You Are Here: Home » Posts tagged "vulnerability"

Vulnerability in Pocket Addon for Firefox Could Have Affected Company Servers

A server-side vulnerability found in the save-for-later service would have allowed attackers to gain access to all user data and even populate their reading lists with malicious links. Because the bookmarking app had poor networking design, the researcher was able to retrieve user information relating to IP addresses, saved URLs, and - with the help of some redirects – access to the etc/passwd file that con...

OS X Zero-Day Flaw Found by Italian Teen

A new zero-day vulnerability enabling remote access to computers running Apple’s OS X operating system has been revealed by 18-year old Italian security researcher Luca Todesco. The exploit, published on GitHub,d relies on two bugs to cause memory corruption in the kernel, enabling the researcher to bypass Apple’s OS X kASLR (kernel address space layout randomization). Although kASLR is designed to prevent...

New Firefox Zero-Day Vulnerability Nabs Local Files and Leaves No Traces

A new Firefox exploit has been reported as already being used in the wild via aware-serving websites, enabling attackers to collect sensitive local files and upload them to an attacker-controlled server, leaving no trace of the payload’s presence.   Although the vulnerability does not involve executing arbitrary code on the local machine, it is used to “inject a JavaScript payload into the local file contex...

APIC Vulnerability in CISCO’s SDN Controller Allows Unauthenticated Remote Root Access

A vulnerability found in CISCO’s SDN controller could enable an attacker to exploit an improper implementation of access controls in the APIC file system and remotely access the APIC as a root user. The SDN (software defined-network) controller is a collection of modules that manages data flow between servers and routers/switches to enable intelligent networking. Attackers exploiting this vulnerability will...

Steam User Accounts Compromised Due to Password Reset Vulnerability

Popular gaming platform Steam has suffered a recent security breach that allowed attackers to take over user accounts, due to a vulnerability in Steam’s password reset functionality. Knowing only the victim’s username, attackers could abuse Steam’s “forgot password” feature and avoid having to input the security code by leaving it blank, thus gaining complete access to a user’s account. Information about th...

Kodi Media Center Vulnerability Exposes Users to Man-in-the-Middle Attacks

Home media player software Kodi (formerly known as XBMC) has been found vulnerable to man-in-the-middle attacks that may jeopardize the security of home users, according to Bitdefender research. Kodi is mostly used by those who want to build their own home media centers without investing in dedicated hardware or software. This open-source solution is compatible with a wide range of operating systems (Linux,...

Hacker’s List leaks its secrets, revealing true identities of those wanting to hack

Is there something you want hacked? I get emails all the time from complete strangers, asking if I can help them hack into someone's Facebook or email account. Sometimes they claim to be family members who are worried that their loved one has gone missing and not replying to messages, but more often they're suspicious that their partners are cheating on them behind their back and want to read their private...

Google endangers 900 million Android smartphones, by refusing to patch WebView

Do you have an Android smartphone or tablet? Have you checked what version of the Android OS you are running? Because if you are running Android 4.3 (aka Jellybean) or earlier I'm afraid there's some bad news: you're not going to be receiving any security updates from Google for WebView, a core component of the Android operating system used to render webpages. In case you didn't know, WebView is the tool wi...

Weather Channel Web Site Vulnerable to Reflected Cross-Site Scripting (XSS)

Popular Weather Channel web site (Weather.com) has been found to be vulnerable to a reflected Cross-Site Scripting flaw, according to researcher Wang Jing's research. The Weather Channel is the most common US-based cable and satellite TV channel with close to 100 million subscribers. Its Alexa global rank is 143 and US rank is 35. "If The Weather Channel's users were exploited, their Identity may be stolen,...

Adobe Fixes Highly Critical Vulnerability in Flash Player

Adobe has issued a fix for critical vulnerability (CVE-2014-8439) found in Adobe Flash Player software, according to Adobe's APSB14-26 security bulletin. The vulnerability affects all Adobe Flash Player and Adobe AIR versions on Windows, Macintosh and Linux. "Adobe Flash Player before 13.0.0.258 and 14.x and 15.x before 15.0.0.239 on Windows and OS X and before 11.2.202.424 on Linux, Adobe AIR before 15.0.0...

© 2012 Powered By Bitdefender

Scroll to top