- Analyzing Polycom® Video Conference Traffic
- Custom Full Packet Capture System
- Implementing a Vulnerability Management Process
- InfoWar: Cyber Terrorism in the 21st Century Can SCADA Systems Be Successfully Defended, or are They Our "Achilles Heel"?
- Website Security for Mobile
- Securing BYOD With Network Access Control, a Case Study
- Creating a Bastioned Centralized Audit Server with GroundWork Open Source Log Monitoring for Event Signatures
- Detecting DNS Tunneling
- Indicators of Compromise in Memory Forensics
- Detecting Malicious DNS Traffic
- AirNIDS: The Need for Intrusion Detection on the Wireless Ether
Application Security Streetfighter Blog
- "Security Testing: Less, but More Often can make a Big Difference"
- "Ask the Expert - Dan Cornell"
- "Ask the Expert - Jim Manico"
- "Ask the Expert - James Jardine"
- "Ask the Expert - Johannes Ullrich"
- "Ask the Expert - John Steven"
- "How much do developers care about security?"
- "SANS Appsec Survey"
- Ask the Expert – Johannes Ullrich
- Ask the Expert – John Steven
- Ask the Expert – James Jardine
- How much do developers care about security?
- Ask the Expert – Rohit Sethi
- What Appsec can learn from Devops
- Different ways of looking at security bugs
- Ask the Expert – Nick Galbreath
- Ask the Expert – Chenxi Wang
- Ask the Expert – Jeremiah Grossman
- Forms Authentication: Remember Me? Its Hard Not Too!
- What’s the point of application pen testing?
CGISecurity.com
- Secure Application Development on Facebook Platform
- TJX Hacker Gets Pwned, 20 Years In Prison
- Random FireFox URL handling Behavior
- Cryptography experts bicker with former NSA director at RSA panel
- Watcher 1.3.0 passive Web-vulnerability testing tool released
- Web Security Dojo v1.0 release
- XSS, SQL Injection and Fuzzing Barcode Cheat Sheet
- Multiple Adobe products vulnerable to XML External Entity Injection And XML Injection
- Post on Abusing Windows Communication Foundation to Perform Remote Port Scans
- 2010 SANS Top 25 Most Dangerous Programming Errors Released
- Larry Suto Web Application Security Scanner Comparison Report Inaccurate Vendors Say
- R.I.P. Apache 1.x: Apache 1.3.42 marks of end life
- Nikto version 2.1.1 released
- Weaning the Web off of Session Cookies Making Digest Authentication Viable
- WASC RSA Meet-Up 2010!
- Facebook security pretty much what you'd expect?
- Hacker Messes With Student's Schedule
- WASC Threat Classification to OWASP Top Ten RC1 Mapping
- Announcement: WASC Threat Classification v2 is Out!
- Stephen Watt sentenced to 2 years in prison for role in TJX
E-Week Security
- 10 Disruptive Online Services Enterprises Should Ban From the Network
- McAfee Buys Stonesoft to Bolster Content-Aware Firewall Security
- U.S. Aims to Force Web Services to Compromise Message Encryption
- Zero-Day Exploit Enabled Cyber-Attack on U.S. Labor Department
- Two-Factor Authentication: Myths Versus Reality
- BlackBerry Suffers Outage as DOD Approves BlackBerry, Samsung Use
- Hackers Turned Defense Contractor QinetiQ Into Intelligence Playground
- Apple, Verizon, Amazon Score Low Marks on User Data Protection
- Verizon, MySpace Fail Data Protection Test: EFF
- U.S. Seeks Power to Wiretap Web Services, Including Google, Facebook
- Stealthy Apache Exploit Redirects Victims to Blackhole Malware
- Novell Filr Secures Mobile File Sharing for the Enterprise
- BYOD Growth to Continue Through 2017: Gartner
- Password Reuse Remains a Danger After Living Social Breach
- Fortinet Debuts Secure Wireless LAN Platform
- Spamhaus DDoS Attack Investigation Results in Arrest of Dutch Man
- Cyber-Conflict Escalates in Midst of North Korean Tensions
- AT&T Enters Home Security Market With IP-Based Digital Life
- Phishers Breaking Into Web Hosting Servers to Launch Mass Attacks
- AT&T Launches Digital Life Home Security System in 15 Markets
Network Computing Security
- Solving VDI Problems with SSDs and Data Deduplication
- Google's Wireless Sensors: Big Data or Big Brother?
