Published: Wed, 25 Aug 2010 09:28:24 -0400
Tue, 28 Aug 2012 01:00:00 -0400A new vulnerability has been discovered that affects all versions of Java 7 (1.7) and active attacks have been confirmed.
Tue, 10 Apr 2012 16:00:00 -0400Detecting and removing the Flashback Trojan from your Mac
Wed, 28 Mar 2012 01:00:00 -0400Phishing attempt allegedly from Purdue help-desk blocked.
Fri, 04 Nov 2011 03:30:00 -0400A TrueType Font Parsing vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system.
Wed, 15 Jun 2011 15:00:00 -0400Multiple vulnerabilities have been reported in Adobe ColdFusion, which can be exploited by malicious people to conduct cross-site request forgery attacks, cause a DoS (Denial of Service), and compromise a vulnerable system.
Thu, 17 Mar 2011 01:00:00 -0400Bug in BlackBerry Browser exposes vulnerability.
Mon, 31 Jan 2011 15:00:00 -0500There is a reported vulnerability in Windows that could allow for information disclosure via malicious scripts in MHTML pages.
Wed, 27 Oct 2010 01:00:00 -0400A new firefox add-on will allow novice computer users to steal your Facebook, Twitter and other login information when using open Wi-Fi spots.
Fri, 01 Oct 2010 01:00:00 -0400MPlayer FLIC Processing Multiple Array Indexing Vulnerabilities
Fri, 03 Sep 2010 01:00:00 -0400Security News and Info for 9/03/2010
Fri, 03 Sep 2010 01:00:00 -0400Security News and Info
Thu, 02 Sep 2010 01:00:00 -0400Latest Security Issuses for a wired world
Tue, 03 Aug 2010 01:00:00 -0400When clicking on a message that appears to come from one of your friends, if it insists that you click "Like" before viewing the page, it will send a rude hidden message to all of your facebook friends.
Tue, 03 Aug 2010 01:00:00 -0400An email campaign is targeting iPhone users who might want to jailbreak their phones has been reported by BitDefender.
Tue, 03 Aug 2010 01:00:00 -0400Two vulnerabilities have been reported in Apple iOS, version 4.0.1 which may be exploited to compromise a user's system.
Tue, 03 Aug 2010 01:00:00 -0400A vulnerability in Apple Mac OS X due to the "webdav_mount()" function of the WebDAV kernel extension can be exploited by malicious, local users to cause a DoS (Denial of Service).
Mon, 02 Aug 2010 01:00:00 -0400Trend Micro is reporting that Quicktime Player can be used by maliscious people to deploy malware to users' systems using specially crafted movie files. When a user plays one of the files, their system is redirected to download a malware payload.
Fri, 30 Jul 2010 01:00:00 -0400There were multiple vulnerabilities reported in Wireshark with an available update.
Thu, 29 Jul 2010 01:00:00 -0400Cisco has acknowledged a vulnerability in multiple Cisco products
Thu, 29 Jul 2010 01:00:00 -0400Apple released this advisory addressing vulnerabilities (15 unique CVEs) in the Safari browser for Windows and Mac platforms.
Tue, 27 Jul 2010 01:00:00 -0400Security Issues 7-27-2010
Tue, 20 Jul 2010 01:00:00 -0400Ever wonder if all your browser plug-ins are up-to-date and secure? Well Windows users now can check IE, Firefox and Chrome simply by going to a website and running a scan.
Mon, 19 Jul 2010 01:00:00 -0400A vulnerability in Windows versions including XP, Vista, 7, Server 2003 and Server 2008 which can be utilized by maliscious parties to compromise a user's system using specially crafted shortcuts (.lnk and .pif files).
Fri, 02 Jul 2010 01:00:00 -0400Security Issues 7-2-2010
Thu, 01 Jul 2010 01:00:00 -0400Opera browser users will want to upgrade to the latest patch level 10.60.
Wed, 30 Jun 2010 01:00:00 -0400Adobe has released update 9.3.3 for Acrobat and Reader. Users are suggested to upgrade as soon as possible to patch vulnerabilities that could allow for denial-of-service.
Tue, 29 Jun 2010 01:00:00 -0400Security Issues 6-29-2010
Mon, 28 Jun 2010 01:00:00 -0400Per Secunia, some vulnerabilities have been reported in Mozilla Thunderbird, which can be exploited by malicious people to compromise a user's system.
Mon, 28 Jun 2010 01:00:00 -0400Per Secunia, Apple has issued security updates for Mac OS X, which fixes multiple vulnerabilities.
Wed, 16 Jun 2010 01:00:00 -0400Microsoft Windows XP & 2003 Help and Support Center has been found to be vulnerable to a recent attack. Users who visit a compromised site can be affected by malicious malware being downloaded to the hosts machine.
