Oracle issued an emergency patch to fix a denial of service(DoS) vulnerability in Oracle HTTP server products that are based on the Apache Web server 2.0 and 2.2. Attack Details —————– With this attack any exploiter can remotely send large chunk of data in the header without any authentication or requiring  any username and password. [...]

Microsoft has announced advance notification for 13 security bulletins to address 22 vulnerabilities in Windows XP/7/Vista/Server 2008, Office, Internet Explorer, .NET and Visual Studio for August 9, 2011. Two among 13 bulletins are rated as critical [highest severity] to prevent attacks related to remote code execution. Check the bulletin summary below Full version of Microsoft [...]

Security researchers [Sergey Golovnoav & Igor Soumenkov] at Kaspersky Lab have posted a detailed analysis of new botnet called TDL-4 and calling it as –>  the one that might just be “indestructible”. TDL-4 compared to previous versions is an updated algorithm encrypting the protocol used for communication between infected computers and botnet command and control [...]

Yesterday Nyleveia revealed a new vulnerability in Sony PSN password reset page. The hack involves PSN web-based password reset page, where it’s said anyone can change someone else’s password using their PSN account email and date of birth (details possibly collected by hackers in April breach). Eurogamer’s also claiming to have seen actual video footage [...]

This risk pertains to using your Android to connect to Facebook, Twitter and some Google services over unencrypted wireless networks. The apps for this services communicate over clear text which can intercepted by an eavesdropper. Google services which are vulnerable to eavesdropping are Google Calendar and Google Contacts. The attack is possible to all Google [...]

If you happen to get a new wall post from your friend saying “WTF <yourname> I can’t believe you’re in this vid” or “ROFL <yourname> i cant believe youre tagged in this video” Its a new scam spreading on Facebook. Don’t open or click on this link else it will be posted to all your [...]

After a week’s shut down of PlayStation Network (PSN); Sony has publicly admitted that its 77 million users data has been compromised which includes names addresses date of birth email passwords or possibly users credit card details. If you are a PSN user check your account statement, monitor credit reports and if you still have [...]

Around a month back Infosec Resources compiled a post with nice set of tools and tactics to exploit OWASP top 10 vulnerabilities Following is a risk and tool matrix. RISK TOOL A1: Injection SQL Inject Me A2: Cross-Site Scripting (XSS) ZAP A3: Broken Authentication and Session Management HackBar A4: Insecure Direct Object References Burp A5: Cross-Site [...]

Armorize, which runs cloud-based Web malware scanning service blogged about a newest Adobe flash 0-day which is being used in new drive-by download variations such as drive-by cache.   WARNING:- the blog of Armorize also contains the full exploit codes to the drive-by cache example.

As Microsoft April Advance Security Bulletin Today Microsoft will be pushing huge updates and patches for multiple vulnerabilities across different versions of Microsoft Windows, Microsoft Office and Developer tools like .NET etc Total of 64 vulnerabilities will be fixed across 17 bulletins from which 9  bulletins are rated as critical. So get ready to install [...]