You Are Here: Home » Posts tagged "exploit"

ShellShock Roundup: What to do if You are Vulnerable

A security vulnerability on the GNU Bourne Again Shell reported Wednesday is claiming victims in the wild. The flaw – known to the tech world as CVE-2014-6271 and CVE-2014-7169 - allows a remote attacker to run arbitrary code (read malware) on a vulnerable server under certain conditions. The most vulnerable targets to date are web servers that run Apache CGI scripts written in Bash or calling system() or p...

Linux, OS X Users May Be Vulnerable to Bash Flaw Exploit

A bug discovered in Bash Shell, a command-line interface used by Linux and Unix, could leave web servers, systems and embedded devices such as routers vulnerable to cyber-attacks. Cyber-criminals are getting ready to launch multiple attacks, and Bitdefender warns users and sys admins to be cautious with the vulnerability.  Although code allowing the exploit of Bash-using CGI scripts is already available on ...

Hardcoded SSH Key Enables Backdoor in Cisco’s Unified Communication Domain Manager

A hardcoded and unprotected SSH key for remote support access has been found inside Cisco’s Unified Domain Communication Manager (CUCDM), according to a Cisco advisory. The backdoor could be used by an attacker to control the platform and all deployments. The CUCDM manages video, voice, messaging, mobility and instant messaging applications, or other services for enterprise in a single unified platform. Cis...

Internet Explorer Zero-Day Turns into Permanent Threat for XP Users

A new Internet Explorer zero-day vulnerability is currently being exploited in the wild. The vulnerability identified on Saturday affects all versions of Internet Explorer, including the archaic versions 6 through 8 which ship with the now-dead Windows XP. Update: the folks at Microsoft have issued a patch for the issue. Oddly enough, the patch has been made available for Windows XP users as well. UPDATE NO...

The NSA knew about Heartbleed bug for two years, claims report

Has the United States' National Security Agency (NSA) really known about the Heartbleed bug (and presumably exploiting it for surveillance purposes) for two years? That's the claim being made by a Bloomberg report, which claims to have had the revelation confirmed to them by "two people familiar with the matter". If the allegation is true then serious questions will be asked regarding the danger raised by a...

Tinder Invaded by Bots Spreading ‘Castle Clash’ Downloads

A series of bots have invaded dating app Tinder and are spreading “Castle Clash” downloads after luring users with tempting profiles and pictures. The Bitdefender Labs are currently investigating both the Android application and the bots that seem to have stolen pictures from an Arizona-based photography studio. Some are also being used for fake Facebook profiles. After users swipe the right button on Tinde...

Adobe Issues Emergency Flash Update

Adobe released a new security patch addressing a critical zero-day vulnerability in its Flash Player plugin that could help cyber-attackers hijack a computer’s system. Adobe rated the threat as "critical," the company's top threat level. Attackers can typically trigger such vulnerabilities after luring victims to websites hosting the attacks. “Adobe is aware of reports that an exploit for this vulnerability...

Browser Exploit Unmasks Tor Users

Exploitation code targeting a known bug in the Mozilla browser was found on hidden Tor services hosted by the FreedomHosting company, whose owner is now facing extradition to the United States, where he is apparently being charged with distribution of online child pornography. The aim of the hack seems to have been to de-anonymize Tor Browser Bundle users who were visiting the compromised services. There is...

Fox News Scam about Syria and World War 3 Infects Users with Malware

Cyber-criminals are taking advantage of the civil war in Syria and use the Fox News reputation to infect users with malware. The e-mails pose as newsletters of the media company and incorporate malicious links on several buttons, including 'unsubscribe.' To lure readers into clicking on the malicious URL, scammers promise exclusive videos and articles about the Syrian conflict. They also create a sense of u...

Old Bug in Flash Allows Cyber-Crooks to start Webcams, Microphone

An older flaw in the Adobe Flash plugin that should have been fixed two years ago is still exploitable by cyber-criminals, leading to users getting spied on in real time via the built-in camera and microphone. The flaw relies on the notorious click-jacking technique that allows a malicious user to disguise a transparent flash object (in this case the Privacy settings of the plugin) under a Play button, thus...

© 2012 Powered By Bitdefender

x
Loading...
Scroll to top