Google Alert - Vulnerabilities

=== News - 8 new results for [Vulnerabilities] ===

Superstorm Shines A Light On Power Grid Vulnerabilities
WNYC
The storm that has spawned so many worst-ever superlatives managed a few
more when it comes to electricity, with record-breaking power outages
across 18 states stretching from Michigan and Indiana to Maine and North
Carolina, according to a ...
<http://www.wnyc.org/npr_articles/2012/oct/30/superstorm-shines-a-light-on-power-grid-vulnerabilities/>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://www.wnyc.org/npr_articles/2012/oct/30/superstorm-shines-a-light-on-power-grid-vulnerabilities/&hl=en&geo=us>

Secunia launches Secunia Vulnerability Intelligence Manager 4.0
Sacramento Bee
The Secunia VIM 4.0 is the latest evolutionary step in the technology
Secunia has developed to help organizations handle vulnerabilities and
protect business critical information and assets against potential attacks.
Because it covers more than 40,000 ...
<http://www.sacbee.com/2012/10/30/4948417/secunia-launches-secunia-vulnerability.html>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://www.sacbee.com/2012/10/30/4948417/secunia-launches-secunia-vulnerability.html&hl=en&geo=us>

The SQL Injection Disconnection
Dark Reading
A new report out this week that examines the most talked-about topics
within online hacker forums shows that there may be a huge disconnect
between the vulnerabilities that hackers are most keen to exploit and the
risk mitigation measures CSOs squirrel ...
<http://www.darkreading.com/vulnerability-management/167901026/security/news/240012596/the-sql-injection-disconnection.html>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://www.darkreading.com/vulnerability-management/167901026/security/news/240012596/the-sql-injection-disconnection.html&hl=en&geo=us>

Studies on Costal Area Vulnerability Presented in Cuba
Prensa Latina
30 de octubre de 2012, 16:09 Studies on Costal Area Vulnerability Presented
in Cuba Havana, Oct 30 (Prensa Latina) The main scientific results of
several research projects included in the study "Hazards and
Vulnerabilities of Cuban coastal zone for the ...
<http://www.plenglish.com/index.php?option=com_content&task=view&id=661821&Itemid=1>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://www.plenglish.com/index.php%3Foption%3Dcom_content%26task%3Dview%26id%3D661821%26Itemid%3D1&hl=en&geo=us>

Insecure industrial control systems, hacker trends prompt federal warnings
CSO
October 30, 2012 — CSO — Security researchers fed up with what they see
as the glacial pace with which vendors fix holes in industrial control
systems have exposed vulnerabilities that raised concerns among federal
officials. The latest security ...
<http://www.csoonline.com/article/720228/insecure-industrial-control-systems-hacker-trends-prompt-federal-warnings>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://www.csoonline.com/article/720228/insecure-industrial-control-systems-hacker-trends-prompt-federal-warnings&hl=en&geo=us>

F-SECURE OYJ : F-Secure Shuts Out Security Vulnerabilities by Keeping ...
4-traders
As malware attacks through software holes become more pervasive, keeping
software current is a critical component to overall business security.
F-Secure combines comprehensive security features with automated software
updates - smart for any company, ...
<http://www.4-traders.com/F-SECURE-OYJ-1412460/news/F-Secure-Oyj-F-Secure-Shuts-Out-Security-Vulnerabilities-by-Keeping-Business-Software-Up-To-Date-15443244/>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://www.4-traders.com/F-SECURE-OYJ-1412460/news/F-Secure-Oyj-F-Secure-Shuts-Out-Security-Vulnerabilities-by-Keeping-Business-Software-Up-To-Date-15443244/&hl=en&geo=us>

Oops: E-Mail Marketer Left Walmart, US Bank and Others Open to Easy Spoofing
Wired (blog)
"I didn't want to anger Epsilon's lawyers directly," Robertson says,
referring to the longstanding issue that many security researchers have
when they try to disclose vulnerabilities and the affected company either
reports the researcher to law ...
<http://www.wired.com/threatlevel/2012/10/dkim-third-party-emailers/>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://www.wired.com/threatlevel/2012/10/dkim-third-party-emailers/&hl=en&geo=us>

Hacker Halted: Government Needs to Embrace Bug Bounty Incentive
Infosecurity Magazine
Given that more code is being produced than can possibly be tested, eight
out of ten websites have serious vulnerabilities, and there are 142.2
million undiscovered serious vulnerabilities on SSL websites alone
(according to Grossman's calculations: ...
<http://www.infosecurity-magazine.com/view/29072/hacker-halted-government-needs-to-embrace-bug-bounty-incentive->
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://www.infosecurity-magazine.com/view/29072/hacker-halted-government-needs-to-embrace-bug-bounty-incentive-&hl=en&geo=us>

This once a day Google Alert is brought to you by Google.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Delete this Google Alert:
http://www.google.com/alerts/remove?hl=en&gl=us&source=alertsmail&s=AB2Xq4h73uDuUaTj8-CUHcryQFnZut4U2bzcgRg

Create another Google Alert:
http://www.google.com/alerts?hl=en&gl=us&source=alertsmail

Sign in to manage your alerts:
http://www.google.com/alerts/manage?hl=en&gl=us&source=alertsmail

Google Alert - Vulnerabilities

=== News - 7 new results for [Vulnerabilities] ===

Columbia cybersecurity firm gets boost from Silicon Valley
Baltimore Sun (blog)
Gula, a former information security expert at the National Security Agency
at Fort Meade, used to run so-called "penetration tests" at the agency,
where he probed government networks and tried to find vulnerabilities. He
partnered with Renaud Deraison, ...
<http://www.baltimoresun.com/business/technology/blog/bs-bz-tenable-raises-capital-20121029,0,7059459.story>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://www.baltimoresun.com/business/technology/blog/bs-bz-tenable-raises-capital-20121029,0,7059459.story&hl=en&geo=us>

Sybase Adaptive Server Enterprise Security Patches Fail to Fix Flaws
eWeek
Sybase has a new round of patches on the way to replace updates to its
Adaptive Server Enterprise product that did not fully fix 10
vulnerabilities. Several security fixes issued in July by Sybase failed to
fully address vulnerabilities in versions of ...
<http://www.eweek.com/security/sybase-adaptive-server-enterprise-security-patches-fail-to-fix-flaws/>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://www.eweek.com/security/sybase-adaptive-server-enterprise-security-patches-fail-to-fix-flaws/&hl=en&geo=us>

7 tips for protecting against a costly data breach
Healthcare Finance News
It's more cost effective to perform risk assessment and remediate
identified vulnerabilities now then to go through a breach response later.
Creedon shared with Healthcare Finance News the seven low-cost tips for
healthcare providers or trading ...
<http://www.healthcarefinancenews.com/news/7-tips-hipaa-self-risk-analysis>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://www.healthcarefinancenews.com/news/7-tips-hipaa-self-risk-analysis&hl=en&geo=us>

Dempsey Partners Joins Forces with Global Cyber Risk LLC to Offer
Analytical ...
The Herald | HeraldOnline.com
CERQ identifies, evaluates, and ranks cyber risks across an enterprise,
enabling risk managers, IT professionals, and compliance managers to focus
on their organization's most significant vulnerabilities and exposures. By
harnessing business process, ...
<http://www.heraldonline.com/2012/10/29/4373572/dempsey-partners-joins-forces.html>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://www.heraldonline.com/2012/10/29/4373572/dempsey-partners-joins-forces.html&hl=en&geo=us>

