Archive for the ‘Vulnerabilities & attacks’ Category

Heartbleed

End User Considerations For OpenSSL Vulnerabilities

OpenSSL vulnerabilities could enable a remote hacker to gain access to sensitive data, including secret keys and authentication credentials, via incorrect memory handling. Some of these vulnerabilities could also cause potential leak of non-encrypted information and DTLS (Datagram Transport Layer Security) data to be decrypted. More than 50% of the web servers on the internet [...]

Share
Heartbleed

Heartbleed Critical Vulnerability in OpenSSL

The security community is actively discussing over this week the openssl vulnerability that allows attacker to exploit the Heartbeat TLS and receive 64KB in the RAM memory. The attack can be repeated continuously to get sensitive information from end users such as their passwords. Many online servers were affected by this critical vulnerability while patching [...]

Share
hands-on-samsung-galaxy-s4

Samsung Galaxy Devices Shipped with Backdoors

New vulnerability in smartphones Samsung Galaxy have been disclosed by Replicant a free project version of Android. the bug embeds a backdoor that provides remote access to the data stored on the device of Samsung galaxy.  Modern smartphones include two separate processors , the first is designed for calculating standard applications and operating system , while [...]

Share
Patch Windows

Microsoft to release 4 patches in January

Microsoft have released the first advance notification for this year with only 4 security bulletins. there is no critical security bulletin but we have one important which is a remote code execution vulnerability.   Windows operating systems, Office and Dynamics AX are the affected software for this advance notification. This is relatively small update compared [...]

Share

Backdoor Found in Linksys and Netgear

Security researchers found a new backdoor in Linksys WAG200G. The Firmware include a service for remote connection at port 32764 , this allows remote user to get the router configuration settings , including user name , admin password, password for WiFi , etc. the tool been used to reverse the firmware is Binwalk and IDA [...]

Share
Patch Windows

Microsoft prepares 14 patches for the next Tuesday

Over this week Microsoft issued their monthly advance notification of security bulletins. The next update will contain 14 security patches to fix critical vulnerabilities in Microsoft Office, Internet Explorer and Microsoft Windows SharePoint. This month we have 8 security update with remote code execution impact while there are 2 that allow attacker to conduct a [...]

Share

Oracle plans to fix 40 holes in Java

Oracle is planning Critical security patch update for the Java SE that are going to be released on Tuesday, June 18, 2013. This Critical Patch Update is a collection of patches for multiple security vulnerabilities in Oracle Java SE. This Critical Patch Update contains 40 new security vulnerability fixes. 37 of these vulnerabilities may be remotely [...]

Share