You Are Here: Home » Posts tagged "exploit"

Hardcoded SSH Key Enables Backdoor in Cisco’s Unified Communication Domain Manager

A hardcoded and unprotected SSH key for remote support access has been found inside Cisco’s Unified Domain Communication Manager (CUCDM), according to a Cisco advisory. The backdoor could be used by an attacker to control the platform and all deployments. The CUCDM manages video, voice, messaging, mobility and instant messaging applications, or other services for enterprise in a single unified platform. Cis...

Internet Explorer Zero-Day Turns into Permanent Threat for XP Users

A new Internet Explorer zero-day vulnerability is currently being exploited in the wild. The vulnerability identified on Saturday affects all versions of Internet Explorer, including the archaic versions 6 through 8 which ship with the now-dead Windows XP. Update: the folks at Microsoft have issued a patch for the issue. Oddly enough, the patch has been made available for Windows XP users as well. UPDATE NO...

The NSA knew about Heartbleed bug for two years, claims report

Has the United States' National Security Agency (NSA) really known about the Heartbleed bug (and presumably exploiting it for surveillance purposes) for two years? That's the claim being made by a Bloomberg report, which claims to have had the revelation confirmed to them by "two people familiar with the matter". If the allegation is true then serious questions will be asked regarding the danger raised by a...

Tinder Invaded by Bots Spreading ‘Castle Clash’ Downloads

A series of bots have invaded dating app Tinder and are spreading “Castle Clash” downloads after luring users with tempting profiles and pictures. The Bitdefender Labs are currently investigating both the Android application and the bots that seem to have stolen pictures from an Arizona-based photography studio. Some are also being used for fake Facebook profiles. After users swipe the right button on Tinde...

Adobe Issues Emergency Flash Update

Adobe released a new security patch addressing a critical zero-day vulnerability in its Flash Player plugin that could help cyber-attackers hijack a computer’s system. Adobe rated the threat as "critical," the company's top threat level. Attackers can typically trigger such vulnerabilities after luring victims to websites hosting the attacks. “Adobe is aware of reports that an exploit for this vulnerability...

Browser Exploit Unmasks Tor Users

Exploitation code targeting a known bug in the Mozilla browser was found on hidden Tor services hosted by the FreedomHosting company, whose owner is now facing extradition to the United States, where he is apparently being charged with distribution of online child pornography. The aim of the hack seems to have been to de-anonymize Tor Browser Bundle users who were visiting the compromised services. There is...

Fox News Scam about Syria and World War 3 Infects Users with Malware

Cyber-criminals are taking advantage of the civil war in Syria and use the Fox News reputation to infect users with malware. The e-mails pose as newsletters of the media company and incorporate malicious links on several buttons, including 'unsubscribe.' To lure readers into clicking on the malicious URL, scammers promise exclusive videos and articles about the Syrian conflict. They also create a sense of u...

Old Bug in Flash Allows Cyber-Crooks to start Webcams, Microphone

An older flaw in the Adobe Flash plugin that should have been fixed two years ago is still exploitable by cyber-criminals, leading to users getting spied on in real time via the built-in camera and microphone. The flaw relies on the notorious click-jacking technique that allows a malicious user to disguise a transparent flash object (in this case the Privacy settings of the plugin) under a Play button, thus...

Vietnamese Users Targeted with Credential-Stealing Malware

An old vulnerability in Microsoft Word has triggered a series of infections with password-stealing malware in Vietnam, according to researchers at Metasploit-maker Rapid7. The attack starts with specially crafted Microsoft Word documents that trigger CVE-2012-0158 and CVE-2012-1856, two vulnerabilities mitigated by the vendor last year. Until now, two known attacks use a Vietnamese document about "reviewing...

Yahoo Mail Blocked by Browsers in Malvertising Chain Reaction

If you tried to access Yahoo mail today, chances are that you saw at least once the Safe Browsing dialog instead of your inbox, as one of the advertisers showing banners on Yahoo has started serving malicious content. The malicious ads started showing up earlier this morning, when ad pusher eqads.com got blocked by Google Safe Browsing. A closer look into the incident revealed that the eqads.com site is red...

© 2012 Powered By Bitdefender

x
Loading...
Scroll to top