Archive for the ‘Vulnerabilities’ Category

Heartbleed

End User Considerations For OpenSSL Vulnerabilities

OpenSSL vulnerabilities could enable a remote hacker to gain access to sensitive data, including secret keys and authentication credentials, via incorrect memory handling. Some of these vulnerabilities could also cause potential leak of non-encrypted information and DTLS (Datagram Transport Layer Security) data to be decrypted. More than 50% of the web servers on the internet [...]

Share
Heartbleed

Heartbleed Critical Vulnerability in OpenSSL

The security community is actively discussing over this week the openssl vulnerability that allows attacker to exploit the Heartbeat TLS and receive 64KB in the RAM memory. The attack can be repeated continuously to get sensitive information from end users such as their passwords. Many online servers were affected by this critical vulnerability while patching [...]

Share
Patch Windows

Microsoft to release 4 patches in January

Microsoft have released the first advance notification for this year with only 4 security bulletins. there is no critical security bulletin but we have one important which is a remote code execution vulnerability.   Windows operating systems, Office and Dynamics AX are the affected software for this advance notification. This is relatively small update compared [...]

Share

Backdoor Found in Linksys and Netgear

Security researchers found a new backdoor in Linksys WAG200G. The Firmware include a service for remote connection at port 32764 , this allows remote user to get the router configuration settings , including user name , admin password, password for WiFi , etc. the tool been used to reverse the firmware is Binwalk and IDA [...]

Share

NSS Labs suggests increasing the cost of zero-days

NSS Labs released a new study looking at the 0day vulnerability market. The research calculated how many exploits purchased through open iDefense Vulnerability Contributor Program (VCP) and HP TippingPoint’s Zero Day Initiative (ZDI). The 2 projects are widely known for purchasing zero days so this attracts security researchers to provide the exploit and allows them [...]

Share

Microsoft released 11 bulletins in December Patch Tuesday

Microsoft issued the last security advisory for this year, 11 security bulletins have been released to address five critical vulnerabilities in Internet Explorer, Windows operating system, Microsoft Exchange and GDI+. The remaining six bugs are rated as important and they fix vulnerabilities in Microsoft SharePoint, Windows operating system, Microsoft Office and Developer Tools. Four of [...]

Share

Microsoft Fixes 4 Critical Vulnerabilities in October Patch Tuesday

Over this week Microsoft released the monthly security advance notification. This month we have 8 security bulletins that comes to patch several vulnerabilities in windows operating system, Internet Explorer,. NET, Office, SharePoint and Silver-light. 7 updates are for fixing remote code execution bugs and one for information disclosure vulnerability. This month there is four updates [...]

Share