Category: Vulnerability Alert

0

Critical Google Chrome vulnerability could expose your passwords, how to protect yourself

A serious vulnerability has been discovered in Google’s Chrome web browser that could allow hackers to steal victim’s Microsoft service passwords and Windows login credentials remotely. Luckily, some workarounds exist to prevent the issue until Google releases a security update. The vulnerability exist in the way Chrome downloads files in it’s default configuration. Latest version of the popular web browser downloads files automatically...

342 total views, 1 views today

0

Multiple vulnerabilities found in Asus RT routers, update needed

Changing default credentials is one of the most important security precautions. And the latest Asus wireless router vulnerability is just another example that shows why you need to change it. Security experts from ‘Nightwatch Cybersecurity’ have discovered multiple vulnerabilities in 40 different Asus RT router models. According to experts, recent vulnerabilities allows malicious sites to login and change the router settings, exfiltrate router...

284 total views, 1 views today

0

New OpenBSD vulnerability allows man-in-the-middle (MitM) attack

OpenBSD is a free and open source Unix-like computer operating system based upon Berkeley Software Distribution (BSD, a Unix operating system derivative) and it is one of the most secure operating systems available. But, like all other operating systems, it is also vulnerable to attacks and needs patching. Network and wireless security researcher Mathy Vanhoef has discovered a new vulnerability in OpenBSD’s...

505 total views, 3 views today

0

A new denial-of-service (DoS) vulnerability was discovered in BIND DNS, updates available

A serious vulnerability was discovered in multiple versions of BIND DNS software that allows a remote attacker to conduct denial-of-service (DoS) attack. BIND is the most widely used Domain Name System (DNS) on the internet that enables you to publish your Domain Name System (DNS) information on the Internet, and to resolve DNS queries for your users. On Unix-like operating systems it...

526 total views, 3 views today

0

Cisco ASR 5000 series router vulnerability allows remote attackers to cause DoS

A  vulnerability was reported in Cisco ASR 5000 and 5500 series routers that allows an unauthenticated remote attacker to conduct denial of service (DoS) attack by sending specially crafted Internet Key Exchange (IKE) messages. Cisco ASR 5000/5500 series routers are popular devices that provide single Multimedia Core Platform for common services across Wi-Fi, 3G, 4G packet core and small cells. These devices also uses...

773 total views, 4 views today

0

Massive security hole in iOS allows anyone to bypass iPhone’s passcode and access personal data

A critical security flaw was discovered in iOS 8 and newer versions of the Apple OS, including 10.2 beta 3, that allows anyone to bypass iPhone’s passcode on Lockscreen and gain acces to personal data. Passcode is simply a password that consist of 4-digits (6 digits or alphanumeric characters on some devices) which helps to prevent other people from accessing your device....

1,685 total views, 2 views today

0

Linux vulnerability grants Root Shell access by pressing ‘Enter’ for 70 seconds!

Cyber security researchers Hector Marco and Ismael Ripoll have discovered a serious vulnerability in many Linux distributions, including Debian, Ubuntu, Fedora and Red Hat Enterprise Linux, that allows both remote and local attackers to bypass authentication and launch a shell with ROOT permissions just by pressing the ‘Enter’ key for 70 seconds! This vulnerability is specially serious in environments like libraries, ATMs,...

935 total views, no views today

0

F5 BIG-IP ASM Web Application Firewall vulnerability allows remote attackers to launch DoS attack

A ‘high severity’ vulnerability was discovered in ‘F5 Networks BIG-IP Application Security Manager (ASM)’ web application firewall that allows a remote attacker to conduct denial-of service (DoS) attack. BIG-IP ASM is one of the popular enterprise web application firewalls (WAF). According to F5 Networks, it is deployed in more data centers than any enterprise WAF.  It is available as an appliance, virtual...

699 total views, no views today

0

Mirai malware infecting AirLink Cellular Gateway devices, password change needed!

Mirai is a dangerous malware that is designed to infect Internet of Things (IoT) devices by scanning the internet for devices with factory default passwords in order to make these devices a part of a botnet and to perform DDoS attacks. Mirai is also the bot used in one of the largest DDoS attacks. Brain Kreb’s blog was recently targeted by a...

715 total views, 1 views today

0

Ongoing DoS attacks against BIND DNS software reported, update needed!

BIND is the most widely used ‘Domain Name System’ (DNS) software on the Internet, which originally designed for BSD operating systems. And it is a de facto standard on Unix-based systems. On September 27, Internet Systems Consortium (ISC) released a security advisory to highlight a critical vulnerability that allows remote attackers to cause a denial-of-service (DoS) via a crafted query. It is one...

