The finest blend of the latest IT security news headlines, updated every 4 hours.

IT Security News
Regular Security News
Social Media
Tools
Exploits
Vulnerabilities
Security Videos & Podcasts
Other Stuff
Security Blogs
Microsoft Security Advisories
Mailing Lists
Bookmark + Share

Colour scheme


IT Security News

Y-Combinator

Regular Security News

Social Media

Reddit
I’m sure you can think of something with an rss feed

Tools

Security Tool Files ≈ Packet Storm

  • AIEngine 0.6 AIEngine is a packet inspection engine with capabilities of learning without any human intervention. It helps network/security professionals to identify traffic and develop signatures for use them on NIDS, Firewalls, Traffic classifiers and so on.
  • Nmap Port Scanner 6.45 Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). N. […]
  • Fwknop Port Knocking Utility 2.6.1 fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect servic. […]
  • OpenDNSSEC 1.4.5 OpenDNSSEC is software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.
  • Tor-ramdisk i686 UClibc-based Linux Distribution x86 20140409 Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced. […]
  • Lynis Auditing Tool 1.5.0 Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated audit. […]
  • Zed Attack Proxy 2.3.0 Windows Installer The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. […]
  • Zed Attack Proxy 2.3.0 Linux Release The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. […]
  • Zed Attack Proxy 2.3.0 Mac OS X Release The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. […]
  • sn00p 0.8 sn00p is a modular tool written in bourne shell and designed to chain and automate security tools and tests. It parses target definitions from the command line and runs corresponding modules afterwards. sn00p can also parse a given nmap logfile for open tcp and udp ports. All results will be logged. […]
  • DNS Spider Multithreaded Bruteforcer 0.5 DNS Spider is a multithreaded bruteforcer of subdomains that leverages a wordlist and/or character permutation.
  • GNUnet P2P Framework 0.10.1 GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP,. […]
  • CodeCrypt 1.6 codecrypt is a GnuPG-like program for encryption and signing that uses only quantum-computer-resistant algorithms.
  • Heartbleed Honeypot Script This Perl script listens on TCP port 443 and responds with completely bogus SSL heartbeat responses, unless it detects the start of a byte pattern similar to that used in Jared Stafford’s (jspenguin@jspenguin.org) demo for CVE-2014-0160 ‘Heartbleed’. Run as root for the privileged port. Outputs IPs. […]
  • OpenSSL Toolkit 1.0.1g OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
  • Lynis Auditing Tool 1.4.9 Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated audit. […]

CNET Download.com Security Software New Releases

  • My Lockbox 04/18/14 – Hide, lock, and password protect any file.
  • Free Internet Window Washer 04/18/14 – Erase Internet tracks, computer activities, program histories, and improve PC performance.
  • Kompas Antivirus 04/18/14 – Protect your PC from various types of malware.
  • Employee Activity Monitor Professional 04/18/14 – Monitor employee computer activities and track employees worktime.
  • Antivirus Live CD 04/18/14 – Check your system for viruses with a lightweight antivirus on a CD.
  • IObit Malware Fighter 04/18/14 – Scan and remove the deepest malware that your antivirus/antispyware missed.
  • DoNotTrackMe for Chrome 04/18/14 – Protect your privacy, stop companies from tracking your browsing and sending you spam email.
  • FlashCrest iSpy 04/18/14 – Record keystrokes, screenshots, websites, programs and email.
  • Keeper Desktop 04/18/14 – Manage your passwords on all your devices.
  • Dashlane 04/18/14 – Automate and simplify your everyday online life.
empty What security software source do you want to see here?

Exploits

Exploit Files ≈ Packet Storm

Exploit-DB updates

Securityvulns exploits channel

Vulnerabilities

Bugtraq

Security Videos & Podcasts

Other Stuff

Announcement

Announcements go here.

