Browsing category
Singaporean telco’s customer premises equipment is a gateway to security hell. Thousands of routers mandated for use by a major Singaporean telco and operated by ‘top enterprises” around the world are open to a remote zero day exploit that allows routers to be completely hijacked and is indefensible by most users. Vantage Point Security senior […]
Researcher finds reflected XSS bug in Drupal 8.Drupal 8 isn’t even out yet but security experts have been hard at work auditing the code and reporting security bugs, helping the open source community strengthen one of its most beloved Content Management Systems (CMSs). Sandeep Kamble, a security researchers for SecureLayer7, has uncovered an XSS (cross-site […]
The director of one of Europe’s top aviation agencies warned on Thursday that hackers could infiltrate critical systems in an airplane on the ground. Patrick Ky director of the European Aviation Safety Agency, said a consultant hired by the agency—one who is a commercial pilot as well—exploited vulnerabilities in the ACARS (Aircraft Communications Addressing and […]
A vulnerability in Netgear routers, already disclosed by two sets of researchers at different security companies, has been publicly exploited. Netgear, meanwhile, has yet to release patched firmware, despite apparently having built one and confirmed with one of the companies that privately disclosed that it addressed the problem adequately. Alexandre Herzog, CTO of Compass Security […]
Google has been busy removing a number of apps from Google Play that are disguised as popular selections that are actually pushing what starts out as adware but eventually turns more malicious. Google has already yanked down a file-transfer app called ShareIt, developed by Zhang Long of China, who was posting benign versions of his […]
Avast was vulnerable to malicious HTTPS connections. One of Google’s security experts found a zero-day exploit inside the Avast antivirus, which the company has recently patched. The researcher is Tavis Ormandy, one of Google’s Project Zero engineers, the same man that discovered a similar zero-day exploit in Kaspersky’s antivirus exactly a month ago. According to Ormandy’s […]
Ruskies sling malicious packet to trigger denial of service. Positive Technologies researchers Timur Yunusov and Kirill Nesterov have found since-patched remote execution and denial of service vulnerabilities in a popular Huawei 4G USB modem that can allow attackers to hijack connected computers. The Huawei E3272 USB modem sells from about US$120 on Amazon. Researchers say […]
Group used Angler Exploit kit to push ransomware on unsuspecting Internet users. Security researchers have disrupted an online criminal operation they estimated drew $30 million per year pushing ransomware on unsuspecting people browsing the Internet. The takedown was performed by investigators from Cisco Systems’ Talos security unit, which was researching the Angler Exploit kit. The hack-by-numbers […]
Google today patched the latest round of Stagefright vulnerabilities in Android, pushing them out as part of its latest over-the-air update to Nexus devices. Stagefright 2.0, as it’s come to be known, affected the Stagefright media playback engine in Android and one billion devices dating back to the earliest versions of the OS are thought […]
Two kernel vulnerabilities were left unpatched on older devices running Android Jelly Bean and KitKat. QuarksLAB, a security research company based in Paris, France, has stumbled upon two kernel vulnerabilities in Samsung Galaxy S4 devices which Samsung has decided to patch, but only for recent devices running Android Lollipop, and not for those with Jelly Bean […]
After a few critical bugs were recently discovered and patched in the core WordPress engine—a rarity with WordPress-related security issues—order has apparently been restored with the discovery of a critical vulnerability in a popular plugin. Insecure plugins have been at the heart of numerous attacks launched from compromised WordPress site. One was patched this week in […]
Apple just released iOS 9.0.2. This new version claims to close the well-publicised Lock screen hole that lets anyone view and edit your contacts, send text messages, and rummage through your photos – without entering your passcode. Apple IOS 9.0.2 If you had an iOS 9 or 9.0.1 device with Siri accessible from your lock screen, […]
Ex-Googler Sanmay Ved was lucky enough to grab Google.com domain, but only for a minute. google.com purchase screen In a detailed post on LinkedIn, the former Google employee said he was learning more about the Google domains interface and that’s when he discovered the availability of Google.com domain. To his surprise, the most trafficked domain was […]
When researcher Joshua Drake published details in August about critical Android vulnerabilities in the Stagefright media playback engine, he promised there would be more issues that he and others would find an report to Google’s Android security team. Today, Drake, vice president of platform research and exploitation at Zimperium, disclosed two more flaws in Stagefright, […]
Gatekeeper is Mac OS X’s guardian against rogue applications and malware sneaking into Apple’s famous walled garden. It’s also been a favorite target of researchers and advanced attackers desperate to gain control of Apple devices. Tomorrow at Virus Bulletin in Prague, researcher Patrick Wardle, director of research at Synack, will demonstrate a Gatekeeper bypass he’s […]
Vulnerability allowed hackers to hijack active user sessions.Microsoft Exchange Server has been recently patched to fix an important security vulnerability which would have allowed attackers to gain access to active Webmail sessions via an easy to exploit flaw. The vulnerability was found in Outlook Web Access (OWA) in Microsoft Exchange Server 2013, and allows any […]
SAP patched a dozen holes in its in-memory management system, HANA, that could have led to SQL injection attacks, cross-site scripting (XSS) errors, and memory corruption vulnerabilities. Many of the bugs were addressed by the company months ago, but it wasn’t until Tuesday that Onapsis, the security firm that dug up the vulnerabilities, disclosed them. […]
WinRAR, the popular file compression and decompression utility, has a security vulnerability that allows attackers to remotely execute code on the user’s computer when opening an SFX (Self-extracting archive) file. The bug was discovered by Mohammad Reza Espargham from Vulnerability Lab, and was also reproduced by Pieter Arntz from Malwarebytes. According to the vulnerability disclosure […]
The Microsoft Enhanced Mitigation Experience Toolkit, short EMET, is an optional download for all supported client and server versions of Microsoft’s Windows operating system that adds exploit mitigation to the system’s defenses. Basically, it has been designed to prevent attacks from being carried out successfully if they have breached system defenses such as antivirus solutions […]
Yesterday’s update of the encryption software VeraCyrpt fixed two vulnerabilities that security researcher James Forshaw discovered in TrueCrypt’s source code. TrueCrypt, which has been abandoned by its developers, is still widely used. This can be attributed largely to convenience and that the software’s security audit did not turn up major critical vulnerabilities in the program. […]
Yahoo’s developers have open-sourced Gryffin, a security scanner for Web content, specifically designed to cut down the number of false positives and also work at very large scales. Yahoo has a history of releasing weird open-source projects that eventually become industry favorites. You know, projects like YUI!, Pure, and Hadoop, which were at first considered […]