CCTV surveillanceCCTV surveillance has turned out to be a necessity for every business that wants to carry out their business operations in a safe and secured environment.

You will be glad to know that beefing up the security in your office not only helps you to prevent thefts and hooliganism but it also provides a sense of security to your employees. Read the rest of this entry »

Hole in LinuxCVE-2015-0240: A critical remote vulnerability in Samba

Employees MSVR (Microsoft Vulnerability Research) discovered a critical vulnerability the Samba daemon (smbd).

In unplanned releases of Samba 4.1.17, 4.0.25 and 3.6.25 fixed a critical vulnerability (CVE-2015-0240), which can be used to initiate the execution of code on the server side.

Danger problem compounded by the fact that the vulnerability can be exploited without an authentication – to carry out the attack enough send a few specially designed anonymous netlogon-packets on the network port SMB / CIFS of the server. Since by default, smbd daemon runs under root privileges, in the case of a successful attack the attacker can gain root-access to the server. Read the rest of this entry »

Defending Your Business from cryptolockerCryptolocker – a program that belongs to the category of so-called “ransomware”.

Cryptolocker encrypts files on the hard disk drive of a computer running Microsoft Windows and requires the payment of redemption, before you download the server private key to decrypt the files. You need to pay a ransom for 72-96 hours. If during this time the money is not transferred to the designated account, key to decrypt the file is deleted and it is impossible to restore files. Read the rest of this entry »

Hole in LinuxThree new vulnerabilities have been found in the Linux Kernel CVE-2014-3673, CVE-2014-3687, and CVE-2014-3688. These vulnerabilities allows a remote user to cause a denial of service (Kernel panic).

Denial of service in the Linux Kernel

Danger level: Middle
The presence of fixes: Yes
The number of vulnerabilities: 3 Read the rest of this entry »

Vulnerabilities in FreeBSDMultiple vulnerabilities have been found in the FreeBSD kernel code.

FreeBSD Kernel Multiple Vulnerabilities

Danger level: middle
The presence of fixes: Yes
The number of vulnerabilities: 3

CVSSv2 rating: (AV: L / AC: L / Au: N / C: N / I: N / A: C / E: U / RL: OF / RC: C) = Base: 4.9 / Temporal: 3.6
(AV: L / AC: L / Au: N / C: C / I: C / A: C / E: U / RL: OF / RC: C) = Base: 7.2 / Temporal: 5.3
(AV: L / AC: L / Au: N / C: P / I: N / A: N / E: U / RL: OF / RC: C) = Base: 2.1 / Temporal: 1.6
CVE ID: CVE-2014-0998; CVE-2014-8612; CVE-2014-8613 Read the rest of this entry »

USA - North KoreanNever before has a movie achieved more international attention, and it never even hit the screen.

White House spokesman Josh Earnest called the cyber attack at Sony, or the “Sony hack,” as it been named,  a destructive attack exposing serious security measures. To Hollywood and the rest of the country, it was a total surprise in many ways. U.S. Officials disclaimed that when foreign governments present attacks like this cyber attack, they are looking to provoke a response from the U.S. Read the rest of this entry »

dangerous flaw in windowsMicrosoft patches two critical vulnerabilities in the Windows:

  • Directory traversal attack CVE-2015-0016 (vulnerability exists in the TS WebProxy Windows component)
  • Buffer Overflow Vulnerability CVE-2015-0014 (A buffer overflow vulnerability exists in Windows Telnet service)

Bypass security restrictions in Microsoft Windows (Directory traversal attack)

Danger level: High
The presence of fixes: Yes
The number of vulnerabilities: 1 Read the rest of this entry »

Wordpress VulnerabilitiesHere three vulnerabilities found in plugins of Content Management System WordPress: Disclosure of sensitive data in XCloner, SQL-injection in WP Symposium Plugin, and Cross-site scripting (CSRF-attack) in W3 Total Cache Plugin.

1. Disclosure of sensitive data in WordPress XCloner

Danger level: Low
Availability correction: None
The number of vulnerabilities: 1
CVSSv2 rating: (AV: L / AC: L / Au: N / C: P / I: N / A: N / E: U / RL: U / RC: C) = Base: 2.1 / Temporal: 1.8

Vector of operation: Local
Impact: Arbitrary command execution, Disclosure of sensitive data Read the rest of this entry »

Vulnerabilities 2014The flaw allows a remote user to gain full control over the router and attack all devices connected to the home network.

The company Check Point Software Technologies has found a critical vulnerability Misfortune Cookie, which able to hit tens of millions of home routers worldwide (mostly residential gateways / SOHO – small office/home office routers). The CVE-2014-9222 flaw allows attackers to gain control of network devices, and administrative privileges, and then carry out an attack on all devices in the home network. Read the rest of this entry »

Vulnerabilities in FreeBSDThis gap provided an opportunity to introduce malicious code into vulnerable systems using open source software.

The company’s specialists Norse discovered a programming error in the operating system FreeBSD, allowing cause a buffer overflow in the function of stdio. The breach provided opportunity to introduce malicious code into vulnerable systems using open source software.

According to experts, an error occurs when accessing the system calls «write» and «write (2)» during setup flow and if the status of the stream is not checked, can lead to a buffer overflow. Read the rest of this entry »