Securityinform.com Blog

0

Multiple vulnerabilities in ASUS RT-G32 router allows arbitrary code injection.

Affected products / software : ASUS RT-G32 routers with firmware 2.0.2.6 and 2.0.3.2 . Vulnerability overview : Cross-site scripting and cross-site request forgery vulnerabilities in the ASUS RT-G32 routers with firmware 2.0.2.6 and 2.0.3.2 allows remote attackers to inject arbitrary web script or HTML and change device settings including admin password. Solution / patch info / workaround : Firmware update available on...

1,620 total views, no views today

0

Foreign VPN service unavailable since an upgrade of China’s Great Firewall

Cyber security analysts on Thursday defended China’s Internet management after an overseas VPN (virtual private network) company on Wednesday announced some of its users in China have been unable to use the service since an upgrade of the Great Firewall, China’s Internet infrastructure. Cyber services should observe the network governance of the country for safety, analysts urged. Astrill claimed in a...

2,203 total views, no views today

0

Critical vulnerability in vBulletin SEO extension allows remote command execution

vBSEO is a useful and widely used Search Engine Optimization (SEO) extension for the popular internet forum software package vBulletin. A critical ‘unauthenticated script injection’ vulnerability has been found in vBSEO which may lead to a full remote command execution on affected systems. An attacker can exploit the vulnerability to inject malicious code or to take down affected websites. The full command execution...

3,169 total views, no views today

0

Critical privilege escalation vulnerability found in Windows 8.1

A critical security flaw has been found in Windows 8.1 which may allow an attacker to get administrator privileges on any system. All Windows 8.1 systems seems vulnerable. Google researcher (named forshaw) who found and reported the security flaw has also posted a PoC which demonstrates the vulnerability and has been tested on Windows 8.1 update, both 32 bit and 64 bit...

1,840 total views, no views today

0

Twitter login lets other people read and send your private direct messages

The mechanism that lets you use your Twitter account to log in to websites and mobile apps allows those third parties read your private direct messages and send them too, according to Rishi Lakhani, a search marketing consultant. Although the login is designed that way by Twitter — it’s not a flaw, it’s a feature! — most Twitter users have no...

5,103 total views, no views today

0

Apple releases security update for critical vulnerability in OS X

  Apple has issued an important security update to address a critical security issue with OS X’s Network Time Protocol (NTP) service. Network Time Protocol (NTP) provides networked systems with a way to synchronize time for various services and applications. Current vulnerability allows an attacker to overflow several buffers by crafting special packets which may allow arbitrary malicious code to be executed...

1,398 total views, no views today

0

12 million home and business routers vulnerable to critical ‘Misfortune Cookie’ vulnerability.

A critical vulnerability present on millions of routers in homes and businesses allows attackers to remotely take over the device with administrative privileges and remotely monitor users’ traffic. The  vulnerability, which is dubbed as ‘Misfotune Cookie’ (identified as CVE-2014-9222) affects more than 12 million router devices from different models and brands around the world. Also if your small office/home office (SOHO) router is vulnerable, then attackers...

2,419 total views, no views today

0

The FBI used Metasploit to unmask TOR users

The Tor network has been getting a lot of attention lately and one of the most frequent questions people ask is, “Is it less anonymous than we think?” Multiple ways of unmasking Tor network users revealed recently such as exploiting a Firefox vulnerability or analysing Cisco’s ‘Netflow’ data. And according to ‘Wired’ report, one of them called “Decloaking Engine”  is used by FBI to help...

5,055 total views, no views today

0

New WordPress vulnerability gives admin rights to attackers, 90 percent of the WordPress sites affected.

WordPress is a free and open source blogging tool and a content management system (CMS) based on PHP and MySQL which is being used by millions of websites  ( 23,3% of all the websites ). A dangerous XSS vulnerability has been found in WordPress versions prior to 4.0.  The critical XSS vulnerability even allows an attacker to gain full administrative control of the vulnerable...

2,777 total views, no views today

0

POODLE returned! Now affecting TLS protocol and likely to hit some of the most popular websites

The serious POODLE vulnerability which affected millions of web sites returned and the new variant is likely to affect some of the most popular web sites in the world. Before sharing the details about newly announced threat, let’s remember the POODLE vulnerability. About two months ago, Google published a paper about a serious vulnerability called POODLE, which stands for “Padding Oracle On Downgraded...

