News

Palo Alto Networks: The Time Has Come: Advanced Endpoint Protection is Here!

30-09-2014 17:54
https://researchcenter.paloaltonetworks.com/2014/09/traps-advanced-endpoint-protection/   The Time Has Come: Advanced Endpoint Protection is Here! POSTED BY: Scott Gainey on September 30, 2014 5:15 AM FILED...

Shellshock - Bash Remote Code Execution Vulnerability

26-09-2014 10:02
The US-CERT has issued Shellshock as a critical vulnerability affecting Linux/UNIX operating systems and Apple’s MAC OS X. According to the US-CERT, if exploited, this vulnerability gives attackers the ability to remotely execute shell commands by attaching malicious code in environment variables...

Target hackers hit air-conditioning firm first as a way in

03-09-2014 07:13
Summary: A compromised refrigeration and air-conditioning company may be the starting point to one of the worst security breaches in the US.   The hackers that broke into Target's network and lifted millions of payment card numbers used a local cooling and heating company's...

FBI investigates Russian cyberattacks to banks (NL article)

03-09-2014 07:07
BI onderzoekt of Rusland achter grote cyberaanval op financiële instellingen zit De FBI onderzoekt of Rusland midden augustus de grote cyberaanval pleegde op de Amerikaanse bank JP Morgan en nog minstens één andere financiële instelling. Medio augustus werden bij een cyberaanval gegevens van de...

SIEM correlation for Belgian governance offices? (NL article)

03-09-2014 07:05
CERT.be bekijkt sensorennetwerk tegen cyberspionage Het Belgische Cert start binnenkort met een studie die moet bepalen of ons land een centraal sensorennetwerk krijgt dat internettraffiek bij de overheid scant op onregelmatigheden. Nadat bekend raakte dat hackers onder meer bij Belgacom-dochter...

Airport of Charleroi infected (NL article)

03-09-2014 06:58
Kwaadaardige software heeft verschillende netwerkcomputers van de luchthaven van Charleroi geïnfecteerd. Het luchtverkeer kwam nooit in gevaar. Het incident kwam voor de zomer al aan het licht, schrijft De Standaard. De hackers waren er in geslaagd om servers te besmetten en die in te schakelen in...

Attackers Fire at Windows XP Users With Recently Discovered IE Zero-Day

02-05-2014 11:46
Attackers Fire at Windows XP Users With Recently Discovered IE Zero-Day     Attackers are exploiting a recently disclosed zero-day vulnerability in Internet Explorer in campaigns  targeting Windows XP users, FireEye researchers have found. While...

The very sophisticated Wifi AP virus

20-03-2014 21:20
The document attached describes how non protected access points (fi. public places) are re-imaged with malicious code. Wifi Chameleon.pdf (3587303)

Ransomware - Cryptolocker malware

20-01-2014 13:14
Cryptolocker ransomware has 'infected about 250,000 PCs'   Infected victims are given a time limit to release their data before they lose it forever A virulent form of ransomware has now infected about quarter of a million Windows computers, according to a report by security...

Google Chrome Canary - stop malware downloads

20-01-2014 12:57
Google Chrome will shortly be able to detect and block downloads of malware. This functionality become available in Google Chrome Canary. The malware detection is based on the safebrowsing program. The new browser can be tested via:...
1 | 2 | 3 >>

Top websites containing malware

Top vulnerabilities currently active

US-CERT Current Activity https://www.us-cert.gov/ncas/current-activity.xml A regularly updated summary of the most frequent, high-impact security incidents currently being reported to the US-CERT. en Bourne Again Shell (Bash) Remote Code Execution Vulnerability https://www.us-cert.gov/ncas/current-activity/2014/09/24/Bourne-Again-Shell-Bash-Remote-Code-Execution-Vulnerability

US-CERT is aware of a Bash vulnerability affecting Unix-based operating systems such as Linux and Mac OS X. Exploitation of this vulnerability may allow a remote attacker to execute arbitrary code on an affected system.

The flaw was originally assigned CVE-2014-6271, but it was later discovered that the patch had an issue in the parser and did not fully address the problem. MITRE later assigned CVE-2014-7169 to cover the remaining problems after the application of the first patch.

US-CERT recommends users and administrators review TA14-268A, Vulnerability Note VU#252743 and the Redhat Security Blog for additional details and to refer to their respective Linux or Unix-based OS vendor(s) for an appropriate patch. A GNU Bash patch is also available for experienced users and administrators to implement.

Operating systems with updates include:

This product is provided subject to this Notification and this Privacy & Use policy.


]]> Wed, 24 Sep 2014 22:06:12 +0000 US-CERT 5946 at https://www.us-cert.gov Mozilla Network Security Services (NSS) Library Vulnerability https://www.us-cert.gov/ncas/current-activity/2014/09/24/Mozilla-Network-Security-Services-NSS-Library-Vulnerability

A vulnerability in the Mozilla NSS library could allow an attacker to forge an RSA signature, such as an SSL certificate. The package is often included in 3rd party software, including Linux distributions, Google Chrome, and others. It is possible that other cryptographic libraries may be similarly affected.

US-CERT recommends users and administrators review Vulnerability Note VU#772676, Mozilla Foundation Security Advisory 2014-73, and Google Stable Channel Update Blog for additional information and mitigation details.

This product is provided subject to this Notification and this Privacy & Use policy.


