Web Security


US CERT: PowerDNS Open to Spoofing

US CERT advises upgrading PowerDNS
Recursor 3.1.7.2 to address multiple vulnerabilities; Exploitation of
these vulnerabilities may allow an attacker to execute arbitrary code,
cause a denial-of-service condition, or spoof DNS information. Read the advisory. [US CERT]

PCI DSS In Full Effect in Nevada and NH

On January 1, 2010, two important state data security and privacy laws
took effect in Nevada and New Hampshire that create new
obligations for most companies that do business in Nevada and for
health care providers and business associates in New Hampshire. Read the full article. [Hunton & Williams Law Blog]

Child of Storm Botnet ‘Waledac’ Is Expansive

In an undercover mission to learn more about
the size and scope of the son of the infamous Storm botnet, Waledac,
German researchers have discovered the spamming botnet is much bigger
and more efficient than previously thought. Read the full article. [Dark Reading]


Banks, military contractors and software companies, along with federal
agencies, are looking for “cyber ninjas” to fend off a sophisticated
array of hackers, from criminals stealing credit card numbers to
potential military adversaries. Read the full article. [NY Times]

People have one more reason to celebrate the new
year, according to the Shadowserver Foundation: Nearly a million
Conficker-infected computers have oddly disappeared overnight. Read the full article. [Security Focus]

In a proof of concept, researcher Nir Goldshlager demonstrated cross-site scripting (XSS) vulnerabilities in Google Calendar and Twitter that he said could be used to steal cookies and session IDs. Read the full article. [eWEEK]

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.