- VMware Reveals Hybrid Cloud Details
- Aruba's 802.11ac Rollout Cleans Up Sticky Clients
- EMC Navigates the IT Transformation Waters
- VMware Hybrid Cloud Plans: Time For Amazon Answer
- Why Corporate File Sharing Services Can't Compete
- Veeam Courts Enterprises With WAN Acceleration
- Google, NASA Team On Quantum Computing
- Networking Gets Interesting Again
- Smartphone Theft: What Is Best Defense?
- Amazon, Microsoft Partner Up for Cloud Management
- Fusion-io Leaders Step Down in Executive-Suite Turmoil
- VMware Fights Android BYOD Headaches
- Eliminating Noisy Neighbors in the Public Cloud
- At EMC, Scale Out Storage Grows Up
- Motorola Launches 802.11ac APs
- Iron Mountain Opens Underground Data Center to All
- Inside Google's Software-Defined Network
- Software Hot, Hardware Not, At EMC World, Interop
Microsoft
- MS13-037 - Critical : Cumulative Security Update for Internet Explorer (2829530) - Version: 1.1
- MS12-081 - Critical : Vulnerability in Windows File Handling Component Could Allow Remote Code Execution (2758857) - Version: 1.1
- MS13-045 - Important : Vulnerability in Windows Essentials Could Allow Information Disclosure (2813707) - Version: 1.1
- MS13-009 - Critical : Cumulative Security Update for Internet Explorer (2792100) - Version: 1.2
- MS13-037 - Critical : Cumulative Security Update for Internet Explorer (2829530) - Version: 1.0
- MS13-038 - Critical : Security Update for Internet Explorer (2847204) - Version: 1.0
- MS13-039 - Important : Vulnerability in HTTP.sys Could Allow Denial of Service (2829254) - Version: 1.0
- MS13-040 - Important : Vulnerabilities in .NET Framework Could Allow Spoofing (2836440) - Version: 1.0
- MS13-041 - Important : Vulnerability in Lync Could Allow Remote Code Execution (2834695) - Version: 1.0
- MS13-042 - Important : Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution (2830397) - Version: 1.0
- MS13-043 - Important : Vulnerability in Microsoft Word Could Allow Remote Code Execution (2830399) - Version: 1.0
- MS13-044 - Important : Vulnerability in Microsoft Visio Could Allow Information Disclosure (2834692) - Version: 1.0
- MS13-045 - Important : Vulnerability in Windows Essentials Could Allow Information Disclosure (2813707) - Version: 1.0
- MS13-046 - Important : Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation Of Privilege (2840221) - Version: 1.0
- MS12-043 - Critical : Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (2722479) - Version: 4.2
- MS13-031 - Important : Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2813170) - Version: 1.1
- MS13-036 - Important : Vulnerabilities in Kernel-Mode Driver Could Allow Elevation Of Privilege (2829996) - Version: 3.1
- MS13-028 - Critical : Cumulative Security Update for Internet Explorer (2817183) - Version: 1.1
- MS13-036 - Important : Vulnerabilities in Kernel-Mode Driver Could Allow Elevation Of Privilege (2829996) - Version: 3.0
- MS13-036 - Important : Vulnerabilities in Kernel-Mode Driver Could Allow Elevation Of Privilege (2829996) - Version: 2.1
NetworkWorld Virus/Worms
- iOS app contains potential malware
- Bad Kaspersky antivirus update prevents business and home users from accessing websites
- Antivirus software a waste of money for businesses, report suggests
- Cisco recommends McAfee switch for IronPort customers hit by Sophos flaws
- Researcher warns "zombie browsers" are skyrocketing
- Antivirus evaluation puts Kaspersky and Symantec on top
- Application whitelisting is a viable option when you can leverage software signing
- Future cyber attacks could rival 9-11, cripple US, warns Panetta
