From the category archives:

Vulnerabilities

» News

Oracle released out of cycle patch for Apache “HTTP Killer” bug

Oracle issued an emergency patch to fix a denial of service(DoS) vulnerability in Oracle HTTP server products that are based on the Apache Web server 2.0 and 2.2. Attack Details —————– With this attack any exploiter can remotely send large chunk of data in the header without any authentication or requiring any username and password. [...]

Read Ahead →

» News

Patchy Tuesday: August 9

Microsoft has announced advance notification for 13 security bulletins to address 22 vulnerabilities in Windows XP/7/Vista/Server 2008, Office, Internet Explorer, .NET and Visual Studio for August 9, 2011. Two among 13 bulletins are rated as critical [highest severity] to prevent attacks related to remote code execution. Check the bulletin summary below Full version of Microsoft [...]

Read Ahead →

» News

TDL-4 botnet traps 4.5 million PC’s

Security researchers [Sergey Golovnoav & Igor Soumenkov] at Kaspersky Lab have posted a detailed analysis of new botnet called TDL-4 and calling it as –> the one that might just be “indestructible”. TDL-4 compared to previous versions is an updated algorithm encrypting the protocol used for communication between infected computers and botnet command and control [...]

Read Ahead →

» News

Sony PSN hit by new exploit

Yesterday Nyleveia revealed a new vulnerability in Sony PSN password reset page. The hack involves PSN web-based password reset page, where it’s said anyone can change someone else’s password using their PSN account email and date of birth (details possibly collected by hackers in April breach). Eurogamer’s also claiming to have seen actual video footage [...]

Read Ahead →

» News

Vulnerability in Android has put 99% android handsets at Risk

This risk pertains to using your Android to connect to Facebook, Twitter and some Google services over unencrypted wireless networks. The apps for this services communicate over clear text which can intercepted by an eavesdropper. Google services which are vulnerable to eavesdropping are Google Calendar and Google Contacts. The attack is possible to all Google [...]

Read Ahead →

» News

Facebook Scam:WTF I can’t believe you’re in this vid

If you happen to get a new wall post from your friend saying “WTF <yourname> I can’t believe you’re in this vid” or “ROFL <yourname> i cant believe youre tagged in this video” Its a new scam spreading on Facebook. Don’t open or click on this link else it will be posted to all your [...]

Read Ahead →

» News

Sony PlayStation Network Breached

After a week’s shut down of PlayStation Network (PSN); Sony has publicly admitted that its 77 million users data has been compromised which includes names addresses date of birth email passwords or possibly users credit card details. If you are a PSN user check your account statement, monitor credit reports and if you still have [...]

Read Ahead →

» News

OWASP Top10 Tools and Tactics

Around a month back Infosec Resources compiled a post with nice set of tools and tactics to exploit OWASP top 10 vulnerabilities Following is a risk and tool matrix. RISK TOOL A1: Injection SQL Inject Me A2: Cross-Site Scripting (XSS) ZAP A3: Broken Authentication and Session Management HackBar A4: Insecure Direct Object References Burp A5: Cross-Site [...]

Read Ahead →

» News

New flash 0-day uncovered by Armorize

Armorize, which runs cloud-based Web malware scanning service blogged about a newest Adobe flash 0-day which is being used in new drive-by download variations such as drive-by cache. WARNING:- the blog of Armorize also contains the full exploit codes to the drive-by cache example.

Read Ahead →

» News

Patchy Tuesday

As Microsoft April Advance Security Bulletin Today Microsoft will be pushing huge updates and patches for multiple vulnerabilities across different versions of Microsoft Windows, Microsoft Office and Developer tools like .NET etc Total of 64 vulnerabilities will be fixed across 17 bulletins from which 9 bulletins are rated as critical. So get ready to install [...]