Tue, 15 Jun 2010 01:00:00 -0400The end is finally here for support on Windows 2000 & XP SP 2. Microsoft plans on expire support on July 13th.
Fri, 11 Jun 2010 01:00:00 -0400Vulnerabilities have been reported in Adobe AIR. Malicious individuals can exploit these vulnerabilities to conduct cross-site scripting attacks or compromise a user's system. The vulnerabilities are reported in Adobe AIR versions 126.96.36.19930 and prior.
Fri, 11 Jun 2010 01:00:00 -0400Security Updates have been released for OpenOffice and MS Office 2008 for Mac.
Thu, 10 Jun 2010 01:00:00 -0400While Microsoft recently patched the Vulnerability in Internet Explore which could allow for information disclosure, they have expressed concern now that the patch is public that malicious people could be reversed engineered the flaw more easily -- and that additional public exploits may begin. Therefore, the most recent round of Windows updates has become very important to circumvent this and should be applied as soon as possible.
Thu, 10 Jun 2010 01:00:00 -0400A vulnerability has been discovered in Microsoft Windows. From Secunia as sited below: "The vulnerability is caused due to an error when processing escaped URLs through Microsoft Windows Help and Support Center (helpctr.exe). This can be exploited to bypass restrictions normally imposed by the "-FromHCP" command-line argument and pass arbitrary parameters to local help documents.
Wed, 09 Jun 2010 01:00:00 -0400Per Secunia: "Some vulnerabilities have been reported in Apple Safari, which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, conduct spoofing or cross-site scripting attacks, and potentially compromise a user's system."
Wed, 19 May 2010 01:00:00 -0400Browser Plugin Check Site (works with Firefox 3.6+, Opera 10.5,Safari 4, Chrome 4, or IE 8)
Fri, 13 Nov 2009 01:00:00 -0500Vulnerability has been discovered in Microsoft Windows 7 & Sever 2008. This is a 0-day vulnerability that can be exploited from remote by a malicious user.
Fri, 09 Oct 2009 01:00:00 -0400Thawte email services will be discontinued as of November 16th, 2009. Current customers will receive a free year of VeriSign service. Microsoft has posted that this months patch Tuesday will be its largest ever. Adobe has posted vulnerabilities found in Reader and Acrobat.
Tue, 06 Oct 2009 01:00:00 -0400Hotmail, Live, and MSN users are advised to change their passwords after it was found that usernames and passwords for 10,000 users were posted online.
Tue, 01 Sep 2009 01:00:00 -0400Vulnerability has been found in Microsoft Internet Information Services FTP server that can allow a remote attacker to potentially execute arbitrary code. IIS FTP servers that allow anonymous users write access can potentially be affected due to a boundary error when the server processes NLST commands.
Mon, 17 Aug 2009 01:00:00 -0400A recently discovered vulnerability in the Linux 2.4 and 2.6 kernels can allow an attacker with local user privileges to gain root access using a widely distributed exploit for a NULL pointer reference caused by incorrect proto_ops initializations. As of August 17th, the issue is still unpatched and the vulnerability affects basically all distributions of Linux running on the 2.4 or 2.6 kernels.
Fri, 14 Aug 2009 01:00:00 -0400This week saw a surge of new security updates for both Mac and Windows computers, partially due to Patch Tuesday.
Wed, 05 Aug 2009 01:00:00 -0400Mozilla Firefox, Thunderbird and SeaMonkey have been found to be vulnerable to an issue in which domain name certificates are dealt with between client browsers and CA servers. The issue is currently unpatched for all products except for users of Firefox 3.5. It is suggested to not browse untrusted sites or open emails from untrusted sources.
Wed, 29 Jul 2009 01:00:00 -0400Multiple vulnerabilities exist in Squid 3.x that can allow a malicious remote user to cause a denial of service (DoS) attack.
Tue, 14 Jul 2009 01:00:00 -0400A new vulnerability has been discovered in the latest version of Mozilla Firefox that can cause memory corruption and may be exploited by malicious people to compromise a user's system.
Mon, 13 Jul 2009 01:00:00 -0400Vulnerability updates: MS Office, Tomcat, and Internet Explorer
Wed, 24 Jun 2009 01:00:00 -0400A new vulnerability has been discovered in Adobe Shockwave player which could allow for arbitrary code execution on a machine which attempts to play a specially crafted malicious Shockwave player 10 content. Also, a new round of Thunderbird updates have been released addressing a number of security issues.
Thu, 11 Jun 2009 01:00:00 -0400Critical vulnerabilities are found in Adobe Reader/Acrobat 9.1.1 and earlier.
Thu, 21 May 2009 01:00:00 -0400New vulnerabilities have been reported for IIS 6.0 users who have WebDAV enabled. The vulnerability allows escalation of privileges if a specially crafted HTTP GET request is made to the vulnerable server.