- Poisoned links plague Microsoft’s Bing search
- Mass-distributed malware reaches critical mass
- Whitelisting pushing out antivirus at some security-minded retailers
- FTC gets $163 million ruling against scareware defendant
- Free security products out there for the asking
- Sophos antivirus snafu lingers on
- Your PC may come with malware pre-installed
- Antivirus suites struggle to defend against recent exploit-based attacks
- Mahdi cyberespionage malware infects computers in Iran, Israel, other Middle Eastern countries
- 10 crazy IT security tricks that actually work
- How to Keep Your Employees Happy With Their Company PCs (Without Losing Control of Your IT)
- Researchers find ways to bypass Google's Android malware scanner
NetworkWorld Security
- Blue Coat Systems to acquire security analytics firm Solera Networks
- Growing mobile malware threat swirls (mostly) around Android
- New Citadel malware variant targets Payza online payment platform
- Digital strongboxes won't solve whistleblower problem for journalists
- Microsoft may be scanning your Skype messages
- Opinion varies on action against Chinese cyberattacks
- Researchers find critical vulnerabilities in popular game engines
- U.S. power companies under frequent cyberattack
- IntegriCell's Aaron Turner: Security managers still don't get mobile security
- Pressure mounts for building in security during application development
- Senate report: Apple claims subsidiaries with no taxing jurisdiction
- Successful companies embrace shadow IT
- Researchers uncover new global cyberespionage operation dubbed Safe
- Chinese hackers master art of lying low
- Security Manager's Journal: NAC deployment means better access control at last
- Yahoo Japan says 22 million user IDs may have been stolen
- Alleged tech support scammers settle FTC charges
- Experts ding DHS vulnerability sharing plan as too limited
- Police arrest Anonymous suspects in Italy
- Researchers uncover new global cyberespionage operation dubbed SafeNet
NWC Security
- Anti-Spam Server Fits The Job
- Rolling Review: Patch Up Your Windows
- Rolling Review: LANDesk Patch Manager
- StillSecure Steps Up
- Rolling Review: BigFix Enterprise Suite 7.0.7.96
- 7 Whole-Disk Encryption Apps Put A Lock On Data
- Rolling Review Kickoff: Network Behavior Analysis Systems
- Rollout: Mazu Profiler 8
- From The Labs: Palo Alto's Firewall Appliance
- Nevis Nails In-Band NAC
- Rolling Review: Shavlik Technologies NetChk Protect 5.9
- In-Band NAC: Three Products You Should Know About
- Log Management Gets SLIM
- Rolling Review: Host-Based NAC
- Vernier's In-Band NAC Product Takes Work
- Rollout: Vernier Networks' Control Server and EdgeWall 8800
- Analysis: PC Control
- PatchLink's Sanctuary
- RippleTech's Informant
- Identity Theft Has Gone to the Dogs
The Register
- US power grid the target of 'numerous and daily' cyber-attacks
- Twitter locks down logins by adding two-factor authentication
- Press exposure of Federal data security hole leads to legal threats
- Big Brother security tech gets $20m
- Facebook teens' kimonos - basically never closed
- Blue Coat gobbles CCTV-for-network-traffic maker Solera
- Camby cash crypto-coders Cronto chomped on pronto by Vasco
- Embedded systems vendors careless says Metasploit author
- Aurora attack tried to pinch secret list of Chinese spies
- Embedded systems vendors careless says Metasploit author HD Moore
- Anonymous threat shutters Gitmo WiFi
- Syrian hacktivists hijack <em>Telegraph</em>'s Facebook, Twitter accounts
- A backdoor into Skype for the Feds? You're joking...
