|
Home > News > Tags > Vulnerability
|
|
30
Stories about: Vulnerability |
|
|
More: << previous 50 | next 50 >>
Sebastian Lodtke, a researcher from the Vulnerability Lab, identified a cross-site scripting (XSS) vulnerability in the public website of the American video game developer, marketer, and publisher Electronic Arts (EA). The non-persistent security hole could have allowed a remote attacker to hijack customer sessions ... |
7 February 2012
03:55 GMT |
 |
|
After the PHP Group fixed the hash collision issue by releasing a patch to mitigate attacks, the fix turned out to be problematic, experts identifying a remote code execution vulnerability. Now, it turns out that the same variant opened up the possibility of a new class of HTTP header attacks. Stefan Esser, the secu... |
6 February 2012
06:54 GMT |
|
|
Researchers from the Vulnerability Lab found an SQL Injection vulnerability in Facebook Game Store that could allow an attacker to remotely inject and execute SQL commands.
The application that contains the security hole is managed by a third party and it’s sponsored by the Facebook Game Store Development Team... |
4 February 2012
06:01 GMT |
|
|
Researchers Chris Hessing and Bret Jordan found that an issue present in certain Android builds designed for HTC smartphones could expose 802.1X Wi-Fi credentials to applications that have basic Wi-Fi permissions.
Since Wi-Fi permissions are almost always related to Internet access permissions, a malicious applicati... |
3 February 2012
10:57 GMT |
|
|
Security researcher Ucha Gobejishvili, also known as longrifle0x, found cross-site scripting (XSS) vulnerabilities in another series of important websites, including java.com, developers.sun.com, java.sun.com, and nero.com.
The expert’s findings were submitted to XSSed, a site that provides information on XSS ... |
1 February 2012
10:23 GMT |
|
|
After recommending pcAnywhere customers to temporarily disable their products in order to prevent potential hack attacks, Symantec began releasing patches for all the affected versions to make sure users are protected.
On January 23, they released a patch for the 12.5 variant of pcAnywhere and now they made availabl... |
31 January 2012
07:28 GMT |
|
|
Close to 100,000 students, faculty and staff members of the University of Hawaii will receive credit monitoring and fraud protection services for a period of two years after the educational institution admitted to a number of five data breaches.
The reputation of the University of Hawaii was stained by a lot of unfo... |
30 January 2012
05:38 GMT |
|
|
Researchers from the Vulnerability Laboratory have found that two other important public websites are vulnerable to remote attacks. This time, the sites belonging to the Federal Aviation Administration (FAA) and Oracle Solutions were identified as containing security flaws. Ucha Gobejishvili, also known as longrifl... |
28 January 2012
03:59 GMT |
|
|
Security researchers found a dangerous MIDI file that could allow an attacker to remotely execute arbitrary code relying on a vulnerability patched up by Microsoft with the Security Updates they released on January 10, 2012. Counting on the fact that many users fail to apply the security patches, cybercriminals soci... |
27 January 2012
07:15 GMT |
|
|
The Apple online store is down worldwide — reason enough to get excited and write a story about it, as usual. But it appears security is the culprit this time around, not new product announcements. Some Macs are due for a refresh (some, like the Mac Pro, are actually overdue), and we also shouldn’t bet a... |
27 January 2012
03:45 GMT |
|
|
A researcher from the Vulnerability Laboratory came across a cross-site scripting (XSS) vulnerability in the Google Apps webpage, hosted on the google.com domain, but also in other popular websites. Ucha Gobejishvili, also known as longrifle0x, found the flaw in Google Apps and reported it to Google. Even though th... |
27 January 2012
03:05 GMT |
|
|
Many companies utilize video conference equipment for board meetings, but few ever stopped to think if the devices are secured to prevent others from tapping in on the connection. A security expert proved that the lack of protection could allow a remote attacker to monitor both the audio and video information.
Rapid... |
26 January 2012
08:11 GMT |
|
|
The last hacker that took part in our series called Hackers around the world, D35m0nd142, found another major website as being vulnerable. This time the flaw is present on the official international website of the North Atlantic Treaty Organization (NATO).
