Archive for the ‘Vulnerabilities & attacks’ Category

Heartbleed

Heartbleed Critical Vulnerability in OpenSSL

The security community is actively discussing over this week the openssl vulnerability that allows attacker to exploit the Heartbeat TLS and receive 64KB in the RAM memory. The attack can be repeated continuously to get sensitive information from end users such as their passwords. Many online servers were affected by this critical vulnerability while patching [...]

Share
hands-on-samsung-galaxy-s4

Samsung Galaxy Devices Shipped with Backdoors

New vulnerability in smartphones Samsung Galaxy have been disclosed by Replicant a free project version of Android. the bug embeds a backdoor that provides remote access to the data stored on the device of Samsung galaxy.  Modern smartphones include two separate processors , the first is designed for calculating standard applications and operating system , while [...]

Share
Patch Windows

Microsoft to release 4 patches in January

Microsoft have released the first advance notification for this year with only 4 security bulletins. there is no critical security bulletin but we have one important which is a remote code execution vulnerability.   Windows operating systems, Office and Dynamics AX are the affected software for this advance notification. This is relatively small update compared [...]

Share

Backdoor Found in Linksys and Netgear

Security researchers found a new backdoor in Linksys WAG200G. The Firmware include a service for remote connection at port 32764 , this allows remote user to get the router configuration settings , including user name , admin password, password for WiFi , etc. the tool been used to reverse the firmware is Binwalk and IDA [...]

Share
Patch Windows

Microsoft prepares 14 patches for the next Tuesday

Over this week Microsoft issued their monthly advance notification of security bulletins. The next update will contain 14 security patches to fix critical vulnerabilities in Microsoft Office, Internet Explorer and Microsoft Windows SharePoint. This month we have 8 security update with remote code execution impact while there are 2 that allow attacker to conduct a [...]

Share

Oracle plans to fix 40 holes in Java

Oracle is planning Critical security patch update for the Java SE that are going to be released on Tuesday, June 18, 2013. This Critical Patch Update is a collection of patches for multiple security vulnerabilities in Oracle Java SE. This Critical Patch Update contains 40 new security vulnerability fixes. 37 of these vulnerabilities may be remotely [...]

Share

Study: after one month 93% of users still vulnerable to Java attacks

Websense have released a new report about users and their practices in patching Java vulnerabilities. Having the latest update for your web browser and applying OS patches will not make users safe from Java attacks as Oracle Java needs to be updated separately from other programs. Researchers have found that: 2 days after the release of the [...]

Share