You Are Here: Home » Posts tagged "exploit"

How billions of Facebook photos could have been deleted in an instant, due to software vulnerability

Hundreds of millions of photographs are uploaded to Facebook every day - can you imagine if many of them were deleted in the blink of an eye? We have security researcher Laxman Muthiyah to thank for not abusing his ability to delete billions of images, when he stumbled across a serious vulnerability in Facebook's Graph API last week. The Graph API is the primary way that Facebook apps access and post inform...

Major Internet Explorer vulnerability could lead to convincing phishing attacks

A security researcher has uncovered what appears to be a serious security flaw in Internet Explorer that could be exploited by malicious hackers to launch convincing phishing attacks and inject malicious code into users' browsers as they visit websites. David Leo published details of the flaw, including a link to a proof-of-concept exploit that demonstrates the attack working against the popular Daily Mail...

Weather Channel Web Site Vulnerable to Reflected Cross-Site Scripting (XSS)

Popular Weather Channel web site (Weather.com) has been found to be vulnerable to a reflected Cross-Site Scripting flaw, according to researcher Wang Jing's research. The Weather Channel is the most common US-based cable and satellite TV channel with close to 100 million subscribers. Its Alexa global rank is 143 and US rank is 35. "If The Weather Channel's users were exploited, their Identity may be stolen,...

German BND Demands Money to Buy Zero-Day Flaws for Surveillance

Germany's federal intelligence service, the Bundesnachrichtendienst (BND), has been requesting government funds through its Strategic Technical Initiative for bug hunting in protocols such as SSL and HTTPS, according to The Local media outlet. The bugs are to be used for surveillance. "There is a lively grey market online among hackers and security researchers for `zero day’ exploits," the article said. "Bu...

ShellShock Roundup: What to do if You are Vulnerable

A security vulnerability on the GNU Bourne Again Shell reported Wednesday is claiming victims in the wild. The flaw – known to the tech world as CVE-2014-6271 and CVE-2014-7169 - allows a remote attacker to run arbitrary code (read malware) on a vulnerable server under certain conditions. The most vulnerable targets to date are web servers that run Apache CGI scripts written in Bash or calling system() or p...

Linux, OS X Users May Be Vulnerable to Bash Flaw Exploit

A bug discovered in Bash Shell, a command-line interface used by Linux and Unix, could leave web servers, systems and embedded devices such as routers vulnerable to cyber-attacks. Cyber-criminals are getting ready to launch multiple attacks, and Bitdefender warns users and sys admins to be cautious with the vulnerability.  Although code allowing the exploit of Bash-using CGI scripts is already available on...

Hardcoded SSH Key Enables Backdoor in Cisco’s Unified Communication Domain Manager

A hardcoded and unprotected SSH key for remote support access has been found inside Cisco’s Unified Domain Communication Manager (CUCDM), according to a Cisco advisory. The backdoor could be used by an attacker to control the platform and all deployments. The CUCDM manages video, voice, messaging, mobility and instant messaging applications, or other services for enterprise in a single unified platform. Cis...

Internet Explorer Zero-Day Turns into Permanent Threat for XP Users

A new Internet Explorer zero-day vulnerability is currently being exploited in the wild. The vulnerability identified on Saturday affects all versions of Internet Explorer, including the archaic versions 6 through 8 which ship with the now-dead Windows XP. Update: the folks at Microsoft have issued a patch for the issue. Oddly enough, the patch has been made available for Windows XP users as well. UPDATE NO...

The NSA knew about Heartbleed bug for two years, claims report

Has the United States' National Security Agency (NSA) really known about the Heartbleed bug (and presumably exploiting it for surveillance purposes) for two years? That's the claim being made by a Bloomberg report, which claims to have had the revelation confirmed to them by "two people familiar with the matter". If the allegation is true then serious questions will be asked regarding the danger raised by a...

Tinder Invaded by Bots Spreading ‘Castle Clash’ Downloads

A series of bots have invaded dating app Tinder and are spreading “Castle Clash” downloads after luring users with tempting profiles and pictures. The Bitdefender Labs are currently investigating both the Android application and the bots that seem to have stolen pictures from an Arizona-based photography studio. Some are also being used for fake Facebook profiles. After users swipe the right button on Tinde...

© 2012 Powered By Bitdefender

Scroll to top