Wed, 22 Apr 2009 01:00:00 -0400New as of today (April 22nd, 09) there are a fresh batch of vulnerabilities that have been discovered in Mozilla products Firefox, Thunderbird, and Seamonkey.
Thu, 16 Apr 2009 01:00:00 -0400On Tuesday, Microsoft and Oracle released critical patches that affect multiple products.
Tue, 14 Apr 2009 01:00:00 -0400Critical updates for SAP, Java and VMware are now available.
Fri, 03 Apr 2009 01:00:00 -0400A newly released vulnerability in MS PowerPoint versions 2000 through 2004 for Mac and PC could allow a maliciously crafted PowerPoint file to compromise a user's system and run arbitrary code with permissions of the user.
Mon, 30 Mar 2009 01:00:00 -0400The security department has recently seen some cases where Active Directory accounts have been locked out due to excessive failed login attempts when a Mac that is synced to Active Directory is also listening for inbound SSH connections.
Tue, 24 Feb 2009 01:00:00 -0500Unpatched Vulnerability in Adobe Reader and Acrobat may allow attacker to take control of users system via specially crafted document. Affected versions include Adobe Reader/Acrobat 9 and earlier.
Wed, 17 Dec 2008 01:00:00 -0500An out of band patch is being released by Microsoft today for the infamous IE 7 0-day vulnerability discovered last week.
Wed, 10 Dec 2008 01:00:00 -0500Both MS Word and Excel had some major vulnerabilities that were patched in the most recent patch release from Microsoft. Versions affected go all the way back to MS Office 2000.
Fri, 08 Aug 2008 01:00:00 -0400Malicious emails purporting to contain personalized news links from CNN are being reported by campus users as well as across the Internet. These unsolicited emails contain links to supposed videos of recent or false news stories. Additionally, the emails use graphics from legitimate CNN pages to further make the messages appear genuine. When clicked, the links take the user to a fraudulent copy of the CNN video player site which is hosted on a malicious site. Instead of playing a video, the site prompts the user to download a Flash player update. This executable is a Trojan and contains code designed to compromise a user's computer.
Wed, 09 Jul 2008 01:00:00 -0400Java updates galore
Thu, 15 May 2008 01:00:00 -0400Monthly Summary and Trends
Wed, 30 Apr 2008 01:00:00 -0400Monthly Summary and Trends
Tue, 29 Apr 2008 01:00:00 -0400Over the past few days, there has been a new type of phishing e-mail spotted. This new phishing method no longer asks for credentials and other personal information. The new tactic is to pose as a company and ask for the end user to "renew" their digital certificate. A link is presented in the e-mail, which when clicked on will download a keylogging Trojan onto the computer. The Trojan is then used to steal information and/or credentials from the victim's computer. Currently the most commonly used companies to pose as include Comerica Bank and Colonial Bank.
Thu, 20 Mar 2008 01:00:00 -0400Programs that handle archive formats ACE, ARJ, BZ2, CAB, GZ, LHA, RAR, TAR, ZIP and ZOO could potentially be affected by newly discovered vulnerabilities. Various types of programs that could be affected include: anti-virus, firewalls (software-based), encryption products (VPN, PGP), backup software, office programs, operating systems and libraries.
Thu, 20 Mar 2008 01:00:00 -0400CUPS (Common UNIX Printing System), which provides a standard printer interface for various Unix based operating systems, has a new vulnerability. An unspecified error within the CUPS CGI backend, if exploited by an attacker, could cause a heap-based buffer overflow by sending a specially crafted IPP request.
Wed, 12 Mar 2008 01:00:00 -0400Monthly Summary and Trends February 2008
Wed, 12 Mar 2008 01:00:00 -0400Monthly Summary and Trends
Wed, 12 Mar 2008 01:00:00 -0400Monthly Summary and Trends
Fri, 29 Feb 2008 01:00:00 -0500"Secunia Research has discovered some vulnerabilities in Symantec Backup Exec for Windows Servers, which can be exploited by malicious people to overwrite arbitrary files or compromise a vulnerable system."
Fri, 29 Feb 2008 01:00:00 -0500A new unpatched vulnerability has been found in several VMware products that would allow a user (or malicious individual) to "break out" of the guest OS/VM and read/write to the host file system.
Wed, 06 Feb 2008 01:00:00 -0500Purdue University cautions users to be skeptical of email messages claiming to be from Microsoft and requesting that users download a critical update. These emails appear to be fraudulent and users should NOT follow the links in the email. Users are requested to ignore the email and delete it.
