Category Archives: Vulnerabilities

Vulnerability Update, February 17, 2015

The Vulnerability Update from Secunia Total number of new vulnerabilities in the Top 20* over the 3 month period: 1,357 Vendor with most vulnerable products in the 3 month period: IBM Product with the most vulnerabilities: X.Org XServer And 2015

Adobe critical zero day vulnerability to patch

flash player

Adobe has released over this week security updates to fix critical vulnerabilities in Adobe Flash. The patches are going to address 18 vulnerabilities 15 of them allows remote code execution. CVE 2015-0313 is actively used by attackers to compromise systems

GHOST a 14 year old vulnerability in Linux

ghost-vulnerabiity-in-linux

New vulnerability have been discovered by Qualys security researchers called GHOST that affect Linux based systems in the  glibc-2.2 (GNU C Library) since 2000. Ghost allow attacker to control a system without having any credentials. The vulnerability may exist on

RPEF- Tool to generate routers firmware with backdoor

Botnet

Network devices and routers are the best target for several reasons such as  they include a firmware that can be shipped with backdoor and there is no antivirus to detect/identify malicious code on the firmware. This makes with each router

Microsoft released 7 patches for December

microsoft-windows-logo-300x266

Over this week Microsoft have released their monthly windows update that fix several security vulnerabilities. 7 patches that address security issues in Internet explorer, Windows operating system , Microsoft office and Microsoft exchange server. among the updates we have 3

Researchers released a script to decrypt and extract LastPass Master Password

master password

On DefCamp 2014 conference in Romania security researcher Alex Balan demonstrated a new way that allows attacker to grab master password on LastPass system which integrate itself in browser, mobile app or webapp. this technology gives user to have a

OpenSSL Released a fix to four vulnerabilities

openssl

OpenSSL have an update for the encryption package, the new version comes to fix four security vulnerabilities including a high severity vulnerability that allows attacker to perform a denial of service attack on vulnerable servers.this bug can be exploited by parsing