Files ≈ Packet Storm

  • Adobe Flash Player Regular Expression Heap Overflow This Metasploit module exploits a vulnerability found in the ActiveX component of Adobe Flash Player before 11.5.502.149. By supplying a specially crafted swf file with special regex value, it is possible to trigger an memory corruption, which results in remote code execution under the context of th. […]
  • Ruby Gem sfpagent 0.4.14 Command Injection Ruby Gem sfpagent version 0.4.14 suffers from a remote command injection vulnerability.
  • ROOTCON 8 Call For Papers The ROOTCON 8 Call For Papers has been announced. It will be held September 26th and 27th, 2014 at the Parklane International Hotel, Cebu City, Philippines.
  • CU3ER 1.24 Cross Site Scripting / Content Spoofing CU3ER versions 1.24 and below suffer from cross site scripting content spoofing vulnerabilities.
  • Sercomm TCP/32674 Backdoor Reactivation Proof of concept exploit that reactivates a backdoor on TCP/32674 of Sercomm systems.
  • Linux group_info Denial Of Service Linux group_info refcounter overflow memory corruption denial of service exploit.
  • Linux x86 Reverse Engineering Whitepaper called Linux x86 Reverse Engineering – Shellcode Disassembling and XOR decryption.
  • vBulletin 5.1 Cross Site Scripting vBulletin version 5.1 suffers from multiple cross site scripting vulnerabilities.
  • D-Link DAP-1320 Directory Traversal / Cross Site Scripting D-Link DAP-1320 wireless range extenders suffer from cross site scripting and directory traversal vulnerabilities.
  • F-Secure Messaging Security Gateway 7.5.0.892 Cross Site Scripting F-Secure Messaging Security Gateway version 7.5.0.892 suffers from a reflective cross site scripting vulnerability.
  • AIEngine 0.6 AIEngine is a packet inspection engine with capabilities of learning without any human intervention. It helps network/security professionals to identify traffic and develop signatures for use them on NIDS, Firewalls, Traffic classifiers and so on.
  • Nagios Remote Plugin Executor 2.15 Remote Command Execution Nagios Remote Plugin Executor (NRPE) versions 2.15 and below suffer from a remote command execution vulnerability.
  • HP Security Bulletin HPSBMU02995 3 HP Security Bulletin HPSBMU02995 3 – The Heartbleed vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnera. […]
  • HP Security Bulletin HPSBMU02998 2 HP Security Bulletin HPSBMU02998 2 – Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS). Also included is the OpenSSL vulnerability known a. […]
  • HP Security Bulletin HPSBGN03010 HP Security Bulletin HPSBGN03010 – The Heartbleed vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerabi. […]
  • HP Security Bulletin HPSBMU02935 2 HP Security Bulletin HPSBMU02935 2 – Potential security vulnerabilities have been identified with HP LoadRunner Virtual User Generator. The vulnerabilities could be exploited to allow remote code execution and disclosure of information. Revision 2 of this advisory.

Security Blogs

cURL error 60: SSL certificate problem, verify that the CA cert is OK. Details:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

A feed could not be found at http://feeds.feedburner.com/dvlabsblog

A feed could not be found at http://feeds.voices.washingtonpost.com/wp/securityfix/index