Wed, 16 Jan 2008 01:00:00 -0500Phishing reminder and a new UPnP attack vector
Mon, 14 Jan 2008 01:00:00 -0500You've probably all seen the notifications that there is a current Phishing attack targeting Purdue accounts. Over the weekend we saw some minor modifications to the message which mostly just includes changes to the address it seemed to be coming from.
Thu, 03 Jan 2008 01:00:00 -0500A recently found unpatched flaw in RealPlayer 11 may lead to execution of arbitrary code.
Thu, 03 Jan 2008 01:00:00 -0500Arbornetworks.com is reporting about active Storm Worm domains that are currently being used with the latest round of Storm Worm emails attempting to take advantage of the holidays.
Thu, 20 Dec 2007 01:00:00 -0500November 2007 Summary and Trends
Thu, 20 Dec 2007 01:00:00 -0500Adobe Flash Player update fixes multiple vulnerabilities
Fri, 14 Dec 2007 01:00:00 -0500Details are emerging about a new vulnerability in WordPress. An unpatched flaw in WordPress may lead to SQL injection.
Fri, 14 Dec 2007 01:00:00 -0500Details are emerging about a moderately critical vulnerability in Samba. A flaw in Samba may lead to a buffer overflow resulting in execution of arbitrary code.
Mon, 03 Dec 2007 01:00:00 -0500Details are emerging about a critical exploit vulnerability in Apple's Quicktime product. An unpatched flaw in the RTSP (real-time streaming protocol) may allow remote attackers to compromise a system.
Mon, 19 Nov 2007 01:00:00 -0500October 2007 Summary and Trends
Fri, 26 Oct 2007 01:00:00 -0400STEAM-CIRT Summary & Trends for September 2007
Fri, 19 Oct 2007 01:00:00 -0400A variety of vulnerabilities in the popular web browser Firefox have been reported. When exploited, these vulnerabilities can lead to: disclosure of sensitive information, phishing attacks, data manipulation, and/or system compromise.
Fri, 21 Sep 2007 01:00:00 -0400August 2007 Summary and Trends
Wed, 19 Sep 2007 01:00:00 -0400A vulnerability affecting Firefox versions previous to 188.8.131.52 is caused by the "-chrome" parameter allowing remote attackers to run code with the current user's privileges. When exploited, the remote attacker can install malware, steal data, or simply corrupt the user's system.
Thu, 30 Aug 2007 01:00:00 -0400For our campus users of Subversion and TortoiseSVN version control systems it is time to update. Versions prior to the recently released 1.4.5 version have a bug that allows a directory-traversal attack on a windows system using the "..\" syntax. This would allow a client user with write access to overwrite arbitrary system files for which he has write access privileges.
Wed, 29 Aug 2007 01:00:00 -0400A highly critical vulnerability has been discovered in the open source media player Media Player Classic (MPC), which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error processing .FLI files (an old animation compression format).
Thu, 23 Aug 2007 01:00:00 -0400The newest method that is being highly utilized to trick people into becoming storm worm infected is by sending out e-mails regarding various "club" memberships.
Wed, 22 Aug 2007 01:00:00 -0400July 2007 Summary and Trends
Wed, 22 Aug 2007 01:00:00 -0400February 2007 Summary and Trends
Wed, 22 Aug 2007 01:00:00 -0400March 2007 Summary and Trends
Wed, 22 Aug 2007 01:00:00 -0400April 2007 Summary and Trends
Wed, 22 Aug 2007 01:00:00 -0400May 2007 Summary and Trends
Wed, 22 Aug 2007 01:00:00 -0400June 2007 Summary and Trends
Wed, 15 Aug 2007 01:00:00 -0400A highly critical vulnerability has been found in the Live Picture Corporation DirectTransform FlashPix ActiveX control included in the Microsoft DirectX Media SDK, which can be exploited by malicious people to compromise a vulnerable system.
Mon, 30 Jul 2007 01:00:00 -0400Exploitation is as simple as using Firefox to visit a malicious website with a specially crafted URI (such as "mailto") containing a "%" character and ends with a specific extension, such as ".bat" or ".cmd".
Tue, 17 Jul 2007 01:00:00 -0400Sun Java Runtime Environment (JRE) has a buffer overflow vulnerability in its image parsing code which could allow an untrusted applet or application to escalate its privileges. If this happens, the applet or application could provide itself permissions to read and write local files or execute local applications which are available to the user who is running the untrusted applet or application. All systems running Windows, Linux variants, and Solaris are considered vulnerable.
Thu, 05 Jul 2007 01:00:00 -0400A new Firefox vulnerability is caused by a design flaw within the focus handling method of form fields.
Fri, 29 Jun 2007 01:00:00 -0400The Xvid library version 1.1.2 has a newly discovered vulnerability in the get_intra_block, get_inter_h263, and get_inter_block_mpeg functions. This vulnerability could allow a remote attacker to execute arbitrary code on the victim's computer.