787 total views, 1 views today

0

‘U by BB&T’ iOS banking application fails to properly verify SSL certificates

‘Improper certificate validation’ is simply a vulnerability in which a software fails to properly validate certificates provided by HTTPS connections. This vulnerability allows a man-in-the-middle attacker to spoof servers and obtain sensitive information (such as login credentials) via a crafted certificate. If you are using ‘U by BB&T’ application, the mobile banking application of ‘BB&T-Branch Banking and Trust’ (one of the largest financial...

840 total views, 2 views today

0

D-Link DWR-932 B router plagued with Backdoors

If you are using a D-Link DWR-932 B access point to connect 4G LTE mobile network, you need to know that it is one of the most vulnerable access points and you have almost an open door to your network or personal computer. The product status is still ‘Live’, which means this router/access point is currently being manufactured by D-Link and still on...

668 total views, no views today

0

Multiple DoS vulnerabilities found in OpenSSL, update needed

If you are using OpenSSL to secure your web servers, then you may have a security issue again. Because multiple vulnerabilities found [1,2]  in popular open-source cryptography library that may lead to crashing of target server remotely. And as a system administrator, you need to know that your servers using OpenSSL may remain vulnerable until you patch them. OpenSSL, which contains an...

1,300 total views, no views today

0

859.000 Cisco devices affected by critical zero-day vulnerability

If you have one of the Cisco products running Cisco IOS software releases listed below and you are using LAN-to-LAN VPN, Remote access VPN (excluding SSLVPN), Dynamic Multipoint VPN (DMVPN) or Group Domain of Interpretation (GDOI), then you may have a security issue. The VPN types above and the vast majority of IPsec VPNs use IKE for key exchange. Internet key...

712 total views, no views today

0

Windows weakness allows ‘UAC bypass’ attack and malicious DLL loading

Quick Summary: Two security researchers discovered an interesting method for bypassing one of the Windows operating system security features which allows attackers to run malicious DLL files on target system. They found a weakness in one of the Windows default scheduled tasks. Successful exploit of the weakness may lead to malware infection, information disclosure or even remote users gaining full control over...

833 total views, 1 views today

0

Netgear D6000 and D3600 routers contain hard-coded cryptographic keys and are vulnerable to authentication bypass

If you have Netgear D6000 or D3600 router devices with 1.0.0.49 and prior firmware versions installed in your network environment, you should update your device to firmware version 1.0.0.59 which released by Netgear on Friday to patch two critical vulnerabilities. Successful exploitation of vulnerabilities by remote unauthenticated attacker may allow gaining administrator access to affected device, performing man-in-the-middle attack on victims network or...

1,773 total views, 1 views today

0

Critical XSS vulnerability found in popular WordPress forum plugin bbPress, update available

Imagine for a second that WordPress is a castle which you have to protect from attacks. At this point, every plugin you installed becomes a gate to your castle and you need to ensure the safety of these gates. A recently found vulnerability in popular WordPress forum plugin bbPress is an example of this situation which may affected some 300.000 websites, including wordpress.org support forum....

1,602 total views, no views today

0

Open redirect vulnerability in Cisco WebEx Meetings Server allows phishing attacks, update needed

Cisco WebEx Meetings Server is a virtualized conferencing solution which combines audio, video and web conferencing in a single solution. Cisco has released a security advisory describing an open redirect vulnerability in the Cisco WebEx Meetings Server (CWMS) web interface that allows an unauthenticated, remote attacker to redirect a user to a malicious web page and conduct phishing attacks. Improper input validation of the...

953 total views, no views today

0

Critical vulnerabilities allow remote disclosure of information in HP Data Protector, update needed

Sometimes companies use the same password or certificate private key in their software developments which usually makes the software (or the platform it runs on) vulnerable to critical attacks like man-in-the-middle (MITM). A recent vulnerability discovered in HP’s popular automated server backup and recovery software is the latest example of this situation. Hp Data Protector is automated backup & recovery software for single-server...

1,522 total views, 1 views today

0

Cisco fixed a critical vulnerability in UCS central software

Cisco Unified Computing System (UCS) is a data center server platform that consist of hardware, virtualization support, switching fabric and management software. And Cisco UCS Central software is a software for managing multiple Cisco UCS instances or domains and supports up to 10.000 Cisco UCS servers. Cisco has recently fixed a critical vulnerability in web framework of Cisco UCS Central Software which...

1,002 total views, no views today