- 'Lab-smashing' Stuxnet HELPED Iran's nuke effort, says brainiac
- 'Nuke-busting' Stuxnet BOOSTED Iran nuke effort, says brainiac
- 'Nuke-busting' Stuxnet HELPED Iranian nuke project, says boffin
- Indian 'attacks' Norwegian telco to get at Pakistan, China
- Securo-boffins uncover new GLOBAL cyber-espionage operation
- Marks & Sparks accused of silently bonking punters over the tills
- Gay marriage? We'll put a stop to that 'bug', says Nintendo
SecurityFocus News
- News: Change in Focus
- News: Google: 'no timetable' on China talks
- News: 'Severe' OpenSSL vuln busts public key crypto
- News: Monster botnet held 800,000 people's details
- News: Latvian hacker tweets hard on banking whistle
- News: MS uses court order to take out Waledac botnet
- News: Almost 2,500 firms breached in ongoing hack attack
- News: Two Chinese schools implicated in Google Aurora attacks
- News: Adobe pushes out Flash security fix
- Brief: Google offers bounty on browser bugs
- News: CIA, PayPal under bizarre SSL assault
- News: Most consumers reuse banking passwords
- Brief: Cyberattacks from U.S. "greatest concern"
- Brief: Microsoft patches as fraudsters target IE flaw
- Brief: MS readies patch, as fraudsters target IE flaw
- Brief: Attack on IE 0-day refined by researchers
- Brief: IE flaw gave attackers entry, says McAfee
- Brief: Law firm suing China suffers attack
- Brief: Microsoft, Oracle, Adobe issue patches
- Brief: Google, Adobe attacked through China
SecurityFocus Vulnerabilities
- Vuln: RadioCMS 'playlist_id' Parameter SQL Injection Vulnerability
- Vuln: WordPress Spiffy XSPF Player Plugin 'playlist_id' Parameter SQL Injection Vulnerability
- Vuln: FreeBSD NFS Server CVE-2013-3266 Memory Corruption Vulnerability
- Vuln: WordPress Spider Video Player Plugin 'theme' Parameter SQL Injection Vulnerability
- Vuln: Vanilla Forums Multiple SQL Injection Vulnerabilities
- Vuln: WordPress Traffic Analyzer Plugin 'aoid' Parameter Cross Site Scripting Vulnerability
- Vuln: RETIRED: Acme thttpd HTTP Server Directory Traversal Vulnerability
- Bugtraq: [waraxe-2013-SA#104] - Multiple Vulnerabilities in Spider Event Calendar Wordpress Plugin
- Bugtraq: [waraxe-2013-SA#105] - Multiple Vulnerabilities in Spider Catalog Wordpress Plugin
- Vuln: QEMU Guest Agent CVE-2013-2007 Insecure File Permissions Vulnerability
- Vuln: RETIRED: QEMU Guest Agent CVE-2013-2007 Insecure File Permissions Vulnerability
- Bugtraq: Trend Micro DirectPass 1.5.0.1060 - Multiple Vulnerabilities
- Bugtraq: VUPEN Security Research - Microsoft Internet Explorer 10-9 Object Confusion Sandbox Bypass (MS13-037 / Pwn2Own)
- Bugtraq: VUPEN Security Research - Microsoft Internet Explorer 10-9-8-7-6 VML Remote Integer Overflow (MS13-037 / Pwn2Own)
- Bugtraq: [ MDVSA-2013:166 ] krb5
- Vuln: RETIRED: Google Chrome Prior to 27.0.1453.93 Multiple Security Vulnerabilities
- Vuln: Moodle CVE-2013-1833 HTML Injection Vulnerability
- Vuln: Moodle CVE-2012-6098 Security Bypass Vulnerability
- Vuln: Moodle CVE-2012-6101 Multiple URI Redirection Vulnerabilities
- Vuln: Moodle CVE-2012-6104 Information Disclosure Vulnerability
SecurityNewsPortal
- New release of Intellitactics Security Manager features security know how
- Ubuntu Security Notice - pptpd vulnerability (USN-459-1)
- Verizon Business to acquire Cybertrust and ICSA Labs
- Cisco Security Response - HTTP Full-Width and Half-Width Unicode Encoding Evasion
- Criminologists pwn AusCERT
- Former Oracle VP pays $198,000 in trading charge
- Google Warns of Web Malware Epidemic
- Microsoft desperate, says target OpenOffice.org
- Players in potential patent battle hunker down
- Re: What RedHat doesnt want you to know about ExecShield (without NX)
- Re: [Dailydave] What RedHat doesnt want you to know about ExecShield (without NX)
- RE: Apple Safari on MacOSX may reveal users saved passwords
- Researcher: Apple TV, iTunes video dead ends
- Some Windows users get system freeze with May patches
- U.S. piracy crackdown nets 50th conviction
- Windows Update used to download malware updates
- Wordpress Akismet XSS flaw
- [USN-459-1] pptpd vulnerability
