You Are Here: Home » Posts tagged "vulnerability"

Apache Server Vulnerability Allows Attackers to Execute Code Remotely Without Authentication

An Apache HTTP server buffer overflow vulnerability could allow attackers to execute code remotely, according to an advisory by the Zero Day Initiative. The vulnerability can be exploited without authentication by attackers, as the flaw is found in the "mod_status" module. “A race condition in mod_status allows an attacker to disclose information or corrupt memory with several requests to endpoints with han...

Microsoft Issues Security Updates for Critical Vulnerabilities in Internet Explorer and Windows Journal

Microsoft issued new update packages to patch critical vulnerabilities in Internet Explorer and Windows Journal, according to Microsoft's July Security Bulletin. Two updates have been rated  `critical,’ three as `important’ and one `moderate,’ by the company, which addressed 29 vulnerabilities in six update packages, from MS14-037 to MS14-042. Photo credit: Microsoft’s Blog "The ongoing diligent work from o...

Hardcoded SSH Key Enables Backdoor in Cisco’s Unified Communication Domain Manager

A hardcoded and unprotected SSH key for remote support access has been found inside Cisco’s Unified Domain Communication Manager (CUCDM), according to a Cisco advisory. The backdoor could be used by an attacker to control the platform and all deployments. The CUCDM manages video, voice, messaging, mobility and instant messaging applications, or other services for enterprise in a single unified platform. Cis...

PayPal Two-Factor Authentication Bypassed via Mobile App-Web API Vulnerability

A vulnerability between PayPal's mobile app and web service authentication flow enabled two-factor authentication (2FA) bypass, according to Duo Security's blog post. A temporary fix has been deployed by PayPal for this issue, which appears to be a design flaw and staff is working on a permanent fix. "When two-factor authentication is done right and consistently (across services) it provides really great va...

30,000 Servers May Be Exposed To Hackers

A vulnerability in the Baseboard Management Controller (BMC) of Supermicro motherboards leaves 30,000 unpatched servers and their passwords available on the open market, according to Cari.net researchers. It seems login passwords are stored in clear and the file containing them is widely available for download by connecting to a specific port. To compromise vulnerable servers, an attacker can scan the port ...

Smart TVs Vulnerable to Multiple Cyber Threats, Study Reveals

A new digital television standard, called Hybrid Broadcast-Broadband Television (HbbTV), can be exploited by hackers to “invisibly” hijack Europeans’ smart TVs using radio frequency injection, according to research by the Columbia University’s Network Security Lab. By including HTML content into broadcast streams, HbbTV exposes a TV set to numerous security weaknesses. “Exploiting these vulnerabilities, an ...

Remote Code Injection Vulnerability Found on Yahoo, Microsoft and Orange Subdomains

A Remote code injection vulnerability was found on the subdomains of Yahoo, Microsoft and Orange by being escalated from an Unauthorized Admin Access, according to Ibrahim Hegazy's blog post. A fix has been issued for the vulnerability from Yahoo and Microsoft. Hegazy found the Unauthorized Admin Access during his research in the Yahoo Bug Bounty Program, as the administrator panel never requested login cre...

Backdoor Still Hidden in Patch for Wi-Fi Routers

The backdoor affecting Sercomm wireless DSL routers has not been fixed, and lays hidden in the latest version of the devices’ firmware to intercept users’ home traffic, according to Ars Technica. In December 2013, Eloi Vanderbecken discovered hackers could exploit his parents’ Linksys Wi-Fi router to gain administrative rights and manipulate local network resources without admin credentials. The device was ...

Yahoo shows cavalier attitude to info-leaking Flickr vulnerability, but finally plugs privacy hole

I have long believed that for security to succeed inside a company, it really needs to be part of their DNA. You need to live-and-breathe security every day to have a proper chance of protecting your computers and sensitive data (and that of your customers and partners) from hackers and privacy breaches. Image credit: Yahoo And some companies just haven't got it yet. Yahoo, for instance, hasn't had the most...

GnuTLS Bug Leaves Linux-Speaking Internet Open to Eavesdropping

A newly discovered vulnerability in the Gnu implementation of TLS is threatening the privacy of users running major distributions of Linux. The bug resides in the GnuTLS implementation and can be used to facilitate a man-in-the-middle attack and decrypt web traffic, according to GnuTLS’s security advisory. “It was discovered that GnuTLS X.509 certificate verification code failed to properly handle certain e...

© 2012 Powered By Bitdefender

x
Loading...
Scroll to top