2,352 total views, no views today

0

Facebook vulnerability allows reading of local files on Facebook’s servers.

Josip Franjković , an Information Technologies student found and reported a vulnerability in Facebook which allows reading of local files on Facebook’s servers.  Facebook’s security team fixed the vulnerability in 10 hours after Josip reported.  The vulnerable part of Facebook which contained the arbitrary local file read bug was ‘Facebook Careers‘ resume uploader. Resume uploader is located on the page which appears after...

2,810 total views, no views today

0

New POS malware attacks Mass Transit Systems, targets Ticket Machines and Electronic Kiosks

A POS malware usually targets Point-Of-Sale systems because they become readily available to small and mid-sized businesses and modern POS systems are tied to a business’s payment processing, inventory, and customer relationship management (CRM) functions. But a cyber threat intelligence firm from Los Angeles, IntelCrawler, has identified a new type of Point-of-Sale malware which also hits Mass transit Systems and makes possible the leak of payment data...

1,675 total views, no views today

0

Automakers aim to drive away car computer hackers

Against the team of hackers, the poor car stood no chance. Meticulously overwhelming its computer networks, the hackers showed that — given time — they would be able to pop the trunk and start the windshield wipers, cut the brakes or lock them up, and even kill the engine. Their motives were not malicious. These hackers worked on behalf of the...

1,157 total views, no views today

0

Dirtbox devices on spy planes used to target criminals, but also collecting data from thousands of other phones

The Justice Department is scooping up data from thousands of mobile phones through devices deployed on airplanes that mimic cellphone towers, a high-tech hunt for criminal suspects that is snagging a large number of innocent Americans, according to people familiar with the operations. The U.S. Marshals Service program, which became fully functional around 2007, operates Cessna aircraft from at least five...

1,173 total views, no views today

0

Swedish hacker finds ‘serious’ vulnerability in Apple’s OS X Yosemite

A white-hat hacker from Sweden says he’s found a serious security hole in Apple’s Yosemite OS X that could allow an attacker to take control of your computer. Emil Kvarnhammar, a hacker at Swedish security firm Truesec, calls the vulnerability “rootpipe” and has explained how he found it and how you can protect against it. It’s a so-called privilege escalation vulnerability,...

1,303 total views, no views today

0

White House computer network hacked

White House computer network was hit by hackers, resulting in a series of outages and connectivity issues, a White House official said Tuesday. The breach was discovered two to three weeks ago, sources said. Some staffers were asked to change their passwords. Intranet or VPN access was shut off for awhile, but the email system, apart from some minor delays, was...

1,180 total views, no views today

0

Windows hit by new 0-day attack.It’s exploited via malicious PowerPoint documents.

Hackers are exploiting a zero-day vulnerability in Windows using malicious PowerPoint documents, Microsoft and security firms warn. An advisory from Microsoft warns that the as-yet-unpatched flaw is present in all supported versions of Windows except Windows Server 2003 and has already been abused in “limited, targeted attacks”. The bug (CVE-2014-6352) can be triggered by sending a specially crafted Microsoft Office files...

1,417 total views, no views today

0

MasterCard with a built-in fingerprint scanner is coming in 2015

  MasterCard partnered with Zwipe to create the world’s first credit card that combines biometric authentication and contactless payment technology. Financial institution Sparebanken DIN of Norway conducted a live pilot of the Zwipe MasterCard over the last few months. For security purposes, the fingerprints of the user are stored in the Zwipe MasterCard instead of an external database. The biometric authentication technology...

2,986 total views, no views today

0

Drupal releases patch for severe SQL injection vulnerability, which allows attackers to gain full control of the database

  AFFECTED PLATFORM:       All of  the Drupal 7.x  releases prior to 7.32 are affected. PATCH/FIX:       Fixed in the latest version, Drupal 7.32.  A  patch also available if you are unable to update to Drupal 7.32 .  (Please see details below)   Drupal is a free and open-source content-management framework written in PHP and distributed under the GNU General...

1,123 total views, no views today

0

Facebook doubles ad-hacking bounty

  Facebook has doubled the cash it will pay out to folks who report holes in its advertising code. The bounty will rise in a bid to entice hackers to report bugs found in its ads code following an internal security audit that squashed an undisclosed number of vulnerabilities. Security engineer Collin Greene said the Zucker-empire will double bug pay-outs until...

1,427 total views, no views today