Securityinform.com

whatsapplogo 0

Research revealed that deleted WhatsApp messages aren’t actually deleted!

An iOS security expert discovered that your WhatsApp messages aren’t actually deleted even you try to delete them by selecting ‘Clear All Chats’ option.  The same issue also exists on Apple’s popular instant messaging service called iMessage. Jonathan Zdziarski’s research revealed that the latest version of WhatsApp, the most popular cross-platform instant messaging client with some one billion users, leaves forensic...

166 total views, 4 views today

dlllogo 0

Windows weakness allows ‘UAC bypass’ attack and malicious DLL loading

Quick Summary: Two security researchers discovered an interesting method for bypassing one of the Windows operating system security features which allows attackers to run malicious DLL files on target system. They found a weakness in one of the Windows default scheduled tasks. Successful exploit of the weakness may lead to malware infection, information disclosure or even remote users gaining full control over...

133 total views, 6 views today

pokemonlogo 0

Malicious Pokémon GO application installs backdoor on your device

Remote access tools (RAT) are one of the most dangerous malware types. RAT provides attackers with full control over the victim’s system which allows them to remotely access files, private conversations, accounting data and other type of files on the victim’s device. Wrapping popular applications with remote access trojans/tools is one of the methods used by cyber criminals to infect and control victim’s device....

190 total views, 3 views today

netgear 0

Netgear D6000 and D3600 routers contain hard-coded cryptographic keys and are vulnerable to authentication bypass

If you have Netgear D6000 or D3600 router devices with 1.0.0.49 and prior firmware versions installed in your network environment, you should update your device to firmware version 1.0.0.59 which released by Netgear on Friday to patch two critical vulnerabilities. Successful exploitation of vulnerabilities by remote unauthenticated attacker may allow gaining administrator access to affected device, performing man-in-the-middle attack on victims network or...

343 total views, 3 views today

bbpress 0

Critical XSS vulnerability found in popular WordPress forum plugin bbPress, update available

Imagine for a second that WordPress is a castle which you have to protect from attacks. At this point, every plugin you installed becomes a gate to your castle and you need to ensure the safety of these gates. A recently found vulnerability in popular WordPress forum plugin bbPress is an example of this situation which may affected some 300.000 websites, including wordpress.org support forum....

825 total views, 1 views today

cwms 0

Open redirect vulnerability in Cisco WebEx Meetings Server allows phishing attacks, update needed

Cisco WebEx Meetings Server is a virtualized conferencing solution which combines audio, video and web conferencing in a single solution. Cisco has released a security advisory describing an open redirect vulnerability in the Cisco WebEx Meetings Server (CWMS) web interface that allows an unauthenticated, remote attacker to redirect a user to a malicious web page and conduct phishing attacks. Improper input validation of the...

363 total views, 1 views today

HP-Data-Protector 0

Critical vulnerabilities allow remote disclosure of information in HP Data Protector, update needed

Sometimes companies use the same password or certificate private key in their software developments which usually makes the software (or the platform it runs on) vulnerable to critical attacks like man-in-the-middle (MITM). A recent vulnerability discovered in HP’s popular automated server backup and recovery software is the latest example of this situation. Hp Data Protector is automated backup & recovery software for single-server...

587 total views, 1 views today

ucs 0

Cisco fixed a critical vulnerability in UCS central software

Cisco Unified Computing System (UCS) is a data center server platform that consist of hardware, virtualization support, switching fabric and management software. And Cisco UCS Central software is a software for managing multiple Cisco UCS instances or domains and supports up to 10.000 Cisco UCS servers. Cisco has recently fixed a critical vulnerability in web framework of Cisco UCS Central Software which...

340 total views, 3 views today

drownlogo 0

11.5 million HTTPS servers are vulnerable to highly critical DROWN Attack

Security researchers have discovered a highly critical vulnerability which allows attackers to break the encryption on SSLv2 allowed servers such as websites or mail servers and steal sensitive information including passwords, credit card numbers, e-mails and instant messages. The critical vulnerability which affects HTTPS protocol and other services that rely on SSL and TLS, dubbed as “DROWN” (Decrypting RSA with Obsolete and Weakened eNcryption)...

1,137 total views, 1 views today

ciscoasa 0

Patch your Cisco Firewall: Critical ASA vulnerability may allow attackers to obtain full control of the affected system

If you have one of the Cisco ASA firewall devices listed at the end of this page and you configured your firewall device to terminate IKEv1 or IKEv2 VPN connections such as LAN-to-LAN IPsec VPN, Remote access VPN using the IPsec VPN client, Layer 2 Tunneling Protocol (L2TP)-over-IPsec VPN connections or IKEv2 AnyConnect, it means that  your device is most likely...

507 total views, 3 views today

Google+