TrendMicro reports having found what could be a rootkit in an enterprise infosecurity software. The rootkit-churning vendor is the same one that published Sony MicroVault USM-F fingerprint reader discovered last year. What other products has this vendor shipped?
It’s been reported that WordPress, a popular blogging application is vulnerable to cross-site scripting (XSS). The vulnerability, discovered in the RSS feed generator and complete with a PoC, affects all versions prior to and including version 2.6.3. A week after the vendor (WordPress) was notified, it released a new version (2.6.5).
Symantec has published a survey - Underground Economy - detailing the activities of cyber criminals who through astute business models have managed to rake in hundreds of millions of dollars in a year. The cost to victims of these activities easily runs into billions of dollars. What do they sell?
The Damn Vulnerable Linux (DVL) is a Linux-based security environment for IT security education. DVL distribution has been deliberately weakened to facilitate ethical hacking education. It is regularly updated with exploitable exercises with the solutions and corresponding exploits submitted by the community. It contains a plethora of IT security tools thus making it a good [...]
Google acted quickly to fix a cross site scripting vulnerability reported in the vulnerability archive xssed.com. It took just hours between showing up in the archive and being reported fixed. This comes after being heavily criticsed for not acting quickly to fix other reported vulnerabilities in the past. Read more here