Unlike other operations in which the gray hat only published... |
25 January 2012
13:21 GMT |
|
|
Using a tool he designed, a security researcher managed to find and locate more than 10,000 industrial control systems (ICS) connected to the public Internet and exposed to hackers, even though officially they’re supposedly contained in closed networks.
Eireann Leverett, a computer science doctoral student at ... |
24 January 2012
07:13 GMT |
|
|
After yesterday they revealed that many high-profile websites contained major cross-site scripting (XSS) vulnerabilities, hackers from TeamHav0k stepped it up a notch and initiated OP XSS 2.0 to show that even websites hosted on government (.gov) and education (.edu) domains are highly vulnerable. In OP XSS 2.0, the... |
24 January 2012
03:19 GMT |
|
|
A relatively new hacking collective, TeamHav0k, launched an operation called “#OP XSS” in which they try to find cross-site scripting (XSS) vulnerabilities in major websites. The first results of the operation came in and it turns out that a lot of important sites contain the flaw the hackers were looking... |
23 January 2012
03:09 GMT |
|
|
Grindr, a social networking smartphone application addressed to gay communities, and its straight counterpart Blendr were found to contain some serious vulnerabilities that would allow anyone to take over a user’s profile and modify its content.
The app uses a device’s GPS to locate other individuals and... |
21 January 2012
06:19 GMT |
|
|
An authentication bypass vulnerability that existed in German Volksbank bank’s online Zinsuniversum (ZU) system has been fixed. A researcher from the Vulnerability Lab discovered the critical flaw in the bank’s website portal back in February 2011 and the financial institution responded and fixed the iss... |
20 January 2012
14:21 GMT |
|
|
A flaw currently present in Internet Explorer (IE) could be exploited by hackers and used to launch cross-site scripting (XSS) attacks, due to the way double quotes (“) are encoded by the web browser. IMPERVA researchers found the vulnerability and contacted Microsoft, but the Redmond company doesn’t se... |
20 January 2012
11:07 GMT |
|
|
After yesterday we’ve learned that the international airport in Dusseldorf patched up some serious vulnerabilities that could have allowed a remote attacker to execute arbitrary code, today researchers publicly disclose that another major German airport patched up the same types of flaws. Multiple blind SQL in... |
20 January 2012
09:34 GMT |
|
|
At the end of 2011, security researcher Stefan Viehbock informed the United States Computer Emergency Readiness Team (US-CERT) of a major design flaw that existed in the latest wireless routers that incorporate the WiFi Protected Setup (WPS).
Now, Neowin provides a detailed explanation that shows how an 8-digit PIN... |
20 January 2012
07:58 GMT |
|
|
Stefan Esser, the developer of Suhosin, the advanced protection system for PHP installations, revealed the availability of Suhosin Extension 0.9.33 that addresses a stack buffer overflow issue that exists in the transparent cookie encryption.
The medium risk vulnerability can be exploited by an attacker to execute a... |
20 January 2012
05:03 GMT |
|
|
A researcher from IOActive Labs presents an interesting issue that affects some Windows 7 or Windows 2008 installer files which could allow an attacker to elevate his own privileges and compromise the operating system.
Cesar Cerrudo reveals that the C:\Windows\Installer\ folder contains installer file... |
19 January 2012
09:29 GMT |
|
|
Researchers from the Vulnerability Labs discovered a number of critical SQL Injection (SQLI) vulnerabilities on the official website of the Dusseldorf International Airport, one of the most important airports in Germany’s most important economic region.