Critical flaw found in software used by many industrial control systems
Techworld.com
The vulnerability was discovered by former Digital Bond researcher Reid
Wightman as part of Project Basecamp, an ICS security research initiative
launched by Digital Bond last year. Described as a design issue, the
vulnerability is located in the ...
<http://news.techworld.com/security/3407613/critical-flaw-found-in-software-used-by-many-industrial-control-systems/>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://news.techworld.com/security/3407613/critical-flaw-found-in-software-used-by-many-industrial-control-systems/&hl=en&geo=us>

Firefox update fixes security flaws
ITworld.com
October 29, 2012, 9:14 AM — Several security vulnerabilities in Firefox
16 are being addressed in an update of the browser software released by the
Mozilla Foundation. This is the second time in the last two weeks that the
browser has had to be ...
<http://www.itworld.com/308270/firefox-update-fixes-security-flaws>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://www.itworld.com/308270/firefox-update-fixes-security-flaws&hl=en&geo=us>

Defending Against Targeted Attacks
BankInfoSecurity.com
Number one is you're seeing that the total number of reported
vulnerabilities has been decreasing, while at the same time you also see a
trend in the industry with very specific, very targeted, very financially
motivated or state-sponsored attacks that ...
<http://www.bankinfosecurity.com/defending-against-targeted-attacks-a-5246>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://www.bankinfosecurity.com/defending-against-targeted-attacks-a-5246&hl=en&geo=us>

This once a day Google Alert is brought to you by Google.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Delete this Google Alert:
http://www.google.com/alerts/remove?hl=en&gl=us&source=alertsmail&s=AB2Xq4h73uDuUaTj8-CUHcryQFnZut4U2bzcgRg

Create another Google Alert:
http://www.google.com/alerts?hl=en&gl=us&source=alertsmail

Sign in to manage your alerts:
http://www.google.com/alerts/manage?hl=en&gl=us&source=alertsmail

Google Alert - Vulnerabilities

=== News - 1 new result for [Vulnerabilities] ===

Firefox update fixes security flaws
PCWorld (blog)
Several security vulnerabilities in Firefox 16 are being addressed in an
update of the browser software released by the Mozilla Foundation. This is
the second time in the last two weeks that the browser has had to be
updated to address security problems.
<http://www.pcworld.com/article/2013222/firefox-update-fixes-security-flaws.html>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://www.pcworld.com/article/2013222/firefox-update-fixes-security-flaws.html&hl=en&geo=us>

This once a day Google Alert is brought to you by Google.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Delete this Google Alert:
http://www.google.com/alerts/remove?hl=en&gl=us&source=alertsmail&s=AB2Xq4h73uDuUaTj8-CUHcryQFnZut4U2bzcgRg

Create another Google Alert:
http://www.google.com/alerts?hl=en&gl=us&source=alertsmail

Sign in to manage your alerts:
http://www.google.com/alerts/manage?hl=en&gl=us&source=alertsmail

Google Alert - Vulnerabilities

=== News - 5 new results for [Vulnerabilities] ===

TEXT-Fitch:Slovenia bond issue positive but vulnerabilities persist
Reuters
(The following statement was released by the rating agency). Oct 26 -
Slovenia's recent USD2.25bn, 10-year bond issue has demonstrated that the
country enjoys access to funding in the international bond market, removing
a significant near-term uncertainty.
<http://www.reuters.com/article/2012/10/26/idUSWLA536620121026>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://www.reuters.com/article/2012/10/26/idUSWLA536620121026&hl=en&geo=us>

Critical flaw found in software used by many industrial control systems
Computerworld
Described as a design issue, the vulnerability is located in the CoDeSys
runtime, an application that runs on programmable logic controller (PLC)
devices. PLCs are digital computers that control and automate
electromechanical processes in power plants, ...
<http://www.computerworld.com/s/article/9232956/Critical_flaw_found_in_software_used_by_many_industrial_control_systems>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://www.computerworld.com/s/article/9232956/Critical_flaw_found_in_software_used_by_many_industrial_control_systems&hl=en&geo=us>

Adobe warns of Shockwave vulnerabilities
Afterdawn.com
This update addresses vulnerabilities that could allow an attacker, who
successfully exploits these vulnerabilities, to run malicious code on the
affected system. Adobe recommends users of Adobe Shockwave Player
11.6.7.637 and earlier versions update ...
<http://www.afterdawn.com/news/article.cfm/2012/10/26/adobe_warns_of_shockwave_vulnerabilities>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://www.afterdawn.com/news/article.cfm/2012/10/26/adobe_warns_of_shockwave_vulnerabilities&hl=en&geo=us>

Monitoring To Detect The Persistent Enemies
Dark Reading
In one recent study, academic researchers from security firm Symantec
correlated antivirus and reputation data with a database linking
vulnerabilities to malware and found 18 zero-day attacks over a four year
period, including 11 attacks that no one ...
<http://www.darkreading.com/security-monitoring/167901086/security/vulnerabilities/240011409/monitoring-to-detect-the-persistent-enemies.html>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://www.darkreading.com/security-monitoring/167901086/security/vulnerabilities/240011409/monitoring-to-detect-the-persistent-enemies.html&hl=en&geo=us>

Six critical vulnerabilities in Adobe Shockwave patched
Naked Security
Adobe has issued an advisory, warning of a number of security
vulnerabilities in its Shockwave media player software, and is urging users
to update to Adobe Shockwave Player 11.6.8.638. According to the firm, the
update addresses vulnerabilities that ...
<http://nakedsecurity.sophos.com/2012/10/26/adobe-shockwave-update/>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://nakedsecurity.sophos.com/2012/10/26/adobe-shockwave-update/&hl=en&geo=us>

This once a day Google Alert is brought to you by Google.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Delete this Google Alert:
http://www.google.com/alerts/remove?hl=en&gl=us&source=alertsmail&s=AB2Xq4h73uDuUaTj8-CUHcryQFnZut4U2bzcgRg

Create another Google Alert:
http://www.google.com/alerts?hl=en&gl=us&source=alertsmail

Sign in to manage your alerts:
http://www.google.com/alerts/manage?hl=en&gl=us&source=alertsmail

Google Alert - Vulnerabilities

=== News - 6 new results for [Vulnerabilities] ===

Election 2012 Hacking Threat: 10 Facts
InformationWeek
Could the U.S. elections be hacked, allowing attackers to adjust ballot
counts and alter election results? That threat, to be sure, sounds like
little more than a Hollywood movie plot. Furthermore, based on recent
reviews of states' voting system ...
<http://www.informationweek.com/security/vulnerabilities/election-2012-hacking-threat-10-facts/240009671>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://www.informationweek.com/security/vulnerabilities/election-2012-hacking-threat-10-facts/240009671&hl=en&geo=us>

SSL Vulnerabilities Found in Critical Non-Browser Software Packages
Threatpost (blog)
Serious security vulnerabilities were found in programs such as Amazon's
EC2 Java library, Amazon's and PayPal's merchant SDKs, Trillian and AIM
instant messaging software, popular integrated shopping cart software
packages, Chase mobile banking ...
<http://threatpost.com/en_us/blogs/ssl-vulnerabilities-found-critical-non-browser-software-packages-102512>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://threatpost.com/en_us/blogs/ssl-vulnerabilities-found-critical-non-browser-software-packages-102512&hl=en&geo=us>