]]> Wed, 24 Sep 2014 20:32:06 +0000 US-CERT 5945 at https://www.us-cert.gov Apple Releases Security Updates for iOS, Apple TV, and Xcode https://www.us-cert.gov/ncas/current-activity/2014/09/18/Apple-Releases-Security-Updates-iOS-8-Apple-TV-and-Xcode

Apple released security updates for iOS devices, Apple TV, and Xcode to address multiple vulnerabilities, some of which could allow attackers to execute code with system privileges or cause an unexpected application termination.

Updates available include:

  • iOS 8 for iPhone 4s and later, iPod touch 5th generation and later, and iPad 2 and later
  • Apple TV 7 for Apple TV 3rd generation and later
  • Xcode 6.0.1 for OS X Mavericks v10.9.4 and later

Users and administrators are encouraged to review Apple security updates HT6441, HT6442, and HT6444 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


]]> Thu, 18 Sep 2014 15:01:50 +0000 US-CERT 5943 at https://www.us-cert.gov Adobe Releases Security Updates for Adobe Reader and Acrobat https://www.us-cert.gov/ncas/current-activity/2014/09/16/Adobe-Releases-Security-Updates-Adobe-Reader-and-Acrobat

Adobe has released security updates for Adobe Reader and Acrobat for Windows and Macintosh. Exploitation of these vulnerabilities could potentially allow an attacker to take control of the affected system.

US-CERT encourages users and administrators to review Adobe Security Bulletin APSB14-20 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


]]> Tue, 16 Sep 2014 19:45:53 +0000 US-CERT 5942 at https://www.us-cert.gov Cisco Integrated Management Controller Vulnerability https://www.us-cert.gov/ncas/current-activity/2014/09/11/Cisco-Integrated-Management-Controller-Vulnerability

Cisco has released an advisory to address a vulnerability in the Cisco Integrated Management Controller (Cisco IMC) SSH module of the Cisco Unified Computing System E-Series Blade servers that could allow an unauthenticated, remote attacker to cause a denial of service condition. Migration to release 2.3.1 is available for Cisco IMC Software versions 1.0.1, 1.0.2, 2.1.0, and 2.2.0.

Users and administrators are encouraged to review the Cisco Advisory and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


]]> Thu, 11 Sep 2014 16:31:24 +0000 US-CERT 5940 at https://www.us-cert.gov Google Releases Security Update for Chrome https://www.us-cert.gov/ncas/current-activity/2014/09/10/Google-Releases-Security-Update-Chrome

Google has released Chrome 37.0.2062.120 for Windows, Mac and Linux. This update addresses multiple vulnerabilities one of which could potentially allow an attacker to cause a denial of service.

US-CERT encourages users and administrators to review the Google Chrome release blog and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


]]> Thu, 11 Sep 2014 01:27:49 +0000 US-CERT 5939 at https://www.us-cert.gov Adobe Releases Security Updates for Flash Player and Air https://www.us-cert.gov/ncas/current-activity/2014/09/09/Adobe-Releases-Security-Updates-Flash-Player-and-Air

Adobe has released security updates to address multiple vulnerabilities in Adobe Flash Player and Air for Windows, Macintosh and Linux. Exploitation of these vulnerabilities could potentially allow an attacker to take control of the affected system.

Users and administrators are encouraged to review Adobe Security Bulletin APSB14-21 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


]]> Wed, 10 Sep 2014 01:57:05 +0000 US-CERT 5938 at https://www.us-cert.gov Microsoft Releases September 2014 Security Bulletin https://www.us-cert.gov/ncas/current-activity/2014/09/09/Microsoft-Releases-September-2014-Security-Bulletin

Microsoft released updates to address vulnerabilities in Windows, .NET Framework, Internet Explorer and Lync Server as part of the Microsoft Security Bulletin Summary for September 2014. Some of these vulnerabilities could allow remote code execution, elevation of privilege, or denial of service.

US-CERT encourages users and administrators to review the bulletin and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


]]> Tue, 09 Sep 2014 17:54:10 +0000 US-CERT 5936 at https://www.us-cert.gov WordPress Releases Security Update https://www.us-cert.gov/ncas/current-activity/2014/09/04/WordPress-Releases-Security-Update

WordPress 3.9.2 has been released to address multiple vulnerabilities, one of which could allow a possible denial of service issue in PHP’s XML processing. WordPress 3.7.3 or 3.8.3 users will be updated to 3.7.4 or 3.8.4. Users operating older, unsupported versions of WordPress are encouraged to upgrade to 3.9.2.

US-CERT recommends users and administrators review the WordPress Maintenance and Security Release blog and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


]]> Thu, 04 Sep 2014 17:35:20 +0000 US-CERT 5934 at https://www.us-cert.gov Mozilla Releases Security Updates for Firefox and Thunderbird https://www.us-cert.gov/ncas/current-activity/2014/09/03/Mozilla-Releases-Security-Updates-Firefox-and-Thunderbird

The Mozilla Foundation has released security updates to address multiple vulnerabilities in Firefox and Thunderbird. Exploitation of these vulnerabilities may allow an attacker to cause an exploitable crash or execute arbitrary code.

The following updates are available:

  • Firefox 32
  • Firefox ESR 24.8
  • Firefox ESR 31.1
  • Thunderbird 31.1
  • Thunderbird 24.8

Users and administrators are encouraged to review the Security Advisories for Firefox, Firefox ESR and Thunderbird to determine which updates should be applied to mitigate these risks.

This product is provided subject to this Notification and this Privacy & Use policy.


]]> Wed, 03 Sep 2014 10:13:56 +0000 US-CERT 5933 at https://www.us-cert.gov