USA - North KoreanNever before has a movie achieved more international attention, and it never even hit the screen.

White House spokesman Josh Earnest called the cyber attack at Sony, or the “Sony hack,” as it been named,  a destructive attack exposing serious security measures. To Hollywood and the rest of the country, it was a total surprise in many ways. U.S. Officials disclaimed that when foreign governments present attacks like this cyber attack, they are looking to provoke a response from the U.S. Read the rest of this entry »

dangerous flaw in windowsMicrosoft patches two critical vulnerabilities in the Windows:

  • Directory traversal attack CVE-2015-0016 (vulnerability exists in the TS WebProxy Windows component)
  • Buffer Overflow Vulnerability CVE-2015-0014 (A buffer overflow vulnerability exists in Windows Telnet service)

Bypass security restrictions in Microsoft Windows (Directory traversal attack)

Danger level: High
The presence of fixes: Yes
The number of vulnerabilities: 1 Read the rest of this entry »

Wordpress VulnerabilitiesHere three vulnerabilities found in plugins of Content Management System WordPress: Disclosure of sensitive data in XCloner, SQL-injection in WP Symposium Plugin, and Cross-site scripting (CSRF-attack) in W3 Total Cache Plugin.

1. Disclosure of sensitive data in WordPress XCloner

Danger level: Low
Availability correction: None
The number of vulnerabilities: 1
CVSSv2 rating: (AV: L / AC: L / Au: N / C: P / I: N / A: N / E: U / RL: U / RC: C) = Base: 2.1 / Temporal: 1.8

Vector of operation: Local
Impact: Arbitrary command execution, Disclosure of sensitive data Read the rest of this entry »

Vulnerabilities 2014The flaw allows a remote user to gain full control over the router and attack all devices connected to the home network.

The company Check Point Software Technologies has found a critical vulnerability Misfortune Cookie, which able to hit tens of millions of home routers worldwide (mostly residential gateways / SOHO – small office/home office routers). The CVE-2014-9222 flaw allows attackers to gain control of network devices, and administrative privileges, and then carry out an attack on all devices in the home network. Read the rest of this entry »

Vulnerabilities in FreeBSDThis gap provided an opportunity to introduce malicious code into vulnerable systems using open source software.

The company’s specialists Norse discovered a programming error in the operating system FreeBSD, allowing cause a buffer overflow in the function of stdio. The breach provided opportunity to introduce malicious code into vulnerable systems using open source software.

According to experts, an error occurs when accessing the system calls «write» and «write (2)» during setup flow and if the status of the stream is not checked, can lead to a buffer overflow. Read the rest of this entry »

Wordpress VulnerabilitiesThe researchers emphasize that the gaps in the free app puts at risk the safety of hundreds of thousands of web resources.

According to the Walter Hop’s notification, a security researcher and founder of Netherlands-based Web development company Slik, he was able to find a number of vulnerabilities in popular free application InfiniteWP Admin Panel, which use administrators of the content management system WordPress.

According to the developers of the affected product, for all the history of the project, it has been downloaded at least 875,000 times and is utilized by over 318,000 web sites. With it, administrators can work with multiple installations through one control panel. Read the rest of this entry »

Adobe LogoTuesday Updates – Adobe Security Bulletins (December 9, 2014)

The security updates affect products such as Adobe Flash Player, Adobe Reader, Adobe Acrobat and Adobe ColdFusion.

December 9 this year in the “Tuesday Updates” Adobe has released three security bulletins. They fix 27 vulnerabilities in products such as Adobe Reader, Adobe Acrobat, Adobe Flash Player and ColdFusion.

1. The first bulletin (ID: APSB14-27)fixes six vulnerabilities in Adobe Flash Player, one of which is critical. One of the flaws are being actively exploited by cybercriminals, in connection with which the company has assigned the highest priority update. Read the rest of this entry »

Wordpress VulnerabilitiesDangerous vulnerability in the popular (around 850,000 downloads) WordPress Download Manager plugin. The vulnerability was discovered and disclosed last week. Exploitation of this vulnerability allows an attacker to take remotely control of the target web-site through the introduction of backdoors and modify user passwords.

Specialists of the company Sucuri found dangerous vulnerability in the WordPress Download Manager Plugin. Exploitation of this flaw allows an remote attacker to gain control of the target web-site through the introduction of backdoors and modification of user passwords. Read the rest of this entry »

Wordpress VulnerabilitiesPrivilege escalation and potential Object Injection vulnerability. The vulnerability allows a remote user to cause a denial of service and data manipulation.

Danger level: average
The presence of fixes: Yes
The number of vulnerabilities: 1
CVSSv2 rating: (AV: N / AC: L / Au: N / C: N / I: P / A: P / E: U / RL: O / RC: C) = Base: 6.4 / Temporal: 4.7

Vector of operation: Remote
Impact: Denial of service, Unauthorized modification of data Read the rest of this entry »

Wordpress VulnerabilitiesNew multiple vulnerabilities have been discovered in WordPress Content Management System which allows a remote user to take control of the affected system.

Danger level: Medium
Availability of fixes: Yes
Number of vulnerabilities: 4

CVE ID: No Information

Vector of operation: Remote
Impact: Cross-site scripting, Denial of service, Security Bypass Read the rest of this entry »