SAP's Sybase RDMS Patches Fail to Repair 10 Critical Vulnerabilities
Threatpost (blog)
Patches released this week by database and mobile management vendor Sybase
did not completely repair serious privilege escalation and remote code
execution vulnerabilities in versions 15.0.3 and later of its Adaptive
Server Enterprise (ASE) product.
<http://threatpost.com/en_us/blogs/saps-sybase-rdms-patches-fail-repair-10-critical-vulnerabilities-102512>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://threatpost.com/en_us/blogs/saps-sybase-rdms-patches-fail-repair-10-critical-vulnerabilities-102512&hl=en&geo=us>

The Emperor's New Clothes: Why Vulnerabilities in RIA, Mobile and Web ...
Sacramento Bee
With a widening scanner coverage gap, security teams have had to turn to
manual testing practices to discover vulnerabilities associated with these
new formats. Today, NT OBJECTives has released, "The Widening Web
Application Security Scanner ...
<http://www.sacbee.com/2012/10/25/4937440/the-emperors-new-clothes-why-vulnerabilities.html>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://www.sacbee.com/2012/10/25/4937440/the-emperors-new-clothes-why-vulnerabilities.html&hl=en&geo=us>

Software version number no guarantee of security
Sydney Morning Herald
The company earlier this year released XRay.io, a free Android
vulnerability scanner, which looks for software vulnerabilities in the core
of Android in a similar way the Metasploit project works for desktops and
servers. A probe of 26,000 Android ...
<http://www.smh.com.au/it-pro/security-it/software-version-number-no-guarantee-of-security-20121026-289m4.html>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://www.smh.com.au/it-pro/security-it/software-version-number-no-guarantee-of-security-20121026-289m4.html&hl=en&geo=us>

Experts: Hackers will crack election systems
WND.com
Many of them run on the Windows operating system and are susceptible to
many of the same types of vulnerabilities their cousins in the home or
office are exposed to. Known exploits or weaknesses such as weak passwords,
poor password protection, and ...
<http://www.wnd.com/2012/10/experts-hackers-will-crack-election-systems/>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://www.wnd.com/2012/10/experts-hackers-will-crack-election-systems/&hl=en&geo=us>

This once a day Google Alert is brought to you by Google.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Delete this Google Alert:
http://www.google.com/alerts/remove?hl=en&gl=us&source=alertsmail&s=AB2Xq4h73uDuUaTj8-CUHcryQFnZut4U2bzcgRg

Create another Google Alert:
http://www.google.com/alerts?hl=en&gl=us&source=alertsmail

Sign in to manage your alerts:
http://www.google.com/alerts/manage?hl=en&gl=us&source=alertsmail

Google Alert - Vulnerabilities

=== News - 8 new results for [Vulnerabilities] ===

Adobe patches six critical vulnerabilities in Shockwave Player
PCWorld
Adobe has fixed six critical vulnerabilities in Shockwave Player that could
potentially be exploited by attackers to execute malicious code, via the
release of version 11.6.8.638 of the software. Five of the patched flaws
are buffer overflow ...
<http://www.pcworld.com/article/2012973/adobe-patches-six-critical-vulnerabilities-in-shockwave-player.html>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://www.pcworld.com/article/2012973/adobe-patches-six-critical-vulnerabilities-in-shockwave-player.html&hl=en&geo=us>

Money laundering: Vulnerabilities of insurance sector
Business Recorder (blog)
The willingness to spend money to hide the origin of the funds attracts the
assistance of professional intermediaries, most commonly lawyers,
accountants and bankers (every profession has its ethically challenged
members), who have appeared in ...
<http://www.brecorder.com/articles-a-letters/187/1251539/>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://www.brecorder.com/articles-a-letters/187/1251539/&hl=en&geo=us>

Qualys Introduces Predictive Analytics Engine For Zero-Day And Microsoft
Patch ...
Dark Reading
"Analyzing the impact of Patch Tuesday and zero-day vulnerabilities is a
challenging task for IT departments," said Charles Kolodgy, research vice
president, Secure Products for IDC. "Providing an instant view of where the
impact of the new ...
<http://www.darkreading.com/vulnerability-management/167901026/security/news/240009693/qualys-introduces-predictive-analytics-engine-for-zero-day-and-microsoft-patch-tuesday-vulnerabilities.html>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://www.darkreading.com/vulnerability-management/167901026/security/news/240009693/qualys-introduces-predictive-analytics-engine-for-zero-day-and-microsoft-patch-tuesday-vulnerabilities.html&hl=en&geo=us>

RedHat project fights Java vulnerabilities
SC Magazine Australia
David Jorm, a Brisbane-based security engineer with Red Hat's Jboss line
told an audience at Ruxcon over the weekend that developers often would not
know if their applications contained vulnerabilities. He explained that
Jboss products and their ...
<http://www.scmagazine.com.au/News/320617,redhat-project-fights-java-vulnerabilities.aspx>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://www.scmagazine.com.au/News/320617,redhat-project-fights-java-vulnerabilities.aspx&hl=en&geo=us>

Many Security Products Fail Exploit Blocking Test
PC Magazine
An imperfection that allows malefactors to take control of your computer or
execute arbitrary code is called a vulnerability, and the attack that does
the dirty deed is called an exploit. Until the vendor patches a
newly-discovered vulnerability ...
<http://securitywatch.pcmag.com/none/304206-many-security-products-fail-exploit-blocking-test>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://securitywatch.pcmag.com/none/304206-many-security-products-fail-exploit-blocking-test&hl=en&geo=us>

McAfee Management Tools Close Security Gaps
Channelnomics
Specifically, the release entails McAfee Vulnerability Manager and the
Asset Manager, which work in tandem. The solution is designed to automate
the discovery of assets connected to the network. but McAfee also intends
to make a dent in the industry by ...
<http://channelnomics.com/2012/10/24/mcafee-vulnerability-manager-closes-security-gaps/>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://channelnomics.com/2012/10/24/mcafee-vulnerability-manager-closes-security-gaps/&hl=en&geo=us>

Adobe fixes Shockwave Player security problems
ITProPortal
Five of the faults are defined as buffer flow vulnerabilities and one as an
"array out of bounds vulnerability," all of which affect Shockwave Player
11.6.7.637 and earlier versions on Windows and Macintosh platforms.
According to Adobe, Shockwave ...
<http://www.itproportal.com/2012/10/24/adobe-fixes-shockwave-player-security-problems/>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://www.itproportal.com/2012/10/24/adobe-fixes-shockwave-player-security-problems/&hl=en&geo=us>

Zero-day attacks circulate for 10 months on average before detection
Infosecurity Magazine
The Java zero-day vulnerability discovered in the wild this week has
already been added to the BlackHole toolkit for cybercriminals,
exponentially expanding the severity of the problem. According to malware
trackers, the Java zero-day exploit has now ...
<http://www.infosecurity-magazine.com/view/28972/zeroday-attacks-circulate-for-10-months-on-average-before-detection>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://www.infosecurity-magazine.com/view/28972/zeroday-attacks-circulate-for-10-months-on-average-before-detection&hl=en&geo=us>

This once a day Google Alert is brought to you by Google.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Delete this Google Alert:
http://www.google.com/alerts/remove?hl=en&gl=us&source=alertsmail&s=AB2Xq4h73uDuUaTj8-CUHcryQFnZut4U2bzcgRg

Create another Google Alert:
http://www.google.com/alerts?hl=en&gl=us&source=alertsmail

