FreeBSD Logo

Vulnerability in FreeBSD

Cyber security news 2014: Denial of service in FreeBSD

Revealed the vulnerability in all supported branches of FreeBSD

The flaw allows an attacker to reset the TCP connection by sending a specially designed package.

In all versions of network operating systems FreeBSD has been discovered vulnerability (CVE-2004-0230). The flaw allows an attacker to reset the TCP connection by sending a TCP packet, which contain bogus IP-address. To commit attacks cybercriminals was enough just to know numbers of active ports. Read the rest of this entry »

Android Hacked

Android-smartphones vulnerable

Major Android Bug is a Privacy Disaster

The vulnerability allows to intercept the current session cookies and gain complete control over the user’s session.

In the Metasploit (popular among security researchers a set of tools for penetration testing), appeared a new module that allows to exploit a dangerous vulnerability in a 75% of all smartphones based on Android operating system. The flaw makes it possible to intercept web-pages which viewed victim. It is reported by The Register.

We are talking about the vulnerability CVE-2014-6041, affecting the Android 4.2.1 (and earlier versions). To discover its managed 1 September, according to researcher Tod Beardsley (a developer for the Metasploit security toolkit), who called the flaw a “privacy disaster”. Read the rest of this entry »

IBM logo

IBM products Vulnerabilities


Cyber Security Notification: New Vulnerabilities of September 2014

#1 Multiple vulnerabilities in IBM products

Danger: Low
Availability Corrections: Yes
Number of vulnerabilities: 3

CVSSv2 Rating: (AV: N / AC: M / Au: N / C: N / I: P / A: N / E: U / RL: O / RC: C) = Base: 4.3 / Temporal: 3.2
(AV: N / AC: L / Au: N / C: N / I: P / A: N / E: U / RL: OF / RC: C) = Base: 5 / Temporal: 3.7
(AV: N / AC: L / Au: N / C: P / I: N / A: N / E: U / RL: OF / RC: C) = Base: 5 / Temporal: 3.7 Read the rest of this entry »

Penetration Testing

Dear visitors! Today we present to your attention overviews of a software (programs and tools) for hacking, security analysis and penetration testing: Portable Reverse Engineering Framework, UPnP Pentest Toolkit, OLE/COM viewer and inspector, and Pinpoint tool.

attentionAttention! This information is provided solely for the purpose of acquaintance! Neither the editors, publisher, website and hosting owners are not liable for your actions!

Read the rest of this entry »

Drupal logo

Drupal vulnerabilities

Cyber Security Notification: New Vulnerabilities of September 2014

Security vulnerabilities related to Drupal – content management system: Descriptions of vulnerabilities related to products of this vendor of September 13, 2014.

1. Vulnerability: Cross-site scripting in Drupal Custom BreadCrumbs

Danger level: Low
Availability Corrections: Yes
Number of vulnerabilities: 1
CVSSv2 Rating: (AV: N / AC: L / Au: N / C: N / I: P / A: N / E: U / RL: O / RC: C) = Base: 5 / Temporal: 3.7 Read the rest of this entry »

Adobe Reader logoCyber Security Notifications: New Vulnerabilities of September 2014

Vulnerabilities: Bypass security restrictions in Adobe Reader and Adobe Acrobat

Danger level: High
Availability fix: No
Number of vulnerabilities: 1
CVSSv2 Rating: (AV: N / AC: M / Au: N / C: P / I: P / A: P / E: U / RL: U / RC: C) = Base: 6.8 / Temporal: 5.8

Vector operation: Remote
Impact: Security Bypass Read the rest of this entry »

Linux

Linux-botnet

The Botnet infected Linux-servers which used a vulnerable version of Apache Tomcat, Apache Struts and Elasticsearch.

Experts of Akamai-Prolexic discovered a botnet known as IptabLes and IptabLex. It was used to carry out DDoS-attacks on the DNS-servers and other objects of the network infrastructure. Victims of botnet became misconfigured Linux-servers.

According to experts, in the second quarter of 2014 Prolexic team discovered botnet conducting DDoS-attacks using DNS-flooding and SYN-flooding. The attacks were carried out through compromised servers running a vulnerable version of Apache Struts, Apache Tomcat and Elasticsearch. Read the rest of this entry »

VulnerabilityCyber Security Notifications: New Vulnerabilities of September 2014

Security vulnerabilities related to Netbsd : Descriptions of vulnerabilities related to products of this vendor of September 12, 2014.

This post presents and discloses a newly found, local network affecting, NetBSD security vulnerabilities.

#1 Denial of service in NetBSD

Danger: Low
Availability fix: corrective instructions
Number of vulnerabilities: 4
CVSSv2 Rating: (AV: L / AC: L / Au: N / C: N / I: N / A: C / E: U / RL: W / RC: C) = Read the rest of this entry »

AVG LOGOAVG Internet Security 2015 available with New Interface and Outbreak Detection Features

AVG Technologies has updated its line of products, including integrated anti-virus AVG Internet Security 2015. Developers have improved the basic anti-virus engine and its accuracy, added a new method of cloud detection Outbreak Detection

AVG has continued to deliver advanced anti-virus protection with the launch of a new version of an integrated antivirus AVG Internet Security 2015. Read the rest of this entry »

AVG LOGONew version of the  free antivirus – AVG AntiVirus FREE 2015 received an updated interface and cloud technology Outbreak Detection to protect against the latest “zero-day” threats.

AVG AntiVirus FREE 2015 – free antivirus, which goes beyond the simple detection and removal of viruses on your computer by blocking infected links when you visit web sites on the Internet, and to help protect your personal information.

In the 2015 version the developers have improved the basic anti-virus engine and the accuracy of detection, added a new method of cloud detection and to provide an updated, easier-to-use interface. Read the rest of this entry »