Category: Security Advisories
06/23/10
Application Whitelisting and MS Authenticode
F-Secure has recently reported of "…tens of thousands of malware samples that have been signed (with MS Authenticode)."MS Authenticode uses digital signatures (code signing) to authenticate software and inform the user of the fact that the software w… more »
04/14/10
Apache.Org Compromise
On 04/05/2010, Apache's issue tracker for projects was compromised via an XSS attack. The attackers used a simple URL redirect service appended to a new issue to grab administrator session credentials and ultimately download hashed copies of JIRA, Bugzi… more »
04/06/10
IMPORTANT: No New ClamAV Signatures for CSA Versions Earlier than 6.0.1.138
ClamAV will no longer release new signatures for ClamAV scan engines older than 0.95 effective as of April 15, 2010. As a result, any CSA 6.0 implementation prior to 6.0.1.138 using the ClamAV signature protection (AV - Signature AV Policy) will not rec… more »
03/16/10
Microsoft Virtual PC Creates Vulnerabilities
A Core Security researcher has announced a vulnerability in Microsoft PC Virtualization that in effect, can expose a vulnerability in applications where one did not exist in un-virtualized systems. The problem is, if you run an application in a Microsoft… more »
03/12/10
CVE-2010-0624: Heap-Based Overflow in GNU Tar and GNU Cpio
GNU Tar and GNU Cpio are used for managing archives on many *nix distributions (note: most BSD distributions including MacOSX use bsdtar). Both GNU TAR and GNU Cpio are capable of using the RMT protocol - a protocol used for accessing tape devices on re… more »
XML Feeds©2010 by Priveon, Inc.