Sign in to manage your alerts:
http://www.google.com/alerts/manage?hl=en&gl=us&source=alertsmail

Google Alert - Vulnerabilities

=== News - 7 new results for [Vulnerabilities] ===

Verizon Data Breach Report Highlights Insider Vulnerabilities
AOL Government
Jacobs said that financially motivated hackers usually take a smash and
grab approach, scanning for vulnerabilities, using keylogger and other
spyware to tap valuable data. "Intellectual property isn't usually
something on the perimeter," he said. "It ...
<http://gov.aol.com/2012/10/23/verizon-data-breach-report-highlights-insider-vulnerabilities/>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://gov.aol.com/2012/10/23/verizon-data-breach-report-highlights-insider-vulnerabilities/&hl=en&geo=us>

Google's Vulnerability Reward Program: Making Friends with Hackers
CloudTimes
google top100 Googles Vulnerability Reward Program: Making Friends with
Hackers One of the more common criticisms being levied at the cloud
industry is the security risks inherent in the model. And the reason why
it's still fending off these criticisms ...
<http://cloudtimes.org/2012/10/23/google-vulnerability-reward-program/>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://cloudtimes.org/2012/10/23/google-vulnerability-reward-program/&hl=en&geo=us>

Anti-Terrorism Operation in North Caucasus Exposes Russia's Vulnerabilities
Heritage.org (blog)
ST. PETERSBURG, RUSSIA — The Kremlin's control over the North Caucasus
region has come under scrutiny as a massive counterterrorism operation in
the area got underway. The latest counterterrorism operation took place in
the republic of ...
<http://blog.heritage.org/2012/10/23/anti-terrorism-operation-in-north-caucasus-exposes-russias-vulnerabilities/>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://blog.heritage.org/2012/10/23/anti-terrorism-operation-in-north-caucasus-exposes-russias-vulnerabilities/&hl=en&geo=us>

Adobe Plugs Several Buffer Overflow Holes in Shockwave Player
Threatpost (blog)
Adobe announced today it has repaired a host of critical buffer overflow
vulnerabilities and an array out of bounds vulnerability in Shockwave
Player and urges users to update to the latest version of the software,
version 11.6.8.638. The company said ...
<http://threatpost.com/en_us/blogs/adobe-plugs-several-buffer-overflow-holes-shockwave-player-102312>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://threatpost.com/en_us/blogs/adobe-plugs-several-buffer-overflow-holes-shockwave-player-102312&hl=en&geo=us>

How zero-day exploits can improve security
GCN.com
Available as a free open-source tool and in more sophisticated commercial
products from Rapid7, it contains libraries of vulnerabilities and modules
to exploit them. The framework lets developers and researchers build
exploits to test for holes in IT ...
<http://gcn.com/articles/2012/10/23/how-zero-day-exploits-can-improve-security.aspx>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://gcn.com/articles/2012/10/23/how-zero-day-exploits-can-improve-security.aspx&hl=en&geo=us>

Experts warn about security flaws in airline boarding passes
Washington Post
The vulnerabilities center on the Transportation Security Administration's
pre-screening system, a paid-for program in which the screening process is
expedited for travelers at the airport: Laptop computers can remain in hand
baggage, as can approved ...
<http://www.washingtonpost.com/national/experts-warn-about-security-flaws-in-airline-boarding-passes/2012/10/23/ed408c80-1d3c-11e2-b647-bb1668e64058_story.html>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://www.washingtonpost.com/national/experts-warn-about-security-flaws-in-airline-boarding-passes/2012/10/23/ed408c80-1d3c-11e2-b647-bb1668e64058_story.html&hl=en&geo=us>

Oracle Could Fix Serious Java Security Flaw 'In 30 Minutes'
TechWeekEurope UK
Given how much criticism was levelled at Oracle for failing to patch a
separate Java vulnerability it had known about for months, and which was
recently actively exploited by cyber criminals, it would have been little
surprise if the firm had issued an ...
<http://www.techweekeurope.co.uk/news/oracle-java-security-flaw-97085>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://www.techweekeurope.co.uk/news/oracle-java-security-flaw-97085&hl=en&geo=us>

This once a day Google Alert is brought to you by Google.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Delete this Google Alert:
http://www.google.com/alerts/remove?hl=en&gl=us&source=alertsmail&s=AB2Xq4h73uDuUaTj8-CUHcryQFnZut4U2bzcgRg

Create another Google Alert:
http://www.google.com/alerts?hl=en&gl=us&source=alertsmail

Sign in to manage your alerts:
http://www.google.com/alerts/manage?hl=en&gl=us&source=alertsmail

Google Alert - Vulnerabilities

=== News - 9 new results for [Vulnerabilities] ===

The Foreign Policy Debate- Strengths and Vulnerabilities
The Moderate Voice
What exactly is the role of foreign policy and where are the strengths and
vulnerabilities of President Obama and Governor Romney in this area? And
when and where do the candidates believe America should intervene
militarily in another country?
<http://themoderatevoice.com/164926/the-foreign-policy-debate-strengths-and-vulnerabilities/>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://themoderatevoice.com/164926/the-foreign-policy-debate-strengths-and-vulnerabilities/&hl=en&geo=us>

Popular Android Apps Vulnerable
InformationWeek
About 8% of Android apps are vulnerable to attacks as a result of weak SSL
implementations, according to a new computer security study. Security
researchers in Germany analyzed 13,500 free Android apps from Google Play
and found that 1,074--about ...
<http://www.informationweek.com/security/vulnerabilities/popular-android-apps-vulnerable/240009507>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://www.informationweek.com/security/vulnerabilities/popular-android-apps-vulnerable/240009507&hl=en&geo=us>

Research exposes vulnerabilities in popular free Android apps
ITProPortal
Researchers from the University of Hanover and the Philipp University of
Marburg built a tool called MalloDroid, designed to detect potential
vulnerabilities in apps employing SSL/TLS code to MITM raids. The issues it
identified were "widespread and ...
<http://www.itproportal.com/2012/10/22/research-exposes-vulnerabilities-popular-free-android-apps/>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://www.itproportal.com/2012/10/22/research-exposes-vulnerabilities-popular-free-android-apps/&hl=en&geo=us>

Java still has a crucial role to play—despite security risks
Ars Technica
Java has its security flaws, but it isn't going away any time soon—after
all, many important applications run on the technology, especially in
business settings. Still, numerous users are worried enough about
vulnerabilities that they restrict Java's ...
<http://arstechnica.com/information-technology/2012/10/java-still-has-a-crucial-role-to-play-despite-security-risks/>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://arstechnica.com/information-technology/2012/10/java-still-has-a-crucial-role-to-play-despite-security-risks/&hl=en&geo=us>

Vulnerabilities detected in some apps on Google Play
Tech2
Computer scientists from Germany's Leibniz University of Hannover and
Philipps University of Marburg have found that apps downloaded by as many
as 185 million people have been putting to risk online banking and social
networking credentials of users, ...
<http://tech2.in.com/news/android/vulnerabilities-detected-in-some-apps-on-google-play/524552>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://tech2.in.com/news/android/vulnerabilities-detected-in-some-apps-on-google-play/524552&hl=en&geo=us>

Possible 'Patch' For Policy On Protecting Government Agency Systems
Dark Reading
A new national cybersecurity law may not be on the horizon anytime soon,
but there could be a simpler and less politically charged way to shore up
security, at least among U.S. government agencies. Former Office of
Management and Budget (OMB) officials ...
<http://www.darkreading.com/risk-management/167901115/security/vulnerabilities/240009551/possible-patch-for-policy-on-protecting-government-agency-systems.html>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://www.darkreading.com/risk-management/167901115/security/vulnerabilities/240009551/possible-patch-for-policy-on-protecting-government-agency-systems.html&hl=en&geo=us>

