You Are Here: Home » Posts tagged "vulnerability"

Steam User Accounts Compromised Due to Password Reset Vulnerability

Popular gaming platform Steam has suffered a recent security breach that allowed attackers to take over user accounts, due to a vulnerability in Steam’s password reset functionality. Knowing only the victim’s username, attackers could abuse Steam’s “forgot password” feature and avoid having to input the security code by leaving it blank, thus gaining complete access to a user’s account. Information about th...

Kodi Media Center Vulnerability Exposes Users to Man-in-the-Middle Attacks

Home media player software Kodi (formerly known as XBMC) has been found vulnerable to man-in-the-middle attacks that may jeopardize the security of home users, according to Bitdefender research. Kodi is mostly used by those who want to build their own home media centers without investing in dedicated hardware or software. This open-source solution is compatible with a wide range of operating systems (Linux,...

Hacker’s List leaks its secrets, revealing true identities of those wanting to hack

Is there something you want hacked? I get emails all the time from complete strangers, asking if I can help them hack into someone's Facebook or email account. Sometimes they claim to be family members who are worried that their loved one has gone missing and not replying to messages, but more often they're suspicious that their partners are cheating on them behind their back and want to read their private...

Google endangers 900 million Android smartphones, by refusing to patch WebView

Do you have an Android smartphone or tablet? Have you checked what version of the Android OS you are running? Because if you are running Android 4.3 (aka Jellybean) or earlier I'm afraid there's some bad news: you're not going to be receiving any security updates from Google for WebView, a core component of the Android operating system used to render webpages. In case you didn't know, WebView is the tool wi...

Weather Channel Web Site Vulnerable to Reflected Cross-Site Scripting (XSS)

Popular Weather Channel web site (Weather.com) has been found to be vulnerable to a reflected Cross-Site Scripting flaw, according to researcher Wang Jing's research. The Weather Channel is the most common US-based cable and satellite TV channel with close to 100 million subscribers. Its Alexa global rank is 143 and US rank is 35. "If The Weather Channel's users were exploited, their Identity may be stolen,...

Adobe Fixes Highly Critical Vulnerability in Flash Player

Adobe has issued a fix for critical vulnerability (CVE-2014-8439) found in Adobe Flash Player software, according to Adobe's APSB14-26 security bulletin. The vulnerability affects all Adobe Flash Player and Adobe AIR versions on Windows, Macintosh and Linux. "Adobe Flash Player before 13.0.0.258 and 14.x and 15.x before 15.0.0.239 on Windows and OS X and before 11.2.202.424 on Linux, Adobe AIR before 15.0.0...

WordPress Fixes Critical Cross-Site Scripting Flaw; WordPress 4.0.1 Released

WordPress has fixed in its newest version (4.0.1) a critical cross-site scripting vulnerability that could allow anonymous attackers to compromise WordPress web sites, according to its security release. The cross-site scripting flaw, which occurs on versions from 3.0 to 3.9.2, was discovered by Jouko Pynnonen from Klikki Oy IT company. "The JavaScript injected into a comment is executed when the target user...

Windows Secure Channel Fixed on Patch Tuesday

A critical flaw (CVE-2014-6321) from Secure Channel (Schannel) Windows component that allowed attackers to execute code remotely has been patched on this November's Patch Tuesday, according to Microsoft. Schannel component implements the TLS and SSL authentication protocols for encrypted communications between server and client. "A remote code execution vulnerability exists in the Secure Channel (Schannel)...

Adobe Fixes 18 Critical Flaws in Flash Player

Adobe has released its latest Flash Player revision to fix 18 critical vulnerabilities, according to Security Bulletin APSB14-24. "These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system," the summary stated. Adobe Flash Player for Desktop Runtime, Extended Support Release, Flash Player for Chrome and Internet Explorer on Windows, Macintosh and L...

Linksys SMART WiFi EA Series Routers Vulnerable to Password Exposure

Linksys SMART WiFi EA series routers have firmware vulnerabilities that could expose the administrator password, according to a Carnegie Mellon’s CERT advisory. The firmware contains two severe vulnerabilities, CVE-2014-8243 and CVE-2014-8244 that, if exploited, could expose sensitive information and the administrator password in MD5 hash. The first vulnerability CVE-2014-8243, allows an "unauthenticated at...

© 2012 Powered By Bitdefender

Scroll to top