Archive for the ‘IT Security News’ Category

7-year-old critical vulnerability in the hypervisor Xen

Posted: October 30, 2015 in IT Security News
Tags: ,
0

Vulnerabilities 2014Critical vulnerability in the Xen hypervisor

The critical elevation privilege vulnerability has been corrected in the hypervisor Xen. This gap allows to gain control over the host server. Seven years this problem is present in the Xen code base.

The developers of the Xen hypervisor released nine security patches, eliminating multiple vulnerabilities in the server software. One of the flaws could allow an attacker to gain control over the host server. We are talking about the vulnerability CVE-2015-7835 (XSA-148), by which the paravirtualization guest can manage memory OS of the host and other virtual machines. The problem was discovered by engineers Alibaba, which recently joined the development of Xen. (more…)

Adobe has corrected a dangerous gap in the Shockwave Player

Posted: October 28, 2015 in IT Security News
Tags: ,
0

Shockwave Player critical vulnerabilityA critical vulnerability in the popular Shockwave Player

The vulnerability allows a remote attacker to compromise an affected system.

Yesterday, October 27, Adobe has released a security bulletin APSB15-26, which was fixed a dangerous vulnerability in the product Shockwave Player. The flaw could allow an attacker to execute arbitrary code on the target system. (more…)

[Android Security 2015] New Android vulnerabilities

Posted: September 11, 2015 in IT Security News
Tags: , ,
0

Android SecurityNew Android Critical Vulnerabilities

1. CVE-2015-1538 Exploit for Android is Now Available for Testing Purposes

This exploit has several caveats. First, it is not a generic exploit. Zimperium Team only tested it to work on a single device model. Zimperium Team tested this exploit on a Nexus running Android 4.0.4. Also, due to variances in heap layout, this is not a 100% reliable exploit by itself.

Zimperium Team were able achieve 100% reliability when delivered through an attack vector that allowed multiple attempts. Finally, this vulnerability was one of several that was neutered by GCC 5.0’s ‘new[]’ integer overflow mitigation present on Android 5.0 and later. (more…)

[Cyber Security 2015] Critical Vulnerability in Microsoft Internet Explorer

Posted: August 19, 2015 in IT Security News
Tags: , , , , , ,
4

Internet Explorer vulnerabilitiesMicrosoft has corrected zero-day vulnerability in Internet Explorer

The flaw allows an attacker to gain complete control over the target device.

Microsoft has released an update that corrects zero-day vulnerability in Internet Explorer of versions 7-11 (this flaw does not appear to be present in new Microsoft Edge). The Critical Hole CVE-2015-2502 allows an attacker to remotely execute code on the target device.

According to Microsoft, the remote user can use a specially created a web-site to compromise a vulnerable system. The vulnerability is caused due to a memory corruption error when handling certain objects. (more…)

Cyber Security 2015: The Hacking Team Hacking – Latest news

Posted: July 15, 2015 in IT Security News
Tags: , , , , , , ,
1

Hacking Team hackedHacking news 2015: The Hacking Team Hacking – Latest news

Recall, July 5, unknown hackers have broken into the computer network of the company and abducted more than 400 GB of corporate data.

Stolen information includes corporate documents, source code, and even, as it became known, a few exploits for zero-day vulnerability in Adobe Flash. Also, hackers managed to hack the official Hacking Team account in Twitter.

Hacking Team’s CEO David Vincenzetti issued a new statement promising that the company plans to deliver the recovered version of Galileo Remote Control System (Galileo, is the advanced and sophisticated spyware tool) and internal infrastructure to replace products that have been compromised in the cyber attacks. (more…)

Cyber Security 2015: Hacking Team hacked (Related Articles of the Week)

Posted: July 8, 2015 in IT Security News
Tags: , , ,
2

Hacking Team hackedHacking of a spy cyber security firm “The Hacking Team”: Most Interesting articles

Here we provide 10 the most interesting and informative articles related to major hacking of a spy cyber security firm “The Hacking Team”.

The Italian company, Hacking Team is among a handful of companies that offer surveillance tools to law enforcement around the world. The Italian company is well-known for its controversial operations, helping governments and various intelligence agencies spy on citizens.

Hacking Team says its tools enable investigators to obtain information even if targets encrypt their communications to protect them.

5th July 2015, this Italian cyber security firm has itself become the victim of a hacking attack. (more…)

Cybersecurity threats 2015: Four new vulnerabilities in the Cisco products

Posted: April 9, 2015 in IT Security News
Tags: , , , ,
0

cisco company logoFour new vulnerabilities in the Cisco products

Four Cisco security products are vulnerable to the DDoS and XSS attacks. Four new vulnerabilities have been found in the Cisco products.

Affected Products:

  • Nexus 9000 Series Switches (CVE-2015-0686 DDoS vulnerability)
  • Catalyst 4500 Series (CVE-2015-0687 DDoS vulnerability)
  • Aggregation Services Routers (CVE-2015-0688 DDoS vulnerability)
  • Wireless LAN Controller (CVE-2015-0690 XSS vulnerability)

(more…)

New BlackArch – an Arch Linux-based distribution for penetration testers and security researchers

Posted: March 31, 2015 in IT Security News
Tags: , , , , ,
0

BlackArch Linux logoPresented new BlackArch Linux ISOs & installer, specialized distribution for security researchers and penetration testers.

Distribution built on Arch Linux packet-based and includes over 1200 security-related utilities. Supported Projects package repository is compatible with Arch Linux, and can be used in conventional plants Arch Linux.

Distribution supports assemblies for architectures: i686, x86_64, armv6h and armv7h. New BlackArch Live ISO size: 3.6 GB. As graphic environments have a choice of window managers: dwm, fluxbox, openbox, awesome, wmii, i3 and spectrwm. (more…)

Back To Back Cyberattacks Create Many Questions

Posted: January 21, 2015 in IT Security News
Tags: , , ,
0

USA - North KoreanNever before has a movie achieved more international attention, and it never even hit the screen.

White House spokesman Josh Earnest called the cyber attack at Sony, or the “Sony hack,” as it been named,  a destructive attack exposing serious security measures. To Hollywood and the rest of the country, it was a total surprise in many ways. U.S. Officials disclaimed that when foreign governments present attacks like this cyber attack, they are looking to provoke a response from the U.S. (more…)

Upgrading PHP 5.6.2, 5.5.18 and 5.4.34 with the elimination of vulnerabilities

Posted: October 17, 2014 in IT Security News
Tags:
0

php logoThe PHP developers have eliminated four vulnerabilities in their products

The update fixed a vulnerability that could lead to an integer overflow.

PHP developers have released a patches 5.6.2, 5.5.18 and 5.4.34 for your scripting language that eliminates four vulnerabilities, including CVE-2014-1668, CVE-2014-3669 and CVE-2014-3670.

All holes were discovered in September of this year. The most dangerous of the patched vulnerabilities is CVE-2014-3669.  It can cause an integer overflow when parsing specially designed serialize data using the unserialize () function. (more…)

Older Entries