HP asks researcher not to present for fear of vulnerability disclosure
SC Magazine UK
A researcher who was planning to disclose major vulnerabilities in Huawei
and H3C routers at a security show this weekend has decided to scrap the
presentation. Researcher Kurt Grutzmacher was scheduled to deliver the talk
on Saturday at the ToorCon ...
<http://www.scmagazineuk.com/hp-asks-researcher-not-to-present-for-fear-of-vulnerability-disclosure/article/264654/>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://www.scmagazineuk.com/hp-asks-researcher-not-to-present-for-fear-of-vulnerability-disclosure/article/264654/&hl=en&geo=us>

The Pentagon Is Taking Potential Threats Against The Nation's Pacemakers ...
Business Insider
Just this morning, the Naval Surface Warfare Center (NSWC) posted an
information and equipment request to the Federal Business Opportunities
(FBO) website concerning cardiac pacemakers and their vulnerabilities. From
the FBO posting: This notice ...
<http://www.businessinsider.com/the-navy-is-taking-electromagnetic-countermeasures-for-cardiac-pacemakers-pretty-seriously-2012-10>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://www.businessinsider.com/the-navy-is-taking-electromagnetic-countermeasures-for-cardiac-pacemakers-pretty-seriously-2012-10&hl=en&geo=us>

Killing With a Laptop: The Pacemaker Hack
The Bunsen Burner
Jack has previously uncovered other weaknesses in medical computer
security, including vulnerabilities in insulin-delivering devices. The
weakness, according to Jack, centers around the wireless nature of
communication with the pacemaker. Clearly ...
<http://thebunsenburner.com/news/killing-with-a-laptop-the-pacemaker-hack/>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://thebunsenburner.com/news/killing-with-a-laptop-the-pacemaker-hack/&hl=en&geo=us>

This once a day Google Alert is brought to you by Google.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Delete this Google Alert:
http://www.google.com/alerts/remove?hl=en&gl=us&source=alertsmail&s=AB2Xq4h73uDuUaTj8-CUHcryQFnZut4U2bzcgRg

Create another Google Alert:
http://www.google.com/alerts?hl=en&gl=us&source=alertsmail

Sign in to manage your alerts:
http://www.google.com/alerts/manage?hl=en&gl=us&source=alertsmail

Google Alert - Vulnerabilities

=== News - 8 new results for [Vulnerabilities] ===

Some Android apps have serious SSL vulnerabilities, researchers say
Network World
Additionally, the scientists performed a manual audit of 100 apps for a
more definitive look at potential security issues, finding that 41 were
open to man-in-the-middle attacks because of SSL vulnerabilities. They said
that the vulnerable apps could ...
<http://www.networkworld.com/news/2012/101912-android-ssl-263546.html?hpg1=bn>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://www.networkworld.com/news/2012/101912-android-ssl-263546.html%3Fhpg1%3Dbn&hl=en&geo=us>

Tech Insight: What Penetration Testers Find Inside Your Network
Dark Reading
In our previous Tech Insight, we focused on some of the top vulnerabilities
that professional penetration testers discover when performing external
penetration test. This time, we are turning inward and looking at the
prominent vulnerabilities found in ...
<http://www.darkreading.com/security/vulnerabilities/240009447/tech-insight-what-penetration-testers-find-inside-your-network.html>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://www.darkreading.com/security/vulnerabilities/240009447/tech-insight-what-penetration-testers-find-inside-your-network.html&hl=en&geo=us>

Dutch Government Seeks to Let Law Enforcement Hack Foreign Computers
CIO
The proposed legislation would create an incentive for governments to keep
software vulnerabilities secret because they would need to exploit those
vulnerabilities to attack systems used by cybercriminals, van Daalen said.
There are already security ...
<http://www.cio.com/article/719307/Dutch_Government_Seeks_to_Let_Law_Enforcement_Hack_Foreign_Computers?taxonomyId=3234>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://www.cio.com/article/719307/Dutch_Government_Seeks_to_Let_Law_Enforcement_Hack_Foreign_Computers%3FtaxonomyId%3D3234&hl=en&geo=us>

HP asks researcher not to publish security vulnerabilities
The H
Kurt Grutzmacher has identified security vulnerabilities in network
equipment from Huawei and H3C, details of which he had planned to publish
at this weekend's Toorcon 14 security conference. Two days before the
conference, H3C's owners, HP, contacted ...
<http://www.h-online.com/security/news/item/HP-asks-researcher-not-to-publish-security-vulnerabilities-1733216.html>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://www.h-online.com/security/news/item/HP-asks-researcher-not-to-publish-security-vulnerabilities-1733216.html&hl=en&geo=us>

Microsoft and Secunia warn of FFMpeg vulnerabilities
The H
Microsoft has provided details of several critical vulnerabilities in older
versions of FFmpeg's open source video codec tools and libraries; these
could allow an attacker to execute arbitrary code on a system by getting
users to open a specially ...
<http://www.h-online.com/security/news/item/Microsoft-and-Secunia-warn-of-FFMpeg-vulnerabilities-1732963.html>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://www.h-online.com/security/news/item/Microsoft-and-Secunia-warn-of-FFMpeg-vulnerabilities-1732963.html&hl=en&geo=us>

Ethiopia's Public Sector Spending Increases Vulnerabilities - IMF
New Business Ethiopia
While the strategy has contributed to robust economic growth in the past,
recent developments indicate a buildup of vulnerabilities which need to be
addressed in order to sustain this growth performance." The staff report
for the 2012 Article IV ...
<http://newbusinessethiopia.com/index.php?option=com_content&view=article&id=796:ethiopias-public-sector-spending-increases-vulnerabilities-imf&catid=38:government&Itemid=38>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://newbusinessethiopia.com/index.php%3Foption%3Dcom_content%26view%3Darticle%26id%3D796:ethiopias-public-sector-spending-increases-vulnerabilities-imf%26catid%3D38:government%26Itemid%3D38&hl=en&geo=us>

Solar-power system flaws shine light on Smart Grid threats
GCN.com (blog)
The Homeland Security Department has issued an alert about vulnerabilities
in a control system for solar electric systems that could allow
unauthorized users to access to the system and execute malicious code. The
equipment is sold by the Italian ...
<http://gcn.com/blogs/cybereye/2012/10/solar-system-flaws-smart-grid-threats.aspx>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://gcn.com/blogs/cybereye/2012/10/solar-system-flaws-smart-grid-threats.aspx&hl=en&geo=us>

Are You Ready For A Cloud Security Officer?
Network World
Its solution covers all aspects of GRC, including Risk, Vulnerability,
Compliance, Training, Policies and Audit controls. What's more is Trace's
solution comes with Trace's own expertise and services included. It is
meant to be a standalone solution ...
<http://www.networkworld.com/community/node/81639>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://www.networkworld.com/community/node/81639&hl=en&geo=us>

This once a day Google Alert is brought to you by Google.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Delete this Google Alert:
http://www.google.com/alerts/remove?hl=en&gl=us&source=alertsmail&s=AB2Xq4h73uDuUaTj8-CUHcryQFnZut4U2bzcgRg