Microsoft Security Advisories

MSRC

  • April 2014 Security Bulletin Webcast and Q&A Today we published the April 2013 Security Bulletin Webcast Questions & Answers page. We answered 13 questions in total, with the majority focusing on the update for Internet Explorer (MS14-018) and the Windows 8.1 Update (KB2919355). Two questions that were not answered on air have been included on. […]
  • The April 2014 Security Updates T. S. Elliot once said, “What we call the beginning is often the end. And to make an end is to make a beginning. The end is where we start from.” So as we put one season to bed, let’s start another by looking at the April security updates. Today, we release four bulletins to address 11 CVEs in. […]
  • Advance Notification Service for the April 2014 Security Bulletin Release Today we provide advance notification for the release of four bulletins, two rated Critical and two rated Important in severity. These updates address issues in Microsoft Windows, Office and Internet Explorer. The update provided through MS14-017 fully addresses the Microsoft Word issue first descri. […]
  • The Next Leap Forward in Cyber Defense: Taking Action to Help Defeat Adversaries It is often said that attackers have an advantage, because the defenders have to protect every part of their systems all the time, while the attacker only has to find one way in. This argument oversimplifies the security landscape and the real strength that defenders can achieve if they work togethe. […]
  • Microsoft Releases Security Advisory 2953095 Today we released Security Advisory 2953095 to notify customers of a vulnerability in Microsoft Word. At this time, we are aware of limited, targeted attacks directed at Microsoft Word 2010. An attacker could cause remote code execution if someone was convinced to open a specially crafted Rich Text. […]
  • March 2014 Security Bulletin Webcast and Q&A Today we published the March 2014 Security Bulletin Webcast Questions & Answers page. We answered eight questions in total, with the majority focusing on the updates for Windows (MS14-016) and Internet Explorer (MS14-012). One question that was not answered on air has been included on the Q&A page.. […]
  • The March 2014 Security Updates This month we release five bulletins to address 23 unique CVEs in Microsoft Windows, Internet Explorer and Silverlight. If you need to prioritize, the update for Internet Explorer addresses the issue first described in Security Advisory 2934088, so it should be at the top of your list. While that up. […]
  • Advance Notification Service for the March 2014 Security Bulletin Release Today we provide advance notification for the release of five bulletins for March 2014, two rated Critical and thee rated Important in severity. These updates address issues in Microsoft Windows, Internet Explorer and Silverlight. The update provided in MS14-012 fully addresses the issue first descr. […]
  • Announcing the Enhanced Mitigation Experience Toolkit (EMET) 5.0 Technical Preview I’m here at the Moscone Center, San Francisco, California, attending the annual RSA Conference USA 2014. There’s a great crowd here and many valuable discussions. Our Microsoft Security Response Center (MSRC) engineering teams have been working hard on the next version of EMET, which helps custo. […]
  • Microsoft Releases Security Advisory 2934088 Today, we released Security Advisory 2934088 regarding an issue that impacts Internet Explorer 9 and 10. Internet Explorer 6, 7, 8 and 11 are not affected. At this time, we are only aware of limited, targeted attacks against Internet Explorer 10. This issue allows remote code execution if users brow. […]
  • February 2014 Security Bulletin Webcast and Q&A Today we published the February 2014 Security Bulletin Webcast Questions & Answers page.  We answered seven questions on air, with the majority of questions focusing on the MSXML bulletin (MS14-005) and the revision to Security Advisory 2915720. One question that was not answered on air has been in. […]
  • Safer Internet Day 2014 and Our February 2014 Security Updates In addition to today being the security update release, February 11 is officially Safer Internet Day for 2014. This year, we’re asking folks to Do 1 Thing to stay safer online. While you may expect my “Do 1 Thing” recommendation would be to apply security updates, I’m guessing that for reade. […]
  • Update (2/10) – Advance Notification Service for February 2014 Security Bulletin Release Update as of February 10, 2014 We are adding two updates to the February release. There will be Critical-rated updates for Internet Explorer and VBScript in addition to the previously announced updates scheduled for release on February 11, 2014. These updates have completed testing and will be inclu. […]
  • Antimalware Support for Windows XP and the January 2014 Security Bulletin Webcast and Q&A Today we’re publishing the January 2014 Security Bulletin Webcast Questions & Answers page.  We answered 16 questions in total, with the majority of questions focusing on the Dynamics AX bulletin (MS14-004), the update for Microsoft Word (MS14-001) and the re-release of the Windows 7 and Windows. […]
  • A Look Into the Future and the January 2014 Bulletin Release In January, there are those who like to make predictions about the upcoming year. I am not one of those people. Instead, I like to quote Niels Bohr who said, “Prediction is very difficult, especially if it’s about the future.” However, I can say without a doubt that change is afoot in 2014. In. […]
  • Advance Notification Service for the January 2014 Security Bulletin Release Today we provide advance notification for the release of four bulletins for January 2014. All bulletins this month are rated Important in severity and address vulnerabilities in Microsoft Windows, Office, and Dynamics AX. The update provided in MS14-002 fully addresses the issue first described in S. […]

