Category Archives: Vulnerabilities & attacks

New release for OpenSSL to fix several security vulnerabilities

openssl

Heartbleed OpenSSL security vulnerability is still not the last vulnerability we see for OpenSSL but we continue to find new and critical security issues in OpenSSL library. New security advisory have been published that include several high severity vulnerabilities that

Firefox 36.0.1 Released

firefox

New security update have been released by Mozilla Firefox 36.0.1, the list of patches include fix for nine security vulnerabilities. While users may apply the security update automatically from the browser update. Updates will fix the following: 36.0.1 – Disable

Adobe critical zero day vulnerability to patch

flash player

Adobe has released over this week security updates to fix critical vulnerabilities in Adobe Flash. The patches are going to address 18 vulnerabilities 15 of them allows remote code execution. CVE 2015-0313 is actively used by attackers to compromise systems

GHOST a 14 year old vulnerability in Linux

ghost-vulnerabiity-in-linux

New vulnerability have been discovered by Qualys security researchers called GHOST that affect Linux based systems in the  glibc-2.2 (GNU C Library) since 2000. Ghost allow attacker to control a system without having any credentials. The vulnerability may exist on

Microsoft released 7 patches for December

microsoft-windows-logo-300x266

Over this week Microsoft have released their monthly windows update that fix several security vulnerabilities. 7 patches that address security issues in Internet explorer, Windows operating system , Microsoft office and Microsoft exchange server. among the updates we have 3

Researchers released a script to decrypt and extract LastPass Master Password

master password

On DefCamp 2014 conference in Romania security researcher Alex Balan demonstrated a new way that allows attacker to grab master password on LastPass system which integrate itself in browser, mobile app or webapp. this technology gives user to have a

Shellshock DHCP client exploitation

Vulnerabilities

Over this week the infosec community are busy in testing the bash shellshock vulnerability. Geoff Walton a senior security consultant for TrustedSec have posted the way to exploit the bash bug in the DHCP protocol. the DHCP is widely used in most