Create another Google Alert:
http://www.google.com/alerts?hl=en&gl=us&source=alertsmail

Sign in to manage your alerts:
http://www.google.com/alerts/manage?hl=en&gl=us&source=alertsmail

Google Alert - Vulnerabilities

=== News - 10 new results for [Vulnerabilities] ===

Demo of "serious" networking vulnerabilities cancelled at HP's request
Ars Technica
A presentation that promised to disclose "serious" vulnerabilities in
networking gear from Huawei and H3C has been cancelled two days before its
scheduled delivery date at the request of Hewlett-Packard, the parent
company of one of the latter China ...
<http://arstechnica.com/security/2012/10/demonstration-of-serious-networking-vulns-cancelled-at-hps-request/>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://arstechnica.com/security/2012/10/demonstration-of-serious-networking-vulns-cancelled-at-hps-request/&hl=en&geo=us>

Apple Kills Java In Macs' Browsers After A Slew Of Security Vulnerabilities
Forbes
After a string of security vulnerabilities in Oracle's ubiquitous program,
Apple's latest Java update released on Tuesday strips the program out of
users' browsers on Mac OSX. Apple's tersely-worded advisory on the decision
explains that if users need ...
<http://www.forbes.com/sites/andygreenberg/2012/10/18/apple-kills-java-in-macs-browsers-after-a-slew-of-security-vulnerabilities/>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://www.forbes.com/sites/andygreenberg/2012/10/18/apple-kills-java-in-macs-browsers-after-a-slew-of-security-vulnerabilities/&hl=en&geo=us>

Security researchers discover vulnerability in Steam URL protocol
TechSpot
Security researchers from ReVuln have discovered a zero-day vulnerability
in Valve's Steam browser protocol. The exploit can allow an attacker to
remotely exploit bugs in the Steam client or directly in games which can
ultimately be used to run ...
<http://www.techspot.com/news/50537-security-researchers-discover-vulnerability-in-steam-url-protocol.html>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://www.techspot.com/news/50537-security-researchers-discover-vulnerability-in-steam-url-protocol.html&hl=en&geo=us>

Hidden secret to success: vulnerability
USA Weekend
Strength and overconfidence are often celebrated as traits for getting
ahead, but vulnerability may play an equally important role. Dr. Brené
Brown, author of Daring Greatly: How the Courage to Be Vulnerable
Transforms the Way We Live, Love, Parent ...
<http://www.usaweekend.com/article/20121019/LIVING05/310190004/Hidden-secret-success-vulnerability?odyssey=nav%7Chead>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://www.usaweekend.com/article/20121019/LIVING05/310190004/Hidden-secret-success-vulnerability%3Fodyssey%3Dnav%257Chead&hl=en&geo=us>

Advances Create Vulnerabilities, US Cybercom Commander Says
defpro
06:49 GMT, October 19, 2012 BALTIMORE | The U.S. lead in cyber technology
innovation has created both advances and vulnerabilities, the commander of
U.S. Cyber Command said here Wednesday night. Army Gen. Keith B. Alexander,
who also is director ...
<http://www.defpro.com/news/details/40456/?SID=cc44301f67c99594482ca821a0238385>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://www.defpro.com/news/details/40456/%3FSID%3Dcc44301f67c99594482ca821a0238385&hl=en&geo=us>

Hacker demonstrates a pacemaker vulnerability with an 830-volt electric
shock
TechHive
Shocking and killing someone with their own pacemaker might sound like
something straight out of a Tom Clancy book. But apparently it is
completely possible because Barnaby Jack, of security vendor the IOActive,
demonstrated this very vulnerability in ...
<http://www.techhive.com/article/2012648/hacker-demonstrates-a-pacemaker-vulnerability-with-an-830-volt-electric-shock.html>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://www.techhive.com/article/2012648/hacker-demonstrates-a-pacemaker-vulnerability-with-an-830-volt-electric-shock.html&hl=en&geo=us>

Zero-Day Attacks Escape Detection for Nearly a Year: Symantec Study
eWeek
Attacks exploiting unreported vulnerabilities, commonly called zero-day
attacks, are both more numerous and more stealthy than previously thought,
according to an academic paper released this week by two researchers at
security firm Symantec. Using ...
<http://www.eweek.com/security/zero-day-attacks-escape-detection-for-nearly-a-year-Symantec-Study/>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://www.eweek.com/security/zero-day-attacks-escape-detection-for-nearly-a-year-Symantec-Study/&hl=en&geo=us>

Could Hackers Change Our Election Results?
Dark Reading
Meanwhile, voter databases are increasingly interconnected within complex
and often insecure local and state IT infrastructure, while the electronic
voting systems many states depend on are plagued with vulnerabilities that
the security community has ...
<http://www.darkreading.com/database-security/167901020/security/vulnerabilities/240009275/could-hackers-change-our-election-results.html>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://www.darkreading.com/database-security/167901020/security/vulnerabilities/240009275/could-hackers-change-our-election-results.html&hl=en&geo=us>

Microsoft Security: An Upsurge in Application Vulnerabilities
Midsize Insider
By no means are the vulnerabilities all intrinsic to Microsoft's own
product modules. Java exploits rank high among reported security issues,
reflecting a serious ongoing problem with Java security. But so long as
Microsoft applications provide access ...
<http://midsizeinsider.com/en-us/article/microsoft-security-an-upsurge-in-applic>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://midsizeinsider.com/en-us/article/microsoft-security-an-upsurge-in-applic&hl=en&geo=us>

White House Review Finds No Proof Of Espionage By Huawei But Says
Critical ...
International Business Times
Quoting two persons familiar with the probe, Reuters reported that White
House's largely classified inquiry on the security risks posed by suppliers
to the U.S. telecommunications delved into reports of suspicious activity
by the Chinese manufacturer ...
<http://www.ibtimes.com/white-house-review-finds-no-proof-espionage-huawei-says-critical-security-vulnerabilities-pose>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://www.ibtimes.com/white-house-review-finds-no-proof-espionage-huawei-says-critical-security-vulnerabilities-pose&hl=en&geo=us>

This once a day Google Alert is brought to you by Google.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Delete this Google Alert:
http://www.google.com/alerts/remove?hl=en&gl=us&source=alertsmail&s=AB2Xq4h73uDuUaTj8-CUHcryQFnZut4U2bzcgRg

Create another Google Alert:
http://www.google.com/alerts?hl=en&gl=us&source=alertsmail

Sign in to manage your alerts:
http://www.google.com/alerts/manage?hl=en&gl=us&source=alertsmail

Google Alert - Vulnerabilities

=== News - 10 new results for [Vulnerabilities] ===

Steam vulnerability can lead to remote insertion of malicious code
Ars Technica
By getting a user to click a link to a specially formed Steam URL, an
attacker can remotely exploit buffer overflow bugs and other
vulnerabilities in various Steam games and in Steam itself to create and
run malicious code on a target's machine, as ...
<http://arstechnica.com/security/2012/10/steam-vulnerability-can-lead-to-remote-insertion-of-malicious-code/>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://arstechnica.com/security/2012/10/steam-vulnerability-can-lead-to-remote-insertion-of-malicious-code/&hl=en&geo=us>

Apple updates Java for OS X
CNET
Apple has released a couple of Java updates for OS X, which bring the
supported Java SE 6 runtime to the latest version (1.6.0_37) in order to
tackle multiple vulnerabilities that were found in Java 1.6.0_35, the last
version of Apple's Java runtime ...
<http://reviews.cnet.com/8301-13727_7-57533879-263/apple-updates-java-for-os-x/>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://reviews.cnet.com/8301-13727_7-57533879-263/apple-updates-java-for-os-x/&hl=en&geo=us>

