securelist has the story elasticsearch is an open source Cloud software running on a lot of cloud companies. As it is a search and analytics engine. But apparently it has a vulnerability which hackers are abusing. “ including a bot implementing some extraordinary DNS amplification DDoS functionality. Operators of these bots are currently active, … Read more
Bromium report has the information plus a lot more. Two items of note in the report: 1. the type of exploits occurring in IE, Java and Flash The security system of the Operating system(ASLR and DEP) was exploited in Zero-day attacks in Internet Explorer(IE). The new Adobe Action Script feature was exploited in Flash And … Read more
CSRF or Cross Site Request forgery is the highest likely method of attack Broken Authentication is second And cross-site scripting(XSS) is third SQL Injection as well as security misconfigurations are also higher than 10% of he vulnerability types. The IBM report at X-Force blog recounts the challenges a web application scanner has as to … Read more
today Apple beat estimates: Deadline.com with 35.2 mil iPhones sold threatpost has the info about a “stream of data” on an iPhone It looks like Jonathan Zdziarksi, a forensic scientist and at Twitter: @JZdziarski. found a backdoor in iOS, it is supposedly used by Apple for troubleshooting, diagnostics and enterprise. Apple responded to … Read more
KrebsonSecurity has a good rundown on what we know so far. Basically there has been a breach, some CC companies are noticing bad traffic, and the US secret service is in on the act. July 17th the first card companies were noticing suspicious traffic. There is no other information in the news reports Goodwill Industries … Read more
