Microsoft released a temporary fix for the Internet explorer bug that hackers exploited to break the website of the US Department of Labor last week. Attackers can exploit the hole by convincing users to visit compromised websites after clicking a link in an e-mail or Instant Messenger message. The vulnerability allowed remote code execution on Internet Explorer 8 version and spread to other websites as wel...

Java applets may fully compromise Notes users with just one click from cyber-criminals sending them through HTML e-mails, according to an IBM security advisory. The vulnerabilities affect 8.0.x, 8.5.x, and the new Notes 9 versions, but the company promises to soon fix the problems. “This would allow attackers to compromise users reading/previewing an email” through “arbitrary code executions,” IBM says. Ful...

A number of highly popular router brands including Linksys, D-Link and Netgear, can be exploited to allow administrative access over the device. Although mainly used for home networking, these devices are often deployed in companies in non-critical infrastructures (for wireless networks for guests not interconnected with the corporate network) being less expensive than their professional counterparts. Accor...

A freshly-discovered flaw in the Berkley Internet Name Daemon (BIND) could allow an attacker to bring the DNS server to a grinding halt through the use of regular expressions. The vulnerability is known as CVE-2013-2266 and affects Linux and Unix versions of BIND from 9.7.x, 9.8.0 to 9.8.5b1 and 9.9.0 to 9.9.3b1, but not similar versions running on Windows. When successfully exploited, the named process sta...

Oracle released another Java fix to patch the vulnerabilities uncovered this week.  In a Security Alert for CVE-2013-1493, the company advises all users to install the security patch as soon as possible considering the “severity of these vulnerabilities.” This particular update addresses a vulnerability known as CVE-2013-1493 (US-CERT VU#688246) and a security issue “affecting Java running in web browsers,”...

The company released updates for Adobe Flash Player 11.5 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2 and earlier versions for Linux, Adobe Flash Player 11.1 and earlier versions for Android. Adobe rushed a security fix for two Flash Player vulnerabilities currently exploited in the wild. The two bugs included already in exploit packs are used by crooks to download malware on the ...

Several vulnerabilities in the DIR-600 and DIR-300 routers of network solutions company D-Link may allow hackers to redirect Internet traffic and compromise users’ devices, according to German security researcher Michael Messner. The holes are supported by the lack of password hashing and root passwords being saved in plain text. The Cross-Site Request Forgery (CSRF) vulnerability allows an attacker to easi...

Computer Science student Ahmed Al-Khabaz was reportedly expelled after reporting a security hole in the Omnivox software application its college was using. The story, as per the report in the National Post, goes like this: while working on a mobile app to let fellow students access their college accounts, 20-year old Al-Khabaz stumbled on a serious bug that would allow anyone unrestricted access to the 250,...

A serious flaw in the Linksys routers could allow an attacker to seize root privileges on the device, according to a blog post by pen-tester specialist DefenseCode. As shown in a video, successful exploitation of a Cisco Linksys WRT54GL model gives the attacker root access on the locally installed Linux-based firmware. DefenseCode claims the vulnerability resides in the latest Linksys firmware (4.30.14), bu...

Just because you are paranoid doesn’t mean your phone isn’t listening to everything you say  At the 29th Chaos Communication Congress, researchers Ang Cui and Michael Catello made public a proof of concept on how critical kernel vulnerabilities in Cisco Native Unix can be exploited to transform all Cisco Unified IP Phones 7900 Series in a network into remote bugging devices.   This basically allows att...