The vulnerabilities, if unpatched, could have allowed an ... |
19 January 2012
08:30 GMT |
|
|
Secunia, the company that’s famous for researching and assessing vulnerabilities found in many commercial products, revealed a 2012 policy change which dictates that vulnerabilities discovered by their internal team or via their Secunia Vulnerability Coordination Reward Program (SVCRP) will be made public after... |
19 January 2012
06:02 GMT |
|
|
Researchers from Zero Day Initiative (ZDI) have found a critical vulnerability in McAfee’s Security-as-a-Service (SaaS) products. Even though McAfee has been notified on the issue since April 2011, the company failed to provide a patch and ZDI disclosed the information in accordance with their 180-day deadline.... |
17 January 2012
11:00 GMT |
|
|
Rumors of some exploits that rely on MyBB 1.6.5 vulnerabilities have been circulating these days, but the open source forum script’s developers came forward to deny these claims, appointing the real culprits which expose bulletin boards to hacking operations. Simple Tag Cloud Plugin (Tags), created by Watt, an... |
13 January 2012
10:12 GMT |
|
|
A security vulnerability that was discovered in the Linux kernel for OMAP4 packages by Han-Wen Nienhuys, affecting the Ubuntu 11.04 (Natty Narwhal) operating system, was announced by Canonical. This is the kernel vulnerability found in the Linux kernel packages: CVE-2011-3353. A local user who can mount a FUSE file s... |
13 January 2012
09:19 GMT |
|
|
Oracle revealed the security vulnerabilities that are about to be addressed with the release of the January 2012 Critical Patch Update.
The 78 weaknesses currently affect hundreds of Oracle products which is why it’s important that users update their software to make sure they’re protected against cyber... |
13 January 2012
05:55 GMT |
|
|
Researchers have found a vulnerability in RIM’s BlackBerry PlayBook that could allow someone to intercept sensitive data while being transferred from the tablet to a BlackBerry handset via Bluetooth connection. Zach Lanier and Ben Nell of the Intrepidus Group presented their findings at the Infiltrate Conferen... |
13 January 2012
02:50 GMT |
|
|
On January 10th, 2012, Microsoft released a new security update for its Windows products, as well as for Microsoft Developer Tools And Software, in an attempt to patch a number of eight vulnerabilities discovered in these products.
As announced in the advance notification for the January security bulletin release,... |
11 January 2012
08:35 GMT |
|
|
After upgrading his iPhone to the latest iOS 5, Canadian technology consultant Ade Barkah noticed that if the device's clock is rolled back, all the images with a newer timestamp than the current one are accessible, even if the apparatus is locked with a password. The first thing Barkah noticed was that the cam... |
5 January 2012
03:38 GMT |
|
|
It turns out that you don’t need to know how to breach a company computer network or be a genius programmer to stop trains from running. Script Kiddiez that possess the skills to bring down a government site could easily bring rail networks to a standstill. Stefan Katzenbeisser, a professor at Technische Unive... |
3 January 2012
05:53 GMT |
|
|
Researchers showed that some programing language implementations didn’t sufficiently randomize their hash functions or provide means to limit key collision attacks. Among the ones affected by this issue is PHP 5. “PHP 5 uses the DJBX33A (Dan Bernstein's times 33, addition) hash function and parses P... |
29 December 2011
05:52 GMT |
|
|
A couple of researchers found that a critical vulnerability affects most web application frameworks, allowing a cybercriminal to launch denial-of-service (DoS) attacks. Since Apache Tomcat web server is among the ones affected, the Tomcat security team came forward with a workaround for the issue. Apache Tomcat is v... |
29 December 2011
05:14 GMT |
|
|
A design flaw recently discovered in the WiFi Protected Setup (WPS) could make it easier for hackers to launch a brute force attack on the PIN of a device since they can easily find out when the first half of the 8 digit PIN is accurate.
The United States Computer Emergency Readiness Team (US-CERT) was recently info... |
28 December 2011
10:05 GMT |
|
|
A few days back we saw how security researcher Billy Rios got angry at Siemens after the company claimed that no authorization bypass flaws were present in their SIMATIC systems. Now, Siemens came forward with a statement reporting that they’re planning to fix the vulnerabilities next month.
Rios became upset ... |
27 December 2011
07:35 GMT |
|
|
Microsoft representatives posted a message on their German Chief Security Advisory Blog in which they confirm the vulnerability found a few days ago by WebDevil who showed that by accessing a specially crafted HTML file in Safari someone would be able to crash the operating system.
