Archive for the ‘Vulnerabilities’ Category

openssh

OpenSSH not anymore depending on OpenSSL

OpenSSH is an important set of programs that is used to encrypt communication and connect to servers over SSH. This is the standard way used by many system administrators to remotely manage thousands of servers. For long time developers have planned to remove the OpenSSL package as this is not required for the communication and [...]

Share

Bypassing Lockscreen Vulnerability on Ubuntu 14.04 Patched

On the 16th of April a vulnerability report has been issued for Ubuntu operating system that allow user to bypass lock screen interface password protection. The system can be accessed without authorization, payload or any code while all what you need to do is just to hold the ENTER button which seems to be unusual [...]

Share
Heartbleed

End User Considerations For OpenSSL Vulnerabilities

OpenSSL vulnerabilities could enable a remote hacker to gain access to sensitive data, including secret keys and authentication credentials, via incorrect memory handling. Some of these vulnerabilities could also cause potential leak of non-encrypted information and DTLS (Datagram Transport Layer Security) data to be decrypted. More than 50% of the web servers on the internet [...]

Share
Heartbleed

Heartbleed Critical Vulnerability in OpenSSL

The security community is actively discussing over this week the openssl vulnerability that allows attacker to exploit the Heartbeat TLS and receive 64KB in the RAM memory. The attack can be repeated continuously to get sensitive information from end users such as their passwords. Many online servers were affected by this critical vulnerability while patching [...]

Share
Patch Windows

Microsoft to release 4 patches in January

Microsoft have released the first advance notification for this year with only 4 security bulletins. there is no critical security bulletin but we have one important which is a remote code execution vulnerability.   Windows operating systems, Office and Dynamics AX are the affected software for this advance notification. This is relatively small update compared [...]

Share

Backdoor Found in Linksys and Netgear

Security researchers found a new backdoor in Linksys WAG200G. The Firmware include a service for remote connection at port 32764 , this allows remote user to get the router configuration settings , including user name , admin password, password for WiFi , etc. the tool been used to reverse the firmware is Binwalk and IDA [...]

Share

NSS Labs suggests increasing the cost of zero-days

NSS Labs released a new study looking at the 0day vulnerability market. The research calculated how many exploits purchased through open iDefense Vulnerability Contributor Program (VCP) and HP TippingPoint’s Zero Day Initiative (ZDI). The 2 projects are widely known for purchasing zero days so this attracts security researchers to provide the exploit and allows them [...]

Share