Category Archives: Vulnerabilities & attacks

Microsoft released 7 patches for December

microsoft-windows-logo-300x266

Over this week Microsoft have released their monthly windows update that fix several security vulnerabilities. 7 patches that address security issues in Internet explorer, Windows operating system , Microsoft office and Microsoft exchange server. among the updates we have 3

Researchers released a script to decrypt and extract LastPass Master Password

master password

On DefCamp 2014 conference in Romania security researcher Alex Balan demonstrated a new way that allows attacker to grab master password on LastPass system which integrate itself in browser, mobile app or webapp. this technology gives user to have a

Shellshock DHCP client exploitation

Vulnerabilities

Over this week the infosec community are busy in testing the bash shellshock vulnerability. Geoff Walton a senior security consultant for TrustedSec have posted the way to exploit the bash bug in the DHCP protocol. the DHCP is widely used in most

End User Considerations For OpenSSL Vulnerabilities

Heartbleed

OpenSSL vulnerabilities could enable a remote hacker to gain access to sensitive data, including secret keys and authentication credentials, via incorrect memory handling. Some of these vulnerabilities could also cause potential leak of non-encrypted information and DTLS (Datagram Transport Layer

Heartbleed Critical Vulnerability in OpenSSL

Heartbleed

The security community is actively discussing over this week the openssl vulnerability that allows attacker to exploit the Heartbeat TLS and receive 64KB in the RAM memory. The attack can be repeated continuously to get sensitive information from end users

Samsung Galaxy Devices Shipped with Backdoors

hands-on-samsung-galaxy-s4

New vulnerability in smartphones Samsung Galaxy have been disclosed by Replicant a free project version of Android. the bug embeds a backdoor that provides remote access to the data stored on the device of Samsung galaxy.  Modern smartphones include two separate

Microsoft to release 4 patches in January

Patch Windows

Microsoft have released the first advance notification for this year with only 4 security bulletins. there is no critical security bulletin but we have one important which is a remote code execution vulnerability.   Windows operating systems, Office and Dynamics