- AGs Ask MySpace For Predator Data
- Exchange Server 2007 Webcast Series - Most Frequently Asked Follow Up Questions (1 - 6)
US-Cert Alerts
- TA13-141A: Washington, DC Radio Station Web Site Compromises
- SA12-010A: Microsoft Updates for Multiple Vulnerabilities
- SA12-006A: Wi-Fi Protected Setup (WPS) Vulnerable to Brute-Force Attack
- SA11-350A: Adobe Updates for Multiple Vulnerabilities
- SA11-347A: Microsoft Updates for Multiple Vulnerabilities
- SA11-312A: Microsoft Updates for Multiple Vulnerabilities
- SA11-286A: Apple Updates for Multiple Vulnerabilities
- SA11-284A: Microsoft Updates for Multiple Vulnerabilities
- SA11-256A: Microsoft Updates for Multiple Vulnerabilities
- SA11-222A: Adobe Updates for Multiple Vulnerabilities
- SA11-221A: Microsoft Updates for Multiple Vulnerabilities
- SA11-193A: Microsoft Updates for Multiple Vulnerabilities
- SA11-165A: Microsoft Updates for Multiple Vulnerabilities
- SA11-166A: Adobe Updates for Multiple Vulnerabilities
- SA11-130A: Microsoft Updates for Multiple Vulnerabilities
- SA11-102A: Microsoft Updates for Multiple Vulnerabilities
- SA11-067A: Microsoft Updates for Multiple Vulnerabilities
- SA11-039A: Microsoft Updates for Multiple Vulnerabilities
- SA11-011A: Microsoft Updates for Multiple Vulnerabilities
- SA10-348A: Microsoft Updates for Multiple Vulnerabilities
US-Cert Bulletins
- SB13-140: Vulnerability Summary for the Week of May 13, 2013
- SB13-133: Vulnerability Summary for the Week of May 6, 2013
- SB13-126: Vulnerability Summary for the Week of April 29, 2013
- SB13-119: Vulnerability Summary for the Week of April 22, 2013
- SB13-126: Vulnerability Summary for the Week of April 30, 2013
- SB13-119: Vulnerability Summary for the Week of April 29, 2013
- SB13-105: Vulnerability Summary for the Week of April 8, 2013
- SB13-112: Vulnerability Summary for the Week of April 15, 2013
- SB13-105: Vulnerability Summary for Week of April 8, 2013
- SB13-098: Vulnerability Summary for the Week of April 1, 2013
- SB13-091: Vulnerability Summary for the Week of March 25, 2013
- SB13-084: Vulnerability Summary for the Week of March 18, 2013
- SB13-077: Vulnerability Summary for the Week of March 11, 2013
- SB13-070: Vulnerability Summary for the Week of March 4, 2013
- SB13-063: Vulnerability Summary for the Week of February 25, 2013
- SB12-359: Vulnerability Summary for the Week of December 17, 2012
- SB13-002: Vulnerability Summary for the Week of December 24, 2012
- SB13-007: Vulnerability Summary for the Week of December 31, 2012
- SB13-014: Vulnerability Summary for the Week of January 7, 2013
- SB13-021: Vulnerability Summary for the Week of January 14, 2013
US-CERT Techalerts
- TA13-134A: Microsoft Updates for Multiple Vulnerabilities
- TA13-107A: Oracle Has Released Multiple Updates for Java SE
- TA13-107A: Oracle has released multiple updates for Java SE
- TA13-100A: Microsoft Updates for Multiple Vulnerabilities
- TA13-088A: DNS Amplification Attacks
- TA13-071A: Microsoft Updates for Multiple Vulnerabilities
- TA13-064A: Oracle Java Contains Multiple Vulnerabilities
- TA12-318A: Microsoft Updates for Multiple Vulnerabilities
- TA12-346A: Microsoft Updates for Multiple Vulnerabilities
- TA13-008A: Microsoft Updates for Multiple Vulnerabilities
- TA13-010A: Oracle Java 7 Security Manager Bypass Vulnerability
- TA13-015A: Microsoft Releases Update for Internet Explorer Vulnerability CVE-2012-4792
- TA13-024A: Content Management Systems Security and Associated Risks
- TA13-032A: Oracle Java Multiple Vulnerabilities
- TA13-043A: Adobe Updates for Multiple Vulnerabilities
- TA13-043B: Microsoft Updates for Multiple Vulnerabilities
- TA13-051A: Oracle Java Multiple Vulnerabilities
- TA12-073A: Microsoft Updates for Multiple Vulnerabilities
- TA12-045A: Microsoft Updates for Multiple Vulnerabilities
- TA12-024A: "Anonymous" DDoS Activity
US-Cert Tips
- ST10-001: Recognizing Fake Antiviruses
- ST11-001: Holiday Traveling with Personal Internet-Enabled Devices
- ST04-014: Avoiding Social Engineering and Phishing Attacks
- ST08-001: Using Caution with USB Drives
- ST05-008: How Anonymous Are You?