What Huawei, ZTE Must Do To Regain Trust
InformationWeek
A recently issued U.S. congressional report has cast a shadow on Chinese
telecom equipment makers Huawei and ZTE. Because neither company answered
congressional queries to the satisfaction of U.S. lawmakers, the report
concludes that the two ...
<http://www.informationweek.com/security/vulnerabilities/what-huawei-zte-must-do-to-regain-trust/240009190>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://www.informationweek.com/security/vulnerabilities/what-huawei-zte-must-do-to-regain-trust/240009190&hl=en&geo=us>

Symantec study highlights complexity of risks posed by zero-day exploits
TechTarget
"While the average duration is approximately 10 months, the fact that all
but one of the vulnerabilities disclosed after 2010 remained unknown for
more than 16 months suggests that we may be underestimating the duration of
zero-day attacks, as the data ...
<http://searchsecurity.techtarget.com/news/2240166975/Symantec-study-highlights-complexity-of-the-risk-posed-by-zero-day-exploits>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://searchsecurity.techtarget.com/news/2240166975/Symantec-study-highlights-complexity-of-the-risk-posed-by-zero-day-exploits&hl=en&geo=us>

Adobe Bolsters Security In Reader, Acrobat XI
Dark Reading
The move will make it more difficult for an attacker to exploit
vulnerabilities, Choudhury explains. The company also added the Adobe PDF
Whitelisting Framework, which allows administrators to selectively enable
advanced functionality, such as ...
<http://www.darkreading.com/vulnerability-management/167901026/security/application-security/240009265/adobe-bolsters-security-in-reader-acrobat-xi.html>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://www.darkreading.com/vulnerability-management/167901026/security/application-security/240009265/adobe-bolsters-security-in-reader-acrobat-xi.html&hl=en&geo=us>

UPDATE 2-White House-ordered review found no evidence of Huawei spying ...
Chicago Tribune
Found vulnerabilities in Huawei gear that pose security risk * Cyber
experts differ on whether vulnerabilities were deliberately inserted (Adds
ZTE comment) By Joseph Menn SAN FRANCISCO, Oct 17 (Reuters) - A White
House-ordered review of security risks ...
<http://www.chicagotribune.com/sns-rt-huawei-spying-update-2-exclusivel1e8li034-20121017,0,342452.story>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://www.chicagotribune.com/sns-rt-huawei-spying-update-2-exclusivel1e8li034-20121017,0,342452.story&hl=en&geo=us>

Oracle Leaves Fix for Java SE Zero Day Until February Patch Update
Threatpost (blog)
Oracle will not patch a critical sandbox escape vulnerability in Java SE
versions 5, 6 and 7 until its February Critical Patch Update, according to
the researcher who discovered the flaw. Adam Gowdiak of Polish security
firm Security Explorations told ...
<http://threatpost.com/en_us/blogs/oracle-leaves-fix-java-se-zero-day-until-february-patch-update-101712>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://threatpost.com/en_us/blogs/oracle-leaves-fix-java-se-zero-day-until-february-patch-update-101712&hl=en&geo=us>

Salient Federal Solutions to Present at Cyber Security Seminar and IT Expo
on ...
The Herald | HeraldOnline.com
They are not gaining the benefits IPv6 implementations, yet they are
exposed to cyber security vulnerabilities associated with IPv6," says
Helms. "We have identified the vulnerabilities associated with the
deployment of IPv6 enabled devices and have ...
<http://www.heraldonline.com/2012/10/17/4343322/salient-federal-solutions-to-present.html>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://www.heraldonline.com/2012/10/17/4343322/salient-federal-solutions-to-present.html&hl=en&geo=us>

Solar panel management systems vulnerable to attack, DHS warns
TechSpot
The U.S. Department of Homeland Security has issued another industrial
control warning (pdf) regarding critical vulnerabilities found across a
number of solar panel systems. Affected systems can be easily exploited
using "proof of concept" code ...
<http://www.techspot.com/news/50525-solar-panel-management-systems-vulnerable-to-attack-dhs-warns.html>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://www.techspot.com/news/50525-solar-panel-management-systems-vulnerable-to-attack-dhs-warns.html&hl=en&geo=us>

Microsoft engineer crafts exploitability index tool
SC Magazine Australia
A Microsoft exploit expert has designed a prototype tool based on an
experimental model to help more accurately determine exploitability of
memory-safe vulnerabilities. Security analysts currently have a tough job
determining the threat level of those ...
<http://www.scmagazine.com.au/News/319565,microsoft-engineer-crafts-exploitability-index-tool.aspx>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://www.scmagazine.com.au/News/319565,microsoft-engineer-crafts-exploitability-index-tool.aspx&hl=en&geo=us>

This once a day Google Alert is brought to you by Google.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Delete this Google Alert:
http://www.google.com/alerts/remove?hl=en&gl=us&source=alertsmail&s=AB2Xq4h73uDuUaTj8-CUHcryQFnZut4U2bzcgRg

Create another Google Alert:
http://www.google.com/alerts?hl=en&gl=us&source=alertsmail

Sign in to manage your alerts:
http://www.google.com/alerts/manage?hl=en&gl=us&source=alertsmail

Google Alert - Vulnerabilities

=== News - 7 new results for [Vulnerabilities] ===

Researchers: Steam URL protocol can be abused to exploit game
vulnerabilities
PCWorld
Attackers can abuse the way browsers and other applications handle steam://
protocol URLs in order to exploit serious vulnerabilities in the Steam
client or games installed through the platform, according to researchers
from startup vulnerability ...
<http://www.pcworld.com/article/2012128/researchers-steam-url-protocol-can-be-abused-to-exploit-game-vulnerabilities.html>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://www.pcworld.com/article/2012128/researchers-steam-url-protocol-can-be-abused-to-exploit-game-vulnerabilities.html&hl=en&geo=us>

3 Must-Fix Vulnerabilities Top Oracle CPU Patches
Dark Reading
Of particular note among the fixed vulnerabilities named by Oracle were two
flaws with a CVSS base score of 10.0, one for the Core RDBMS database
product and one for Oracle Fusion Middleware's JRockit component, as well
as another MySQL flaw with a ...
<http://www.darkreading.com/vulnerability-management/167901026/security/news/240009195/3-must-fix-vulnerabilities-top-oracle-cpu-patches.html>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://www.darkreading.com/vulnerability-management/167901026/security/news/240009195/3-must-fix-vulnerabilities-top-oracle-cpu-patches.html&hl=en&geo=us>

Corps study cites vulnerabilities in wake of Missouri River flooding
Columbia Daily Tribune
KANSAS CITY — A study released by the U.S. Army Corps of Engineers
yesterday said the agency did what it could to manage the historic 2011
flooding on the Missouri River but that more repairs, research and
monitoring are needed to mitigate damage in ...
<http://www.columbiatribune.com/news/2012/oct/16/corps-study-cites-vulnerabilities-in-wake-of/>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://www.columbiatribune.com/news/2012/oct/16/corps-study-cites-vulnerabilities-in-wake-of/&hl=en&geo=us>

