A "binary planting" vulnerability in VMware Tools for Windows allows local or remote (possibly Internet-based) attackers to deploy and execute malicious code on virtual Windows machines in the context of logged-on users. -Make your website safer. Use external penetration testing service. First report read...
2010/09/04 03:00 SecuriTeam /
A "binary planting" vulnerability in VMware Tools for Windows allows a local non-administrative attacker, under certain circumstances, to execute a malicious executable on virtual Windows machines in the context of logged- on users. -Make your website safer. Use external penetration testing service. First ...
2010/09/04 03:00 SecuriTeam / written by waleedassar.
2010/09/04 00:41 OpenRCE: Blogs / waleedassar While Eugene’s busy taking bets (wonder how much he’s going to make?), I’ve been having a think about the Winlock case.Russian law enforcement is estimating that the bad guys could have raked in as much as $1 billion. While it’s difficult to be certain about the exact amounts involved ...
2010/09/03 21:48 Kaspersky Lab Weblog / Sergey Golovanov This program intends to detect a malicious file in two ways; online and offline. It calculates the md5 hash of a specified file and searches it in its current hash set (offline) or on VirusTotal site (online) and shows the result. It has http proxy support and update (for hash set) feature. It’...
written by Mcstyle.
2010/09/03 16:06 OpenRCE: Blogs / Mcstyle A simple PERL tool which detects several Directory Traversal Vulnerabilities on HTTP/FTP Servers. This AttackDB version currently has 871 traversal payloads. This tool was tested against various Kolibri+ WebServer v2.0 and Gefest WebServer v1.0 (HTTP servers) giving good results identifying the right v...
written by restorevm.
2010/09/03 10:36 OpenRCE: Blogs / restorevm The cyber-criminal groups behind fake anti-virus (scareware/rogueware) infections have run into some significant roadblocks over the last few years, but there is much more to the overall story.
2010/09/03 06:35 Latest News for All Threats / Kurt Baumgartner In this guest editorial, security research professional Michal Zalewski argues that the government should stay away from compulsory certification and licensing in the security industry.
2010/09/03 06:24 Zero Day / Ryan Naraine The best practices for mitigating this popular form of attack often are not being deployed ...
2010/09/03 04:06 DarkReading - All Stories / Next-generation IP protocol comes with more security as well as some potential flaws of its own
2010/09/03 03:40 DarkReading - All Stories / Nice! Our first post regarding the Microsoft Enhanced Mitigation Evaluation Toolkit or EMET can be found here. Now, Microsoft has released the EMET v2!“EMET provides users with the ability to deploy security mitigation technologies to arbitrary applications. This helps prevent vulnerabilities ...
2010/09/03 02:34 PenTestIT / Black The Google Chrome 6.0, available in stable and beta channels for Windows, Mac, and Linux, patches a total of 15 documented security vunerabilities.
2010/09/03 02:22 Zero Day / Ryan Naraine A directory traversal and file retrieval vulnerability was discovered in TANDBERG's Video Communication Server. -Make your website safer. Use external penetration testing service. First report ready in one hour!
2010/09/03 02:00 SecuriTeam / This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. -Make your website safer. Use external penetration testing service. First report ready in one hour!
2010/09/03 02:00 SecuriTeam / Whoa! It sure has been a long time since we updated information about ProcNetMonitor. We had mentioned about it in our first post here. Now, the author has released an update – ProcNetMonitor version 2.7.“ProcNetMonitor is the free tool to monitor the network activity of all runnin...
2010/09/03 01:47 PenTestIT / Black The vulnerabilities expose Windows users to remote code execution attacks via maliciously crafted Web sites.
2010/09/03 00:38 Zero Day / Ryan Naraine You can find our first post regarding Laudanum here. Now, the author has updated the tool to Laudanum version 0.2.“Laudanum is a collection of injectable files, designed to be used in a pentest when SQL injection flaws are found and are in multiple languages for different environments.They prov...
Last week it was reported that the Pushdo botnet, used to send spam using the Cutwail spamming module, was taken down, thanks to the efforts of several security researchers. Thirty command-and-control (C&C) servers of the Pushdo/Cutwail botnet were identified, almost 20 of which were taken down after th...
2010/09/02 20:40 TrendLabs | Malware Blog - by Trend Micro / Loucif Kharouni (Advanced Threats Researcher) 