The researchers claim that the wea... |
23 December 2011
09:46 GMT |
|
|
In May 2011 a security researcher informed Siemens on the existence of an authentication bypass bug that existed in their SIMATIC systems. While he silently waited for the bug to be resolved, he found out that Siemens completely denies the presence of such a flaw and as a result he decided to publish his findings on ... |
23 December 2011
07:31 GMT |
|
|
A high severity vulnerability was discovered in Mozilla's popular web browser. The flaw affects all Firefox 8.x versions and prior, allowing a remote attacker to execute arbitrary code.
Researchers from the Vulnerability Laboratories have just disclosed their findings, reporting that the security risks involved... |
22 December 2011
10:22 GMT |
|
|
Medium severity vulnerabilities are found in Kaspersky Anti-Virus and Kaspersky Internet Security 2011/2012 which can allow an attacker to crash the complete software process.
Researchers from Vulnerability Laboratory found a flaw caused by an invalid pointer corruption when processing a corrupt .cfg file through th... |
22 December 2011
09:41 GMT |
|
|
After installing an operating systems on their computing machines, most individuals rush to install applications that help them browse the web. While many believe that without components such as Flash and Java they won’t be able to access certain content, there are always safer, more secure, alternatives. F-Se... |
22 December 2011
06:03 GMT |
|
|
A hacker known as w3bd3vil posted a message on Twitter a couple of days ago claiming that he found a vulnerability in the 64-bit version of Windows 7 that could be taken advantage of using Apple’s popular web browser Safari. “<iframe height='18082563'></iframe> causes a BSoD... |
21 December 2011
03:21 GMT |
|
|
After they came across some serious zero-day vulnerabilities in some of their products, Adobe released a security update to patch up Adobe Reader 9.4.6 and earlier 9.x versions and Adobe Acrobat 9.4.6 and earlier 9.x versions. Since the X (10.1.1) variants can be protected by using them in Protected Mode and Protec... |
19 December 2011
08:35 GMT |
|
|
The 0.3.0.5 variant of the Advanced Onion Router, a piece of software designed as an improved alternative for the Tor+Vidalia+Privoxy bundle, fixes bugs that affected its functionality, but it also resolves an important buffer overflow error which could have allowed a hacker to remotely exploit a device. The buffer ... |
16 December 2011
08:24 GMT |
|
|
A hacker called Vansh Sharma claims he found a cross-site scripting (XSS) vulnerability in Google Code’s Code Playground, the section of Google Code where users can test their programming skills.
The Hacker News published a proof of concept that can be tried out by anyone. Just go to http://code.google.com/api... |
8 December 2011
02:40 GMT |
|
|
Adobe released a security advisory to inform their customers on a flaw that affects Adobe Reader X (10.1.1) and earlier versions, and Adobe Acrobat X (10.1.1) and earlier versions, that could allow an attacker to take over a computing device that runs Windows or Macintosh operating systems.
Adobe Reader 9.4.6 and ea... |
7 December 2011
03:15 GMT |
|
|
Security experts discovered that the newly released version of Yahoo Messenger and some of its predecessors contain a vulnerability that allows an attacker to take over the status of an unsuspecting user, replacing it with his own malicious links. Bitdefender researchers claim that the attack begins when a cybercrim... |
2 December 2011
10:20 GMT |
|
|
After Columbia University researchers demonstrated a series of attack methods that rely on vulnerabilities found in HP LaserJet printers, Hewlett Packard came forward with a statement to argue that it’s not as bad as it looks.
According to DailyTech, the company claims that so far no customers reported anythin... |
30 November 2011
04:33 GMT |
|
|
Columbia University researchers Ang Cui and Salvatore Stolfo found a vulnerability in HP LaserJet printers that could allow a hacker to remotely control it to launch cyberattacks, steal information that’s being printed and even instruct its mechanical components to overload until the device catches on fire. Ac... |
29 November 2011
09:16 GMT |
|
More: << previous 50 | next 50 >> |
|
|
Find us on Google+
