You Are Here: Home » Articles posted by Liviu Arsene

Multiple Vulnerabilities in Belkin Router Could Allow DNS Spoofing and Credentials Theft

Five zero-day vulnerabilities in Belkin N600 DB Wireless Dual Band N+ routers could have allowed attackers to grab credentials in clear text and spoof DNS requests, according to security researcher Joel Land. The affected mode is F9K1102 v2 with firmware version 2.10.17, possibly earlier versions and models susceptible to the five found vulnerabilities as well. By successfully exploiting the firmware vulner...

U.K. National Crime Agency under DDOS Attack as Protest from Lizard Squad

A massive Distributed Denial of Service attack by hacker group Lizard Squad has affected daily operations of the U.K.’s National Crime Agency website. The hackers posted on Twitter the message “Stressed out” and a URL to the agency’s website. The attack was likely triggered by the arrest of six teenagers, days earlier, on accusations of using denial of service tools to perform similar attacks on various web...

FTC Granted Authority as Corporate Cybersecurity Watchdog by US Court

The FTC has been granted legal rights to sue companies for failing cybersecurity practices when protecting their customer data, according to a ruling by the Third US Circuit Court of Appeals. The decision followed a legal complaint from the FTC against Wyndham Hotels, a company that experienced three security incidents in two years, resulting in the loss of hundreds of thousands of payment card accounts.  W...

Super Hacker Myth Debunked by Data, Says Gartner Vice President

Gartner Vice President Anton Chuvakin says reams of data will provide clues and traces of hacking attempts and prove that “super hackers” do not exist. He says it’s all a matter of continuous incidence response. The analyst said old security incident response models are ineffective when dealing with modern hackers and, although these aggressors use covert tactics to hide their presence, they still leave log...

Vulnerability in Pocket Addon for Firefox Could Have Affected Company Servers

A server-side vulnerability found in the save-for-later service would have allowed attackers to gain access to all user data and even populate their reading lists with malicious links. Because the bookmarking app had poor networking design, the researcher was able to retrieve user information relating to IP addresses, saved URLs, and - with the help of some redirects – access to the etc/passwd file that con...

32 Million Users Exposed After Breach On Cheating Site Ashley Madison

A 9.7 gigabytes data dump of some 32 million users subscribed to cheating site Ashley Madison has been released by hacker group Impact Team following demands to take the website offline. Similar threats have been made in the past, following another security incident involving the website. This time, hackers published the full database when their demands weren’t met. Avid Life Media, owner of Ashley Media, h...

Issue With En Route Automation Modernization System Grounds US East Coast Flights, FAA Says

US East Coast flights were disrupted on Saturday due to a memory issue in the En Route Automation Modernization (ERAM) system, prompting the FAA (Federal Aviation Administration) to launch an official investigation. Data from flight control systems could apparently not be deleted from storage units, despite air traffic controllers’ attempts, placing the ERAM system into a processing frenzy. Although the FAA...

OS X Zero-Day Flaw Found by Italian Teen

A new zero-day vulnerability enabling remote access to computers running Apple’s OS X operating system has been revealed by 18-year old Italian security researcher Luca Todesco. The exploit, published on GitHub,d relies on two bugs to cause memory corruption in the kernel, enabling the researcher to bypass Apple’s OS X kASLR (kernel address space layout randomization). Although kASLR is designed to prevent...

CISCO Networking Devices Updated With Malicious IOS Bootstrap, Thanks to Stolen Admin Credentials

Recent reports involving stolen administrative credentials enabled attackers to update the IOS bootstrap running on CISCO switches and routers with maliciously crafted ROMMON images, CISCO announced. The process allows attackers to remotely manipulate CISCO IOS devices even after reboot, persisting until the malicious ROMMON image is removed. Although the company gave no details as to who reported the incid...

Windows Vulnerability Enables Attackers to Booby-Trap USB Devices

A new vulnerability found in all Windows versions has been patched by Microsoft after it was allegedly exploited in the wild. The Mount Manager Component could allow an attacker to booby-trap a USB and execute malicious code when mounted on a Windows machine. “An elevation of privilege vulnerability exists when the Mount Manager component improperly processes symbolic links,” reads the Security Bulletin. “A...

© 2012 Powered By Bitdefender

Scroll to top