Cybersecurity threats 2015: new security vulnerabilities has been found by security researchers

---

Several new security vulnerabilities of varying severity has been found by security researchers

Several new security vulnerabilities of varying severity has been found by security researchers:

• System compromise in Android (high severity vulnerability)
• Bypassing security restrictions on Apache Tomcat (middle severity vulnerability)
• Multiple vulnerabilities in CMS Drupal (low severity vulnerability)
• Compromising the system in Apple QuickTime for Windows (high severity vulnerability) (more…)

[Cyber Security 2015] Critical Vulnerability in Microsoft Internet Explorer

---

Microsoft has corrected zero-day vulnerability in Internet Explorer

The flaw allows an attacker to gain complete control over the target device.

Microsoft has released an update that corrects zero-day vulnerability in Internet Explorer of versions 7-11 (this flaw does not appear to be present in new Microsoft Edge). The Critical Hole CVE-2015-2502 allows an attacker to remotely execute code on the target device.

According to Microsoft, the remote user can use a specially created a web-site to compromise a vulnerable system. The vulnerability is caused due to a memory corruption error when handling certain objects. (more…)

Cyber Security 2015: The Hacking Team Hacking – Latest news

---

Hacking news 2015: The Hacking Team Hacking – Latest news

Recall, July 5, unknown hackers have broken into the computer network of the company and abducted more than 400 GB of corporate data.

Stolen information includes corporate documents, source code, and even, as it became known, a few exploits for zero-day vulnerability in Adobe Flash. Also, hackers managed to hack the official Hacking Team account in Twitter.

Hacking Team’s CEO David Vincenzetti issued a new statement promising that the company plans to deliver the recovered version of Galileo Remote Control System (Galileo, is the advanced and sophisticated spyware tool) and internal infrastructure to replace products that have been compromised in the cyber attacks. (more…)

Cybersecurity threats 2015: Four new vulnerabilities in the Cisco products

---

Four new vulnerabilities in the Cisco products

Four Cisco security products are vulnerable to the DDoS and XSS attacks. Four new vulnerabilities have been found in the Cisco products.

Affected Products:

• Nexus 9000 Series Switches (CVE-2015-0686 DDoS vulnerability)
• Catalyst 4500 Series (CVE-2015-0687 DDoS vulnerability)
• Aggregation Services Routers (CVE-2015-0688 DDoS vulnerability)
• Wireless LAN Controller (CVE-2015-0690 XSS vulnerability)

(more…)

Cybersecurity threats 2015: Denial of service in the Linux Kernel – January 29

Three new vulnerabilities have been found in the Linux Kernel CVE-2014-3673, CVE-2014-3687, and CVE-2014-3688. These vulnerabilities allows a remote user to cause a denial of service (Kernel panic).

Denial of service in the Linux Kernel

Danger level: Middle
The presence of fixes: Yes
The number of vulnerabilities: 3 (more…)

Vulnerabilities 2015: High risk vulnerabilities in the Microsoft Windows

Microsoft patches two critical vulnerabilities in the Windows:

• Directory traversal attack CVE-2015-0016 (vulnerability exists in the TS WebProxy Windows component)
• Buffer Overflow Vulnerability CVE-2015-0014 (A buffer overflow vulnerability exists in Windows Telnet service)

Bypass security restrictions in Microsoft Windows (Directory traversal attack)

Danger level: High
The presence of fixes: Yes
The number of vulnerabilities: 1 (more…)