Browsing category
This vulnerability was discovered by Rafal Wojtczuk and Corey Kallenberg, check original white paper. Around one month ago, at 31-st Chaos Communication Congress, Rafal Wojtczuk and Corey Kallenberg presented an excellent research: “Attacks on UEFI security, inspired by Darth Venamis’s misery and Speed Racer” (video, white paper 1,white paper 2). The main goal of UEFI […]
Networking process crashed by crafted packets. One of the world’s major suppliers of industrial networking kit, Japanese company Yokogawa, has alerted the world to a vulnerability in 21 of its products. The ICS-CERT advisory, here, identifies the company’s CENTUM, ProSafe-RS, STARDOM, FAST/TOOLS and other systems as being at risk. The vulns are “stack-based buffer overflow […]
Apple will release iOS 9 next week, and some iOS 8 users who rely on unofficial apps installed on their iPhones and iPads after jailbreaking them are worried about upgrading. With each software release, Apple typically patches the security flaws used to jailbreak previous software versions. As a result, updating to the most recent iOS version […]
Researchers recently discovered a smattering of vulnerabilities in web applications and mobile applications belonging to companies like Yahoo, PayPal, Magento, and Shopify that could have led to account theft, session hijacking, and phishing, among other consequences. Hadji Samir, Ebrahim Hegazy, Ayoub Ait Elmokhtar, and Benjamin Kunz Mejri, researchers with Vulnerability Lab, found the bugs earlier this […]
Joshua Drake, the researcher who found the so-called Stagefright vulnerability in Android, today released exploit code to the public, which he hopes will be used to test systems’ exposure to the flaw. The move comes more than a month after vulnerability details were released in August during presentations at the Black Hat and DEF CON […]
When auditing iOS kernel executable, we found that the code quality ofcom.apple.driver.AppleHDQGasGaugeControl is very bad. In this blog, we will disclose 3 vulnerabilities in this kernel extension on the latest public iOS (version 8.4.1). More importantly, one of these bugs is a perfect heap overflow vulnerability that allows us to defeat all kernel mitigations and […]
Microsoft today patched a vulnerability in its graphics component present in Windows, Office and Lync that has been publicly attacked, and is one of five vulnerabilities patched this month that have been publicly disclosed. Microsoft released a dozen bulletins today, five of them it rates critical, including separate updates for Internet Explorer and the new […]
WhatsApp Web is a web-based extension of the WhatsApp application on your phone. The web application mirrors all messages sent and received, and fully synchronize your phone and your desktop computer so that users can see all messages on both devices. WhatsApp Web is available for most WhatsApp supported platforms, including Android, iPhone (iOS), Windows Phone 8.x, BlackBerry, BB10 and […]
If you have not recently updated the firmware for your Seagate wireless NAS drives, now is the time to do so. Researchers at Tangible Security have discovered a series of vulnerabilities in a number of devices produced by Seagate that could allow unauthorized access to files and settings. An undocumented Telnet feature could be used […]
Sounds like it’s going to be a busy few days for R&D and PR departments at least two security companies. This weekend, vulnerability researchers have separately disclosed flaws in products from Kaspersky and FireEye that could be exploited by malicious hackers. First up was Tavis Ormandy. Ormandy, a security researcher at Google, has made a […]
We’re used to seeing malware that exploits unpatched vulnerabilities in software. But in a new twist attackers are bundling an old version of remote access package TeamViewer with their malware in order to take advantage of a flaw. The malware known as TVSPY has been uncovered by researchers at security companyDamballa. While the current version of TeamViewer […]
Security experts constantly tell users not to reuse passwords on multiple accounts, but the message often falls on deaf ears. Now, officials at Mozilla are finding that advanced users don’t always follow that advice either after discovering that an attacker was able to compromise a Bugzilla user’s account by using a password taken from a data […]
It didn’t even take a day for security researchers to find a serious way of exploiting the mechanism through which user clicks could be faked in Mac OS X. Antoine Vincent Jebara and Raja Rahbani from the myki identity management startup have expanded on the work of Malwarebytes researchers who found this issue with the […]
Most automated scanning and security tools that ferret out cross-site scripting vulnerabilities don’t do much analysis beyond the target application. Netflix this week, however, released to open source a tool developed in-house that persists beyond the target app and can flag potential XSS trouble in secondary applications. The tool, called Sleepy Puppy, is available on […]
A stored XSS vulnerability was identified and reported by Bitdefender’s staff to PayPal, one that could have been easily used by hackers as an entry point for further attacks. We recently posted an article based on Jack Leonard’s “How XSS Attacks Work” infographic. And as we explained in that post, the difference between reflective and […]
Security vulnerabilities in UPnP continue to crop up and continue to put millions of home networking devices at risk for compromise. The latest was revealed in early August, but prompted an advisory yesterday from the DHS-sponsored CERT at the Software Engineering Institute at Carnegie Mellon University. It’s called Filet-o-Firewall and it combines a number vulnerabilities […]
A newly discovered malware family that preys on jailbroken iPhones has collected login credentials for more than 225,000 Apple accounts, making it one of the largest Apple account compromises to be caused by malware. KeyRaider, as the malware family has been dubbed, is distributed through a third-party repository ofCydia, which markets itself as an alternative […]
Ilya Karpov of Russian security outfit Positive Technologies has reported nine vulnerabilities in Siemens industrial control system kit used in critical operations from petrochemical labs and power plants up to the Large Hadron Collider. The holes, now patched, also include two for Schneider Electric kit and cover a mix of remote and local exploits that […]
Major vulnerabilities have been detected in Dolphin and Mercury Android browsers that could have provided cybercriminals with the opportunity to launch zero-day attacks. This is considered to be a notable discovery. With both browsers growing in popularity – it is estimated that over 100 million downloads have been made between the two browsers – the […]
Agora dark market suspends operations after finding “suspicious activity.” A dark market website that relies on the Tor privacy network to keep its operators anonymous is temporarily shutting down amid concerns attackers are exploiting a newly reported weakness that can identify server locations. As Ars reported last month, the technique requires the adversary to control […]
Apple’s monster security update of Aug. 13 included a patch for an iOS vulnerability that could beacon out location data and other personal information from a device, even if a particular task has been shut off by the user. A mobile app exploiting this vulnerability could also look benign enough to slip past Apple’s security […]