You Are Here: Home » Posts tagged "exploit"

Weather Channel Web Site Vulnerable to Reflected Cross-Site Scripting (XSS)

Popular Weather Channel web site (Weather.com) has been found to be vulnerable to a reflected Cross-Site Scripting flaw, according to researcher Wang Jing's research. The Weather Channel is the most common US-based cable and satellite TV channel with close to 100 million subscribers. Its Alexa global rank is 143 and US rank is 35. "If The Weather Channel's users were exploited, their Identity may be stolen,...

German BND Demands Money to Buy Zero-Day Flaws for Surveillance

Germany's federal intelligence service, the Bundesnachrichtendienst (BND), has been requesting government funds through its Strategic Technical Initiative for bug hunting in protocols such as SSL and HTTPS, according to The Local media outlet. The bugs are to be used for surveillance. "There is a lively grey market online among hackers and security researchers for `zero day’ exploits," the article said. "Bu...

ShellShock Roundup: What to do if You are Vulnerable

A security vulnerability on the GNU Bourne Again Shell reported Wednesday is claiming victims in the wild. The flaw – known to the tech world as CVE-2014-6271 and CVE-2014-7169 - allows a remote attacker to run arbitrary code (read malware) on a vulnerable server under certain conditions. The most vulnerable targets to date are web servers that run Apache CGI scripts written in Bash or calling system() or p...

Linux, OS X Users May Be Vulnerable to Bash Flaw Exploit

A bug discovered in Bash Shell, a command-line interface used by Linux and Unix, could leave web servers, systems and embedded devices such as routers vulnerable to cyber-attacks. Cyber-criminals are getting ready to launch multiple attacks, and Bitdefender warns users and sys admins to be cautious with the vulnerability.  Although code allowing the exploit of Bash-using CGI scripts is already available on...

Hardcoded SSH Key Enables Backdoor in Cisco’s Unified Communication Domain Manager

A hardcoded and unprotected SSH key for remote support access has been found inside Cisco’s Unified Domain Communication Manager (CUCDM), according to a Cisco advisory. The backdoor could be used by an attacker to control the platform and all deployments. The CUCDM manages video, voice, messaging, mobility and instant messaging applications, or other services for enterprise in a single unified platform. Cis...

Internet Explorer Zero-Day Turns into Permanent Threat for XP Users

A new Internet Explorer zero-day vulnerability is currently being exploited in the wild. The vulnerability identified on Saturday affects all versions of Internet Explorer, including the archaic versions 6 through 8 which ship with the now-dead Windows XP. Update: the folks at Microsoft have issued a patch for the issue. Oddly enough, the patch has been made available for Windows XP users as well. UPDATE NO...

The NSA knew about Heartbleed bug for two years, claims report

Has the United States' National Security Agency (NSA) really known about the Heartbleed bug (and presumably exploiting it for surveillance purposes) for two years? That's the claim being made by a Bloomberg report, which claims to have had the revelation confirmed to them by "two people familiar with the matter". If the allegation is true then serious questions will be asked regarding the danger raised by a...

Tinder Invaded by Bots Spreading ‘Castle Clash’ Downloads

A series of bots have invaded dating app Tinder and are spreading “Castle Clash” downloads after luring users with tempting profiles and pictures. The Bitdefender Labs are currently investigating both the Android application and the bots that seem to have stolen pictures from an Arizona-based photography studio. Some are also being used for fake Facebook profiles. After users swipe the right button on Tinde...

Adobe Issues Emergency Flash Update

Adobe released a new security patch addressing a critical zero-day vulnerability in its Flash Player plugin that could help cyber-attackers hijack a computer’s system. Adobe rated the threat as "critical," the company's top threat level. Attackers can typically trigger such vulnerabilities after luring victims to websites hosting the attacks. “Adobe is aware of reports that an exploit for this vulnerability...

Browser Exploit Unmasks Tor Users

Exploitation code targeting a known bug in the Mozilla browser was found on hidden Tor services hosted by the FreedomHosting company, whose owner is now facing extradition to the United States, where he is apparently being charged with distribution of online child pornography. The aim of the hack seems to have been to de-anonymize Tor Browser Bundle users who were visiting the compromised services. There is...

© 2012 Powered By Bitdefender

x
Loading...
Scroll to top