Microsoft Sec Notification

  • Microsoft Security Bulletin Minor Revisions Posted by Microsoft on Apr 17******************************************************************** Title: Microsoft Security Bulletin Minor Revisions Issued: April 17, 2014 ******************************************************************** Summary ======= The following bulletins have undergone mino. […]
  • Hello, we miss you! Re-subscribe to receive the latest IT news from Microsoft Posted by Microsoft on Apr 15We miss you! Re-subscribe to receive the latest IT news from Microsoft Prefer to read this online? http://view.email.microsoftemail.com/?j=fe9816787667047c73&m=fe6015707361017c7212&ls=fe30157570640079711676&l=fec21c767365017e&s=fe281071756d007e7c1174&jb=ff68107375&ju= Cl. […]
  • Microsoft Security Bulletin Summary for April 2014 Posted by Microsoft on Apr 08******************************************************************** Microsoft Security Bulletin Summary for April 2014 Issued: April 8, 2014 ******************************************************************** This bulletin summary lists security bulletins released for. […]
  • Microsoft Security Advisory Notification Posted by Microsoft on Apr 08******************************************************************** Title: Microsoft Security Advisory Notification Issued: April 8, 2014 ******************************************************************** Security Advisories Updated or Released Today =================. […]
  • Microsoft Security Bulletin Advance Notification for April 2014 Posted by Microsoft on Apr 03******************************************************************** Microsoft Security Bulletin Advance Notification for April 2014 Issued: April 3, 2014 ******************************************************************** This is an advance notification of security bul. […]
  • Microsoft Security Advisory Notification Posted by Microsoft on Mar 27******************************************************************** Title: Microsoft Security Advisory Notification Issued: March 27, 2014 ******************************************************************** Security Advisories Updated or Released Today ================. […]
  • Microsoft Security Advisory Notification Posted by Microsoft on Mar 24******************************************************************** Title: Microsoft Security Advisory Notification Issued: March 24, 2014 ******************************************************************** Security Advisories Updated or Released Today ================. […]
  • Microsoft Security Bulletin Minor Revisions Posted by Microsoft on Mar 20******************************************************************** Title: Microsoft Security Bulletin Minor Revisions Issued: March 20, 2014 ******************************************************************** Summary ======= The following bulletins have undergone mino. […]
  • Microsoft Security Advisory Notification Posted by Microsoft on Mar 11******************************************************************** Title: Microsoft Security Advisory Notification Issued: March 11, 2014 ******************************************************************** Security Advisories Updated or Released Today ================. […]
  • Microsoft Security Bulletin Summary for March 2014 Posted by Microsoft on Mar 11******************************************************************** Microsoft Security Bulletin Summary for March 2014 Issued: March 11, 2014 ******************************************************************** This bulletin summary lists security bulletins released for. […]
  • Microsoft Security Bulletin Advance Notification for March 2014 Posted by Microsoft on Mar 06******************************************************************** Microsoft Security Bulletin Advance Notification for March 2014 Issued: March 6, 2014 ******************************************************************** This is an advance notification of security bul. […]
  • Microsoft Security Advisory Notification Posted by Microsoft on Feb 28******************************************************************** Title: Microsoft Security Advisory Notification Issued: February 28, 2014 ******************************************************************** Security Advisories Updated or Released Today =============. […]
  • Microsoft Security Bulletin Minor Revisions Posted by Microsoft on Feb 28******************************************************************** Title: Microsoft Security Bulletin Minor Revisions Issued: February 28, 2014 ******************************************************************** Summary ======= The following bulletins have undergone m. […]
  • Microsoft Security Advisory Notification Posted by Microsoft on Feb 27******************************************************************** Title: Microsoft Security Advisory Notification Issued: February 27, 2014 ******************************************************************** Security Advisories Updated or Released Today =============. […]
  • Microsoft Security Advisory Notification Posted by Microsoft on Feb 20******************************************************************** Title: Microsoft Security Advisory Notification Issued: February 20, 2014 ******************************************************************** Security Advisories Updated or Released Today =============. […]
IT Security News
Regular Security News
Social Media
Tools
Exploits
Vulnerabilities
Security Videos & Podcasts
Other Stuff
Security Blogs
Microsoft Security Advisories
Mailing Lists
Colour scheme