Browsing category
New Android malware was discovered, able to steal money from online banking accounts, and hide SMS notifications coming to confirm financial transactions. This new malware detected by Dr.Web as the Android.SmsBot.459.origin trojan infects users via SMS spam, which, to be more convincing, in some cases even uses the phone owner’s name. The spam SMS message […]
A simple mistake by networking gear manufacturer D-Link could have opened the door for costly damage. Private keys used to sign software published by D-Link were found in the company’s open source firmware packages. While it’s unknown whether the keys were used by malicious third parties, the possibility exists that they could have been used […]
SharePoint, one of the tools included with Microsoft Office’s server suite, has been patched to protect users from a persistent XSS (cross-site scripting) flaw which could expose their private information. The vulnerability (CVE-2015-2522) was discovered by security researchers at FortiNet’s FortiGuard Labs, and affects SharePoint 2013 15.0.4571.1502 and earlier versions. SharePoint is a web application […]
Proof-of-concept exploit installs malicious app on nearby iPhones. Apple has mitigated a critical iOS vulnerability that allows attackers within Bluetooth range of an iPhone to install malicious apps using the Airdrop filesharing feature. Mark Dowd, the security researcher who discovered the bug and privately reported it to Apple, told Ars that the vulnerability has been […]
Android devices may be protected by a lock screen which requires some form of authentication before access to most phone features, its settings and the data stored on it is granted. Users may protect the phone by password, pin or pattern for example, and there are other means of protection available as well, for instance […]
WordPress core engine security vulnerabilities aren’t rare, but they are uncommon. Most issues affecting the integrity of sites running on the content management system are introduced by third-party plugins and put those sites at risk for a host of attacks. Today WordPress upgraded to version 4.3.1 which patched three vulnerabilities, two of which were reported […]
More than a dozen routers in four countries infected with fully featured implants. Researchers have uncovered active and highly clandestine attacks that have infected more than a dozen Cisco routers with a backdoor that can be used to gain a permanent foothold inside a targeted network. The SYNful knock malware has been found on 14 […]
This vulnerability was discovered by Rafal Wojtczuk and Corey Kallenberg, check original white paper. Around one month ago, at 31-st Chaos Communication Congress, Rafal Wojtczuk and Corey Kallenberg presented an excellent research: “Attacks on UEFI security, inspired by Darth Venamis’s misery and Speed Racer” (video, white paper 1,white paper 2). The main goal of UEFI […]
Networking process crashed by crafted packets. One of the world’s major suppliers of industrial networking kit, Japanese company Yokogawa, has alerted the world to a vulnerability in 21 of its products. The ICS-CERT advisory, here, identifies the company’s CENTUM, ProSafe-RS, STARDOM, FAST/TOOLS and other systems as being at risk. The vulns are “stack-based buffer overflow […]
Apple will release iOS 9 next week, and some iOS 8 users who rely on unofficial apps installed on their iPhones and iPads after jailbreaking them are worried about upgrading. With each software release, Apple typically patches the security flaws used to jailbreak previous software versions. As a result, updating to the most recent iOS version […]
Researchers recently discovered a smattering of vulnerabilities in web applications and mobile applications belonging to companies like Yahoo, PayPal, Magento, and Shopify that could have led to account theft, session hijacking, and phishing, among other consequences. Hadji Samir, Ebrahim Hegazy, Ayoub Ait Elmokhtar, and Benjamin Kunz Mejri, researchers with Vulnerability Lab, found the bugs earlier this […]
Joshua Drake, the researcher who found the so-called Stagefright vulnerability in Android, today released exploit code to the public, which he hopes will be used to test systems’ exposure to the flaw. The move comes more than a month after vulnerability details were released in August during presentations at the Black Hat and DEF CON […]
When auditing iOS kernel executable, we found that the code quality ofcom.apple.driver.AppleHDQGasGaugeControl is very bad. In this blog, we will disclose 3 vulnerabilities in this kernel extension on the latest public iOS (version 8.4.1). More importantly, one of these bugs is a perfect heap overflow vulnerability that allows us to defeat all kernel mitigations and […]
Microsoft today patched a vulnerability in its graphics component present in Windows, Office and Lync that has been publicly attacked, and is one of five vulnerabilities patched this month that have been publicly disclosed. Microsoft released a dozen bulletins today, five of them it rates critical, including separate updates for Internet Explorer and the new […]
WhatsApp Web is a web-based extension of the WhatsApp application on your phone. The web application mirrors all messages sent and received, and fully synchronize your phone and your desktop computer so that users can see all messages on both devices. WhatsApp Web is available for most WhatsApp supported platforms, including Android, iPhone (iOS), Windows Phone 8.x, BlackBerry, BB10 and […]
If you have not recently updated the firmware for your Seagate wireless NAS drives, now is the time to do so. Researchers at Tangible Security have discovered a series of vulnerabilities in a number of devices produced by Seagate that could allow unauthorized access to files and settings. An undocumented Telnet feature could be used […]
Sounds like it’s going to be a busy few days for R&D and PR departments at least two security companies. This weekend, vulnerability researchers have separately disclosed flaws in products from Kaspersky and FireEye that could be exploited by malicious hackers. First up was Tavis Ormandy. Ormandy, a security researcher at Google, has made a […]
We’re used to seeing malware that exploits unpatched vulnerabilities in software. But in a new twist attackers are bundling an old version of remote access package TeamViewer with their malware in order to take advantage of a flaw. The malware known as TVSPY has been uncovered by researchers at security companyDamballa. While the current version of TeamViewer […]
Security experts constantly tell users not to reuse passwords on multiple accounts, but the message often falls on deaf ears. Now, officials at Mozilla are finding that advanced users don’t always follow that advice either after discovering that an attacker was able to compromise a Bugzilla user’s account by using a password taken from a data […]
It didn’t even take a day for security researchers to find a serious way of exploiting the mechanism through which user clicks could be faked in Mac OS X. Antoine Vincent Jebara and Raja Rahbani from the myki identity management startup have expanded on the work of Malwarebytes researchers who found this issue with the […]
Most automated scanning and security tools that ferret out cross-site scripting vulnerabilities don’t do much analysis beyond the target application. Netflix this week, however, released to open source a tool developed in-house that persists beyond the target app and can flag potential XSS trouble in secondary applications. The tool, called Sleepy Puppy, is available on […]