cisco company logoFour new vulnerabilities in the Cisco products

Four Cisco security products are vulnerable to the DDoS and XSS attacks. Four new vulnerabilities have been found in the Cisco products.

Affected Products:

  • Nexus 9000 Series Switches (CVE-2015-0686 DDoS vulnerability)
  • Catalyst 4500 Series (CVE-2015-0687 DDoS vulnerability)
  • Aggregation Services Routers (CVE-2015-0688 DDoS vulnerability)
  • Wireless LAN Controller (CVE-2015-0690 XSS vulnerability)

Read the rest of this entry »

BlackArch Linux logoPresented new BlackArch Linux ISOs & installer, specialized distribution for security researchers and penetration testers.

Distribution built on Arch Linux packet-based and includes over 1200 security-related utilities. Supported Projects package repository is compatible with Arch Linux, and can be used in conventional plants Arch Linux.

Distribution supports assemblies for architectures: i686, x86_64, armv6h and armv7h. New BlackArch Live ISO size: 3.6 GB. As graphic environments have a choice of window managers: dwm, fluxbox, openbox, awesome, wmii, i3 and spectrwm. Read the rest of this entry »

CCTV surveillanceCCTV surveillance has turned out to be a necessity for every business that wants to carry out their business operations in a safe and secured environment.

You will be glad to know that beefing up the security in your office not only helps you to prevent thefts and hooliganism but it also provides a sense of security to your employees. Read the rest of this entry »

Hole in LinuxCVE-2015-0240: A critical remote vulnerability in Samba

Employees MSVR (Microsoft Vulnerability Research) discovered a critical vulnerability the Samba daemon (smbd).

In unplanned releases of Samba 4.1.17, 4.0.25 and 3.6.25 fixed a critical vulnerability (CVE-2015-0240), which can be used to initiate the execution of code on the server side.

Danger problem compounded by the fact that the vulnerability can be exploited without an authentication – to carry out the attack enough send a few specially designed anonymous netlogon-packets on the network port SMB / CIFS of the server. Since by default, smbd daemon runs under root privileges, in the case of a successful attack the attacker can gain root-access to the server. Read the rest of this entry »

Defending Your Business from cryptolockerCryptolocker – a program that belongs to the category of so-called “ransomware”.

Cryptolocker encrypts files on the hard disk drive of a computer running Microsoft Windows and requires the payment of redemption, before you download the server private key to decrypt the files. You need to pay a ransom for 72-96 hours. If during this time the money is not transferred to the designated account, key to decrypt the file is deleted and it is impossible to restore files. Read the rest of this entry »

Hole in LinuxThree new vulnerabilities have been found in the Linux Kernel CVE-2014-3673, CVE-2014-3687, and CVE-2014-3688. These vulnerabilities allows a remote user to cause a denial of service (Kernel panic).

Denial of service in the Linux Kernel

Danger level: Middle
The presence of fixes: Yes
The number of vulnerabilities: 3 Read the rest of this entry »

Vulnerabilities in FreeBSDMultiple vulnerabilities have been found in the FreeBSD kernel code.

FreeBSD Kernel Multiple Vulnerabilities

Danger level: middle
The presence of fixes: Yes
The number of vulnerabilities: 3

CVSSv2 rating: (AV: L / AC: L / Au: N / C: N / I: N / A: C / E: U / RL: OF / RC: C) = Base: 4.9 / Temporal: 3.6
(AV: L / AC: L / Au: N / C: C / I: C / A: C / E: U / RL: OF / RC: C) = Base: 7.2 / Temporal: 5.3
(AV: L / AC: L / Au: N / C: P / I: N / A: N / E: U / RL: OF / RC: C) = Base: 2.1 / Temporal: 1.6
CVE ID: CVE-2014-0998; CVE-2014-8612; CVE-2014-8613 Read the rest of this entry »

USA - North KoreanNever before has a movie achieved more international attention, and it never even hit the screen.

White House spokesman Josh Earnest called the cyber attack at Sony, or the “Sony hack,” as it been named,  a destructive attack exposing serious security measures. To Hollywood and the rest of the country, it was a total surprise in many ways. U.S. Officials disclaimed that when foreign governments present attacks like this cyber attack, they are looking to provoke a response from the U.S. Read the rest of this entry »

dangerous flaw in windowsMicrosoft patches two critical vulnerabilities in the Windows:

  • Directory traversal attack CVE-2015-0016 (vulnerability exists in the TS WebProxy Windows component)
  • Buffer Overflow Vulnerability CVE-2015-0014 (A buffer overflow vulnerability exists in Windows Telnet service)

Bypass security restrictions in Microsoft Windows (Directory traversal attack)

Danger level: High
The presence of fixes: Yes
The number of vulnerabilities: 1 Read the rest of this entry »

Wordpress VulnerabilitiesHere three vulnerabilities found in plugins of Content Management System WordPress: Disclosure of sensitive data in XCloner, SQL-injection in WP Symposium Plugin, and Cross-site scripting (CSRF-attack) in W3 Total Cache Plugin.

1. Disclosure of sensitive data in WordPress XCloner

Danger level: Low
Availability correction: None
The number of vulnerabilities: 1
CVSSv2 rating: (AV: L / AC: L / Au: N / C: P / I: N / A: N / E: U / RL: U / RC: C) = Base: 2.1 / Temporal: 1.8

Vector of operation: Local
Impact: Arbitrary command execution, Disclosure of sensitive data Read the rest of this entry »