Anger in New Zealand Over Leaky Government Computers
New York Times (blog)
He had been told there was a "giant vulnerability" in the Ministry of
Social Development's computer system, an exposure that allowed anyone to
gain access to thousands of personal and private files in the ministry's
database. Using a public computer ...
<http://rendezvous.blogs.nytimes.com/2012/10/17/anger-in-new-zealand-over-leaky-government-computers/>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://rendezvous.blogs.nytimes.com/2012/10/17/anger-in-new-zealand-over-leaky-government-computers/&hl=en&geo=us>

Hackers Exploit 'Zero-Day' Bugs For 10 Months On Average Before They're ...
Forbes
Software vendors are constantly on the watch for so-called "zero day"
vulnerabilities–flaws in their code that hackers find and exploit before
the first day companies become aware of them. But the term "zero-day"
doesn't capture just how early hackers' ...
<http://www.forbes.com/sites/andygreenberg/2012/10/16/hackers-exploit-software-bugs-for-10-months-on-average-before-theyre-fixed/>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://www.forbes.com/sites/andygreenberg/2012/10/16/hackers-exploit-software-bugs-for-10-months-on-average-before-theyre-fixed/&hl=en&geo=us>

Don't ignore Windows 8 security when reviewing desktop vulnerabilities
TechTarget
As expected, there has been a lot of hype over the forthcoming Windows 8
operating system. Will it be good for the enterprise? Well, that's sort of
a personal preference. I'm certainly not in love with the new Windows 8
interface, ...
<http://searchenterprisedesktop.techtarget.com/tip/Dont-ignore-Windows-8-security-when-reviewing-desktop-vulnerabilities>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://searchenterprisedesktop.techtarget.com/tip/Dont-ignore-Windows-8-security-when-reviewing-desktop-vulnerabilities&hl=en&geo=us>

Red Cross hosts regional training
Caymanian Compass
The training was aimed at teaching representatives the skills needed to
assess vulnerabilities and capacities in communities, providing feedback to
communities and setting up local committees to assist with risk reduction.
"It is a bottom up approach ...
<http://www.compasscayman.com/caycompass/2012/10/17/Red-Cross-hosts-regional-training/>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://www.compasscayman.com/caycompass/2012/10/17/Red-Cross-hosts-regional-training/&hl=en&geo=us>

This once a day Google Alert is brought to you by Google.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Delete this Google Alert:
http://www.google.com/alerts/remove?hl=en&gl=us&source=alertsmail&s=AB2Xq4h73uDuUaTj8-CUHcryQFnZut4U2bzcgRg

Create another Google Alert:
http://www.google.com/alerts?hl=en&gl=us&source=alertsmail

Sign in to manage your alerts:
http://www.google.com/alerts/manage?hl=en&gl=us&source=alertsmail

Google Alert - Vulnerabilities

=== News - 8 new results for [Vulnerabilities] ===

Army Corps of Engineers study focuses on Missouri River vulnerabilities
Kansas City Star
Experts from the Corps of Engineers conducted the study, which focuses on
vulnerabilities that remain after the Missouri River rose to record levels
last year. The flooding began after the corps began releasing massive
amounts of water from upstream ...
<http://www.kansascity.com/2012/10/15/3868823/army-corps-of-engineers-study.html>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://www.kansascity.com/2012/10/15/3868823/army-corps-of-engineers-study.html&hl=en&geo=us>

A Vulnerability in the Credit Card Networks?
Forbes
Recently, I used a CVS gift card at a local pharmacy. Since the card had a
balance of about $20 and my purchase was for considerably more, I withdrew
an American Express credit card from my wallet to pay the balance. Due to a
miscommunication between ...
<http://www.forbes.com/sites/josephsteinberg/2012/10/15/a-vulnerability-in-the-credit-card-networks/>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://www.forbes.com/sites/josephsteinberg/2012/10/15/a-vulnerability-in-the-credit-card-networks/&hl=en&geo=us>

Oracle Patch Update to Include 109 Patches
Threatpost (blog)
Two of the patches address client-only installations. Two of these
vulnerabilities were reported by Application Security Inc.'s TeamSHATTER
research outfit, including a remotely exploitable password cracking flaw in
Oracle 11g explained in CVE 2012-3137.
<http://threatpost.com/en_us/blogs/oracle-patch-update-include-109-patches-101512>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://threatpost.com/en_us/blogs/oracle-patch-update-include-109-patches-101512&hl=en&geo=us>

Solar panel control systems vulnerable to hacks
Ars Technica (blog)
The US Department of Homeland Security is warning of critical
vulnerabilities in a computerized control system that attackers could
exploit to sabotage or steal sensitive data from operators of the solar
arrays that generate electricity in homes and ...
<http://arstechnica.com/security/2012/10/solar-panel-control-systems-vulnerable-to-hacks/>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://arstechnica.com/security/2012/10/solar-panel-control-systems-vulnerable-to-hacks/&hl=en&geo=us>

Steam gamers vulnerable to attack
SC Magazine Australia
A string of vulnerabilities have been discovered in the popular Steam
gaming platform that allow attackers to compromise user machines. The flaws
target game engine vulnerabilities including overflows, the ability to
write arbitrary text to file and ...
<http://www.scmagazine.com.au/News/319413,steam-gamers-vulnerable-to-attack.aspx>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://www.scmagazine.com.au/News/319413,steam-gamers-vulnerable-to-attack.aspx&hl=en&geo=us>

Security Flaws Found in Solar Power SCADA Software
eSecurity Planet
"According to researchers Roberto Paleari and Ivan Speziale, the
vulnerabilities are exploitable remotely by authenticating to the service
using hard-coded credentials," the ICS-CERT warning [PDF file] states.
"Exploitation of these vulnerabilities ...
<http://www.esecurityplanet.com/network-security/security-flaws-found-in-solar-power-scada-software.html>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://www.esecurityplanet.com/network-security/security-flaws-found-in-solar-power-scada-software.html&hl=en&geo=us>

6 Reasons iOS 6 Jailbreaks Will Be Tough
InformationWeek
Don't bet on it. Here are six of the top challenges that would-be jailbreak
developers will face: 1. Finding sufficient vulnerabilities takes smarts.
"Jailbreaking is just overwriting some values in memory," said security
researcher Charlie Miller, in ...
<http://www.informationweek.com/security/application-security/6-reasons-ios-6-jailbreaks-will-be-tough/240008996>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://www.informationweek.com/security/application-security/6-reasons-ios-6-jailbreaks-will-be-tough/240008996&hl=en&geo=us>

Adobe fixes 25 security bugs in latest update
GMA News
In a security bulletin issued Monday, APSB12-22, Adobe said that the 25
security vulnerabilities were all "critical" and that those using
affected versions of Flash Player or Adobe AIR should apply the patch
immediately. For their part, Microsoft and ...
<http://www.gmanetwork.com/news/story/278413/scitech/technology/adobe-fixes-25-security-bugs-in-latest-update>
See all stories on this topic:
<http://news.google.com/news/story?ncl=http://www.gmanetwork.com/news/story/278413/scitech/technology/adobe-fixes-25-security-bugs-in-latest-update&hl=en&geo=us>

This once a day Google Alert is brought to you by Google.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Delete this Google Alert:
http://www.google.com/alerts/remove?hl=en&gl=us&source=alertsmail&s=AB2Xq4h73uDuUaTj8-CUHcryQFnZut4U2bzcgRg

Create another Google Alert:
http://www.google.com/alerts?hl=en&gl=us&source=alertsmail

Sign in to manage your alerts:
http://www.google.com/alerts/manage?hl=en&gl=us&source=alertsmail