- ST05-006: Recovering from Viruses, Worms, and Trojan Horses
- ST05-003: Securing Wireless Networks
- ST05-002: Keeping Children Safe Online
- ST05-001: Evaluating Your Web Browser's Security Settings
- ST04-024: Understanding ISPs
- ST07-001: Shopping Safely Online
- ST04-023: Understanding Your Computer: Email Clients
- ST04-022: Understanding Your Computer: Web Browsers
- ST04-021: Understanding Your Computer: Operating Systems
- ST04-020: Protecting Portable Devices: Data Security
- ST04-019: Understanding Encryption
- ST04-018: Understanding Digital Signatures
- ST04-017: Protecting Portable Devices: Physical Security
- ST04-016: Recognizing and Avoiding Spyware
- ST04-015: Understanding Denial-of-Service Attacks
Windows IT Pro
- Bug Hunting in Greenborder Pro
- OS Haste Makes Waste
- Sam Spade on the Spam Case
- Who Is Connected To Your Systems?
- Security UPDATE--OS Haste Makes Waste--July 19, 2006
- Month of Browser Bugs
- Nmap Hackers Pick Top 100 Security Tools
- Seven Microsoft Security Patches Due In July
- Security UPDATE--Nmap Hackers Pick Top 100 Security Tools--July 5, 2006
- ADV: Get the facts about virtualization
- Security Diligence Is Overdue
- Security UPDATE--Security Diligence Is Overdue--June 28, 2006
- Singin' The Browser Blues?
- Voylent Encrypts Cell Phone Calls
- Is Vista's UAC Giving You The Blues?
- Biggest Known Targets
- Death of the Frog
- 8866 2288 6600 8800 9966 7700
- Crypto Class
- Security UPDATE--Death of the Frog--May 24, 2006
Yahoo Security
- Dish on national security PR offensive against SoftBank
- Twitter beefs up security after hacking spree on media
- How to Stop Worrying and Love Twitter's New Two-Factor Verification
- 'Irrational' hackers are growing U.S. security fear
- The World's Most Powerful Women 2013
- Dish uses national security ads to fight SoftBank deal
- Xbox One Raises the Burden of Privacy Safeguards: 5 Questions for Microsoft
- Sony to assess spin-off plan; cuts targets for cameras, smartphones
- Sony cuts sales target for cameras, smartphones for 2014-15
- Parents withdraw from inquiry into death of U.S. engineer Shane Todd
- US parents quit Singapore inquest into son's death
- Some U.S. utilities say they're under constant cyber attack
- Some U.S. power companies say they face constant cyber attacks
- Leaked recording stirs political furor in Venezuela
- With high-tech guns, users could disable remotely
- Kate Hudson Teams Up With Zach Braff
- Small company stock are a bright spot
- Small company stocks take the limelight
- Jon Stewart's humor a hit with millions of envious Chinese
- Exclusive: EU cites Chinese telecoms Huawei and ZTE for trade violations
IT Toolbox Blogs
- Four Ways ShoreTel Dock Helps Drive UC
- Check Out BI Blogger Datakeyworld!
- Retail Industry ECM: Enhance Efficiency, Gain Control and Save Money with ECM
- Is Microsoft's XBOX One signaling a change in the gaming industry?
- The Real Cost of a Data Breach is Your Reputation
- What Constitutes an ERP Failure?
- ERP Knowledge Transfer: Is it Just Part of the Vendor's Sales Pitch?
- List of Microsoft Security Bulletins available for download
- iPhone isn’t dominating Customer Satisfaction any more
- Nero Burning ROM for $15 USD (Download)
- When will R. Daneel Olivaw arrive?
- SSL 101: How Do I Get a Secured Connection?
- Strategies Every DB2 z/OS DBA Should Know -- Continued
- Hundreds Will Die! Thank the Three Laws of Robotics
- Fostering the Analytical Culture
- How Much Connectivity is Too Much?
- Social CRM Myths
- Adobe will be changing Creative Suite to a subscription model after CS6
- U.S. carriers line up against texting while driving
- YouTube is 8 years old. Here’s the first video ever uploaded to the site!
