The goal of this project is to make virtual world a safer and better place without child pornography, major computer crime and RIAA.
Login As
You can log in if you are registered at one of these services:
Security Bulletins
Latest Malware Updates

Infostealer.Posteal

02/26/2015

Downloader.Busadom

02/26/2015

Trojan.Ladocosm

02/26/2015

SONAR.SuspDocRun

02/25/2015

SONAR.SuspHelpRun

02/25/2015

US Senate seeks control of data breach notification process

US Senate seeks control of data breach notification process

Senator Pat Toomey, Republican from Pennsylvania, and four other Republicans have introduced Senate Bill 3333, the Data Security and Breach Notification Act of 2012. Senators hope that the new law will improve the process of notifying users that are affected by a personal information breach.

The law states that organizations that work with personal data have to notify the residents or citizens of the United States in case of information being exposed to unauthorized parties.

If data breach affects 10 thousand people or more, the organization is required to notify the FBI and the US Secret Service. 

Law enforcement agencies may request to delay notification of the affected users, if it poses a threat to a criminal investigation or has an impact on national security.

The law does not specify the time at which notification should be sent. However, it is written that the notice must be given " as expeditiously as practicable and without unreasonable delay". Victims must be notified by mail, telephone or via e-mail services.

The US Federal Trade Commission would be responsible for enforcement and penalties under the act. The amount of penalty for violation of the law is set at $ 500 thousand for one security incident.

According to the content of the law, the list of personal data include: social security numbers, drivers license numbers, passport numbers, military ID numbers, government issued identification numbers, financial account numbers, credit or debit card numbers and any required security codes, access codes or passwords necessary to access financial accounts.

(c) Naked Security


Security Advisories Database

Remote Code Execution Vulnerability in Microsoft OpenType Font Driver

A remote attacker can execute arbitrary code on the target system.

07/21/2015

SQL Injection Vulnerability in Piwigo

SQL inection vulnerability has been discovered in Piwigo.

02/05/2015

Cross-site Scripting Vulnerability in DotNetNuke

A cross-site scripting (XSS) vulnerability has been discovered in DotNetNuke.

02/05/2015

Cross-site Scripting Vulnerability in Hitachi Command Suite

A cross-site scripting vulnerability was found in Hitachi Command Suite.

02/02/2015

Denial of service vulnerability in FreeBSD SCTP RE_CONFIG Chunk Handling

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in Apache Traffic Server HTTP TRACE Max-Forwards

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in MalwareBytes Anti-Exploit "mbae.sys"

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in Linux Kernel splice

An attacker can perform a denial of service attack.

01/29/2015

Denial of service vulnerability in Python Pillow Module PNG Text Chunks Decompression

An attacker can perform a denial of service attack.

01/20/2015