The company “Dr Web” found a previously unknown functionality in the new malicious program for Facebook.
Trojan.Facebook.311 can not only publish the name of the new user’s status, join groups, post comments, but spamming social networks Twitter and Google Plus.
Security Bypass vulnerability has been found in the Apache mod_rewrite.
The vulnerability allows an attacker to execute arbitrary command when viewing the log file by the server administrator.
In the module mod_rewrite of the HTTP-server Apache 2.2.x series vulnerability has been discovered (CVE-2013-1862), which allows an attacker to execute arbitrary command when viewing the log file by the server administrator.
Through specially crafted requests to the web-server, an attacker can write to a log file, for example, system commands, as mod_rewrite when writing to the log file does not escape special characters. Proper manipulation of sequences allows you to run arbitrary commands as the user performing the scan log (usually these log files are readable only by the user root). Read the rest of this entry »
The new version was implemented regime Firefox Health Report, which allows to monitor the performance of the browser.
According to the developers of the browser from the Mozilla, users have available the new version, Firefox 21, which was removed a number of vulnerabilities, including three critical.
Experts was eliminated a total of eight gaps. It should be noted that two of the critical vulnerabilities affect only Firefox, Thunderbird, and since the other company’s products are no vulnerable components.
Among the updates that are not related to security, it is worth noting the expansion of the user interface to configure the Do Not Track, an increase in graphics performance and support for the implementation of the default technology WebRTC, designed to work with multi-user web-applications. Read the rest of this entry »
International criminal group in just a few hours stole $ 45 million: having got access to a database on debit cards, they to remove cash in ATMs worldwide. According to prosecutor’s office of the USA, some thousand thefts from ATMs with use of duplicates of cards with a magnetic tape on which the data of clients of Middle Eastern banks obtained by hackers were put were made.
As prosecutor Lauretta Lynch notes, swindlers acted with a tremendous speed, working with small gangs worldwide, including in New York. On suspicion in theft seven citizens of the USA which have arrived to the country from Dominican Republic are already arrested. Read the rest of this entry »
Vulnerability in nginx
Vulnerability allows execution of arbitrary code on the target system.
It turned out unscheduled update server nginx to version 1.4.1, which eliminated the vulnerability CVE-2013-2028, which allows the execution of arbitrary code on the target redundant system.
The vulnerability can lead to overwriting the stack areas of the workflow when processing specially designed chunked-queries. Gaps are subject to the implementation of nginx versions 1.3.9 and 1.4.0. Read the rest of this entry »
The flaw allows unauthorized users to gain access to the video stream.
Company D-Link has released updates that fixes vulnerabilities in routers 5 and 8 IP-cameras. Experts point out that gaps in the software routers resemble vulnerabilities that were previously eliminated in the other models, but the cameras found dangerous, previously unknown vulnerabilities, which proved to be quite an unpleasant surprise for developers – vulnerability allows unauthorized viewers to intercept the video stream from the camera or from ASCII-output. Read the rest of this entry »
Trend Micro Rootkit Buster Beta 5.0 – a free tool to detect rootkits
Trend Micro has announced a new version of the free product Rootkit Buster (Rootkit). C this easy-to-use, reliable and high-performance tool, you can detect rootkits – malicious applications carefully hide their tracks in the system. The main innovation presented in a new version of Rootkit Buster Beta 5.0, is the ability to detect potentially dangerous changes in the MBR (Master Boot Record).
Most existing tools for the detection of rootkits are bulky and not too fast programs targeted at advanced users and professionals. Product Trend Micro Rootkit Buster, available for 32-bit and 64-bit versions of Windows, sets itself apart from many of his “brothers.” The application’s interface is extremely simple and straightforward. All available functions are grouped in a single window. Tab «Log», as you might guess, provides access to the journal in which you can find a detailed report on the results of the audit. A tab «Scan» will configure the scan settings and select one of the key areas of the system (Files or Master Boot Records, Services and Kernel Code Patches) for verification. Read the rest of this entry »
VirusTotal Uploader utility will simplify the work with the VirusTotal service.
PhrozenSoft company has released an updated version of the product VirusTotal Uploader, a free application that simplifies the work with the popular online virus scanner VirusTotal. The proposed tool will help you quickly and effortlessly download the desired file on a web-server, where it will be subjected to testing for the presence of malicious code using fifty anti-virus engines from leading manufacturers
Typically, computer owners use to upload files to the site VirusTotal.com standard web-based interface that is opened in a browser window. However, this interface is poorly adapted to test a large number of objects. VirusTotal Uploader greatly simplify this task. All you need to do is select all the suspicious files in the “Explorer” and drag and drop them into the program with the mouse cursor. You can watch the process of loading objects and examine the results of the scan in a separate window. Read the rest of this entry »
CSRF attack in WordPress
Vulnerability: CSRF attack in WordPress (XSS)
1. CSRF attack in WordPress Facebook Members
Danger level: Low
The presence of fixes: Yes
The number of vulnerabilities: 1
CVE ID: CVE-2013-2703
Vector of operation: Remote
Impact: Cross Site Scripting
Affected products: WordPress Facebook Members Plugin 5.x
Affected versions: WordPress Facebook Members 5.0.4, possibly earlier. Read the rest of this entry »
DDOS Attacks have Increased in Number and Size
According to statistics Prolexic Technologies, in January-March 2013 the average power of DDoS-attacks increased by 718% to 48.25 Gb / s. Moreover, the experts pointed upward trend to growth of pps-indicator: last quarter it reached 32.4 million packets per second. This indicator is usually not taken into account in statistical reports, but attacks with high pps aimed, primarily, on a conclusion out of operation such elements of infrastructure, as network interface cards and boundary routers. To cope with multi-million pps-flow can only the most expensive devices, the threshold is definitely lower than the other. Read the rest of this entry »