Browsing category
Cisco pushed out on Wednesday its usual semiannual round of patches for IOS, the software the company uses for most of its routers and switches. This month’s security advisories addressed four vulnerabilities, three which could lead to denial of service situations, and another that could have let an attacker bypass user authentication. The bypass vulnerability […]
TV starlet offers iCloud access, photoshopped nudes, to bait voyeur hackers. The chief hacker behind the infamous iCloud celebrity hacks has revealed in a documentary how the group dubbed RipSec shook Hollywood by plundering thousands of naked photos and financial data of Tinsel Town icons. The hacker broke silence and spoke to Canadian tech and […]
Antivirus applications and other security software are supposed to make users more secure, but a growing body of research shows that in some cases, they can open people to hacks they otherwise wouldn’t be vulnerable to. The latest example is antivirus and security software from Kaspersky Lab. Tavis Ormandy, a member of Google’s Project Zero […]
Security researchers at VerSprite have tested and discovered a few vulnerabilities in Western Digital’s My Cloud NAS (Network Attached Storage) hard drive, marketed by the company as your own personal cloud server. This device, sold across the world, allows users to place it in their home and access it via a local network, or even […]
The proliferation of independent and vendor-sponsored bug bounties has not only put some money in researchers’ pockets, but has also forced enterprises—and software makers—to put processes in place to handle outside bug reports. “Saying you want one is not enough,” said Katie Moussouris, chief policy officer at bug bounty platform provider HackerOne. “CSOs need to […]
Adobe has released a Flash Player update that addresses 23 critical vulnerabilities in the software, many which can lead to code execution. Version 18.0.0.231 and earlier of Flash Player for Windows and Mac, Microsoft Edge and Internet Explorer 11 in Windows 10, and Internet Explorer 10 and 11, are affected, according to a security bulletin […]
New Android malware was discovered, able to steal money from online banking accounts, and hide SMS notifications coming to confirm financial transactions. This new malware detected by Dr.Web as the Android.SmsBot.459.origin trojan infects users via SMS spam, which, to be more convincing, in some cases even uses the phone owner’s name. The spam SMS message […]
A simple mistake by networking gear manufacturer D-Link could have opened the door for costly damage. Private keys used to sign software published by D-Link were found in the company’s open source firmware packages. While it’s unknown whether the keys were used by malicious third parties, the possibility exists that they could have been used […]
SharePoint, one of the tools included with Microsoft Office’s server suite, has been patched to protect users from a persistent XSS (cross-site scripting) flaw which could expose their private information. The vulnerability (CVE-2015-2522) was discovered by security researchers at FortiNet’s FortiGuard Labs, and affects SharePoint 2013 15.0.4571.1502 and earlier versions. SharePoint is a web application […]
Proof-of-concept exploit installs malicious app on nearby iPhones. Apple has mitigated a critical iOS vulnerability that allows attackers within Bluetooth range of an iPhone to install malicious apps using the Airdrop filesharing feature. Mark Dowd, the security researcher who discovered the bug and privately reported it to Apple, told Ars that the vulnerability has been […]
Android devices may be protected by a lock screen which requires some form of authentication before access to most phone features, its settings and the data stored on it is granted. Users may protect the phone by password, pin or pattern for example, and there are other means of protection available as well, for instance […]
WordPress core engine security vulnerabilities aren’t rare, but they are uncommon. Most issues affecting the integrity of sites running on the content management system are introduced by third-party plugins and put those sites at risk for a host of attacks. Today WordPress upgraded to version 4.3.1 which patched three vulnerabilities, two of which were reported […]
More than a dozen routers in four countries infected with fully featured implants. Researchers have uncovered active and highly clandestine attacks that have infected more than a dozen Cisco routers with a backdoor that can be used to gain a permanent foothold inside a targeted network. The SYNful knock malware has been found on 14 […]
This vulnerability was discovered by Rafal Wojtczuk and Corey Kallenberg, check original white paper. Around one month ago, at 31-st Chaos Communication Congress, Rafal Wojtczuk and Corey Kallenberg presented an excellent research: “Attacks on UEFI security, inspired by Darth Venamis’s misery and Speed Racer” (video, white paper 1,white paper 2). The main goal of UEFI […]
Networking process crashed by crafted packets. One of the world’s major suppliers of industrial networking kit, Japanese company Yokogawa, has alerted the world to a vulnerability in 21 of its products. The ICS-CERT advisory, here, identifies the company’s CENTUM, ProSafe-RS, STARDOM, FAST/TOOLS and other systems as being at risk. The vulns are “stack-based buffer overflow […]
Apple will release iOS 9 next week, and some iOS 8 users who rely on unofficial apps installed on their iPhones and iPads after jailbreaking them are worried about upgrading. With each software release, Apple typically patches the security flaws used to jailbreak previous software versions. As a result, updating to the most recent iOS version […]
Researchers recently discovered a smattering of vulnerabilities in web applications and mobile applications belonging to companies like Yahoo, PayPal, Magento, and Shopify that could have led to account theft, session hijacking, and phishing, among other consequences. Hadji Samir, Ebrahim Hegazy, Ayoub Ait Elmokhtar, and Benjamin Kunz Mejri, researchers with Vulnerability Lab, found the bugs earlier this […]
Joshua Drake, the researcher who found the so-called Stagefright vulnerability in Android, today released exploit code to the public, which he hopes will be used to test systems’ exposure to the flaw. The move comes more than a month after vulnerability details were released in August during presentations at the Black Hat and DEF CON […]
When auditing iOS kernel executable, we found that the code quality ofcom.apple.driver.AppleHDQGasGaugeControl is very bad. In this blog, we will disclose 3 vulnerabilities in this kernel extension on the latest public iOS (version 8.4.1). More importantly, one of these bugs is a perfect heap overflow vulnerability that allows us to defeat all kernel mitigations and […]
Microsoft today patched a vulnerability in its graphics component present in Windows, Office and Lync that has been publicly attacked, and is one of five vulnerabilities patched this month that have been publicly disclosed. Microsoft released a dozen bulletins today, five of them it rates critical, including separate updates for Internet Explorer and the new […]
WhatsApp Web is a web-based extension of the WhatsApp application on your phone. The web application mirrors all messages sent and received, and fully synchronize your phone and your desktop computer so that users can see all messages on both devices. WhatsApp Web is available for most WhatsApp supported platforms, including Android, iPhone (iOS), Windows Phone 8.x, BlackBerry, BB10 and […]