OpenSSL CRL bypass and ECDH DoS vulnerability
Two vulnerabilities have been reported in OpenSSL, which can be exploited by malicious people to bypass certain security restrictions and cause a Denial of Service, according …
Two new McAfee certification exams
McAfee today announced two new certification exams in support of the McAfee Security Certification Program. These exams have been released under the McAfee Certified Product …
Web Directories site leads to exploit kit and malware
Web Directories, a site designed to help webmasters and site owners find relevant directories, has been compromised and found redirecting its visitors to sites running the …
Sony hires new CISO
Sony Corporation announced that Philip R. Reitinger has been named Senior Vice President and Chief Information Security Officer, Corporate Executive in charge of global …
DigiNotar breach report reveals lousy security practices
An interim report issued by security audit firm Fox IT, who has been hired to investigate the DigiNotar breach, reveals that things are far worse than we were led to believe. …
OpenSSH 5.9 released
OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. It encrypts all traffic (including passwords) to …
Cloud-based DDoS protection
Imperva announced Cloud DDoS Protection, a secure cloud-based service that safeguards businesses from DDoS attacks. By subscribing to this service, organizations can protect …
A bid for the (ISC)2 board of directors: Beyond campaign promises
It’s been roughly two weeks since I started my petition as a write-in candidate for the (ISC)2 Board of Directors (BoD) elections. And what a two weeks it has been. As …
Iranian users were the ultimate target in DigiNotar compromise
If you needed a confirmation of Google’s claims that the rogue SSL issued by DigiNotar for *.google.com domains was used mainly to mount man-in-the-middle attacks …
Rogue SSL certs were also issued for CIA, MI6, Mossad
The number of rogue SSL certificates issued by Dutch CA DigiNotar has ballooned from one to a couple dozen to over 250 to 531 in just a few days. As Jacob Appelbaum of the Tor …
New Zeus-based variant targets banks around the world
Another Zeus-based offering has been unearthed by Trend Micros researchers, and by the look of things, this one seems to be better crafted than the recently discovered Ice IX …
MantisBT multiple vulnerabilities
Vulnerabilities have been reported in MantisBT, according to Secunia. These can be exploited by malicious people to conduct cross-site scripting attacks and disclose …