nb1 writes:  

Symantec has announced that it plans to shut down part of its SecurityFocus security information portal. The company says that only the Mailing Lists, including Bugtraq, and its Vulnerability Database will remain online Starting on the 15th of March, SecurityFocus will begin transitioning its content to the Symantec Connect site.

Founded in 1999, SecurityFocus was acquired in 2002 by Symantec, the company behind another acquisition the popular Norton range of security products. In addition to its various mailing lists and vulnerability database, SecurityFocus maintains a comprehensive collection of articles and papers on a number of security issues. The site has also served as a reliable source for news from security experts on the latest security threats and problems.

Change in Focus, a SecurityFocus news post.

Websense Security Lab™ ThreatSeeker™ Network has discovered that search terms related to Corey Haim have become the latest target for Blackhat SEO

Corey Haim, 1980s teen idol actor and a star of such famous movies as "The Lost Boys" and "License to Drive", was found dead in his Los Angeles apartment at the age of only 38 on Wednesday.

Whether it's a natural disaster or a death, Blackhats monitor and adapt to popular search trends. Not long after the sad news emerged, the search phrase "Corey Haim" became one of the hottest topics in Google trends.

Cybercriminals again jump at a chance to spread their rogue AVs. When users enter keywords such as "Corey Haim death" in Google, some of the results will lead them to download fake security software. The downloading FakeAV file has only 17% coverage from antivirus products.

Websense Messaging and Websense Web Security customers are protected against this attack.

To view the details of this alert Click here

SECUNIA ADVISORY ID: SA38852

VERIFY ADVISORY: http://secunia.com/advisories/38852/

CRITICALITY: Highly Critical

DESCRIPTION: A vulnerability has been reported in Apache HTTP Server, which can be exploited by malicious people to potentially compromise a vulnerable system. For more information see vulnerability #2 in: SA38776

SOLUTION: Fixed in the SVN repository: http://svn.apache.org/viewvc?view=revision&revision=920961

ORIGINAL ADVISORY: http://httpd.apache.org/security/vulnerabilities_20.html

OTHER REFERENCES: SA38776: http://secunia.com/advisories/38776/

papamike writes:  

I just released my newest theme Renewal4 that's free to members. I haven't released a theme in quite a while but now I have the time to start releasing themes regularly.

Renewal4 is a nice theme with matching forums, download and weblink graphics, and more. I rely on the extensive array of RavenNuke(tm) blocks and modules that users can access to help them build up their site. I offer a wide array of themes in different categories that cover most peoples needs.

Get your copy today at http://www.papamikecreations.net registration is free and only takes a few minutes to complete.

I am the first and longest running designer of RavenNuke(tm) themes, stop in and see what I have to offer.

And as always, I say Support RavenNuke(tm) in anyway that you can.

Oh, one more thing. I see some of my themes offered for download at other sites but I need to tell you that I upgrade my themes often so you should always download my themes from my site to ensure you are getting the most recent version.

Thanks, have a nice day! :)

SECUNIA ADVISORY ID: SA38846

VERIFY ADVISORY: http://secunia.com/advisories/38846/

CRITICALITY: Moderately Critical

DESCRIPTION: rPath has issued an update for gzip. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system. Read More...

From the PHPBB Group:

We are sorry to announce the immediate release of phpBB 3.0.7-PL1 to address a security issue which was introduced in 3.0.7, unfortunately the issue wasn't noticed during testing and has only surfaced a week after the release of 3.0.7.

We promised working feeds for phpBB 3.0.7. Sadly, we were not able to deliver on that promise - a critical bug in the permission handling for feeds slipped past. To all people who already have updated to 3.0.7, it is of critical importance to update to 3.0.7-PL1. Otherwise, it is possible for users to bypass permission settings under the following circumstances:

- Feeds are enabled
- Any of the posts or topics feeds are enabled
- The unauthorised user - or one of the groups they are a member of - has forum permissions set on a private forum
- If you have excluded a forum from the list of forums that provide feeds, it is unaffected

The fix for the issue is a single line change inside of feed.php, line 525 has changed from:

$forum_ids = array_keys($auth->acl_getf('f_read'));

to:

$forum_ids = array_keys($auth->acl_getf('f_read', true));