There are reports of a major problem concerning Adobe Acrobat files and Cross Site Scripting (XSS). A flaw was revealed in the way that the Adobe Reader browser plugin can be made to execute JavaScript code on the client side.This development is significant for a number of reasons:

Websense, Inc., a global leader in Web security and Web filtering software, released the results of its first European study of online Christmas shopping behaviour. The analysis found that whilst 75% of online Christmas shoppers were not totally certain about being able to identify a secure Website, only one in four considered keeping their credit card and online banking information safe and secure as their greatest concern.

AttackAPI provides simple and intuitive web programmable interface for composing attack vectors with JavaScript and other client and server related technologies. This is the 2.x branch which among other improvements introduces better interaction with the attack subroutines.

Please join us this week for an informative FREE SANS Webcast that you won't want to miss!

You can now download or subscribe to the SANS webcast calendar at:
http://www.sans.org/webcasts/calendar.ics

The Department of Veterans Affairs has awarded information technology solutions provider Merlin International and Watchfire, a provider of Web application vulnerability software, a multimillion-dollar award to build and maintain a Web application security system that will reduce security breach risks at the VA.

Application Security, Inc. today announced Oracle on Linux support in AppRadar -- the industry's most complete database activity monitoring and security auditing solution. AppSecInc made the announcement in conjunction with Oracle OpenWorld, taking place this week at the Moscone Center in San Francisco.

IronPort® Systems Inc., the leading Internet gateway security provider, and Webroot Software, Inc., the leading provider of anti-spyware software for the consumer, enterprise and SME markets, today announced a partnership to stop spyware at the corporate perimeter.

IronPort is using the Webroot RockSafe E1000 SDK in IronPort's new S-Series Web Security Appliances. The IronPort S-Series Web Security Appliance combines a high performance web proxy for application layer analysis with a wire-speed Layer 4 Traffic Monitor, yielding the fastest and most comprehensive protection in the industry.

Security Assessment Inc., a leading Canadian information security firm providing high-level expertise in securing corporate IT Network Infrastructures has today announced a channel partner agreement with Acunetix, a leading website security software company. The agreement serves as a significant step as Acunetix continues to expand their Canadian presence with its popular web application security tool, Acunetix Web Vulnerability Scanner.

Caching servers used by leading search engines have become malicious code repositories, according to a report published yesterday.

The study found when the website containing the code is removed, the malicious content it holds remains stored on the caching servers - used by ISPs and leading search engines - leaving businesses vulnerable to spyware, trojans and other security threats.

WALTHAM, Mass. & LAS VEGAS--(BUSINESS WIRE)--Today at Mercury World 2006, Watchfire, the worldwide market-leading provider of web application vulnerability assessment software and services announced integration and support for Mercury Quality Center? 9.0. AppScan? offers solutions for all types of security testing ?outsourced, desktop-user and enterprise-wide analysis. Now, Watchfire?s web application security testing solutions, AppScan, and AppScan? Enterprise both integrate with the most recent version of Mercury TestDirector?, part of Mercury Quality Center?. Watchfire will also exhibit and demonstrate the integrations within the Mercury World 2006 Partner Showcase.