vulnerabilities


Data Breach Numbers In 09 Down From 08

In 2009, the Identity Theft Resource Center recorded 498 breaches, less than the 657 in 2008, more than the 446 in 2007. Are data breaches increasing or decreasing? That is the question no one can answer. Read the full article. [Help Net Security]

US CERT: PowerDNS Open to Spoofing

US CERT advises upgrading PowerDNS
Recursor 3.1.7.2 to address multiple vulnerabilities; Exploitation of
these vulnerabilities may allow an attacker to execute arbitrary code,
cause a denial-of-service condition, or spoof DNS information. Read the advisory. [US CERT]

Kingston Recalls Drives with Memory Flaws

Kingston Technology has asked customers to return certain models of its DataTraveler secure flash drives for an update, following the discovery of a flaw in the memory sticks. Read the full article. [ZDNet]


Despite the fact that the majority of malware exploits use JavaScript to trigger an attack in Adobe’s PDF Reader product, the company says it’s impossible to completely remove JavaScript support without causing major compatibility problems.In a Q&A (listen to podcast) with Threatpost editors Dennis Fisher and Ryan Naraine, Adobe security chief Brad Arkin says the removal of JavaScript support is a non-starter because it’s an integral part of how users do form submissions.

In a proof of concept, researcher Nir Goldshlager demonstrated cross-site scripting (XSS) vulnerabilities in Google Calendar and Twitter that he said could be used to steal cookies and session IDs. Read the full article. [eWEEK]

Intel has released a patch for its series of silicon-based security
protections after researchers from Poland identified flaws that allowed
them to completely bypass the extensions. Read the full article. [The Register]

The PHP developers have released version 5.2.12 of their popular programming language, fixing over 60 bugs mainly to increase stability, but also closing some security holes. Read the full article. [The H Security]

A SQL injection flaw has been discovered in Rockyou.com – a social networking application development website used by app developers for Bebo, Facebook and Myspace; The flaw could have allowed hackers access to the 32 million usernames and passwords. Read the full article. [eWEEK Europe]

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.