bfcommand & control server 1.22/2.0/2.14 manager Multiple Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/14690/info BFCC and BFVCC server managers are vulnerable to multiple remote vulnerabilities. The first two issues are login bypass vulnerabilities. These issues allow remote, anonymous attackers to gain access to the...

kernel: block: floppy: privilege escalation via FDRAWCMD floppy ioctl command

A flaw was found in the way the Linux kernel's floppy driver handled user space provided data in certain error code paths while processing FDRAWCMD IOCTL commands. A local user with write access to /dev/fdX could use this flaw to free using the kfree function arbitrary kernel memory. CVE-2014-173...

Kaspersky, Citizen Lab Uncover HackingTeam Mobile Malware

Controversial spyware commercially developed by Italy’s HackingTeam and sold to governments and law enforcement for the purpose of surveillance, has a global command and control infrastructure and for the first time, security experts have insight into how its mobile malware components work...

WhatsApp for Windows? Naaa.. Hackers are spamming Malware as WhatsApp Software

Cyber criminals are taking advantage of the widespread popularity of the mobile messaging app 'WhatsApp'. A malware expert at the Kaspersky Lab revealed a large-scale spamming campaign, advertising a fake PC version of the WhatsApp, to spread a banking trojan. According to the report, unaware use...

Russian Cyber Criminals selling hacked websites access in Underground stores

Underground sites more commonly offer access to networks of compromised machines or stolen credit card information. Webroot has uncovered a criminal underground store dedicated to selling access to more than tens of thousands of hacked legitimate websites. Their customers can buy an administrator...

New Dirt Jumper Variant 'Drive' More Refined Than Original

Researchers have detected new attacks originating from a souped-up variant of the DIY Dirt Jumper DDoS toolkit they’ve taken to calling Drive. While it hasn’t been seen spreading through any underground forums yet, the up-and-coming threat apparently boasts a “much more powerful DDoS engine than...

IRC Botnet Leveraging Unpatched Plesk Vulnerability

Researchers have found a botnet exploiting a vulnerability in the Plesk hosting control panel, ramping up calls from experts to upgrade to current versions of the product. A notice on the Plesk command injection vulnerability as well as exploit code was posted last week to the Full Disclosure lis...

Stabuniq Trojan rapidly stealing data from US banks

--- Trojan.Stabuniq geographic distribution by unique IP address Security researchers from Symantec have identified a new Trojan that appears to be targeting financial institutions. Dubbed Trojan.Stabuniq, the malware has been collecting information from infected systems potentially for the...

[SECURITY] Fedora 16 Update: android-tools-20121120git3ddc005-1.fc16

The Android Debug Bridge ADB is used to: - keep track of all Android devices and emulators instances connected to or running on a given host developer machine - implement various control commands e.g. "adb shell", "adb pull", etc. for the benefit of clients command-line users, or helper programs...

Cyber Espionage Campaign Targets Israel and Palestine

Multiple malware attacks against both Israeli and Palestinian systems, likely to be coming from the same source, have been seen over the last year. Researchers in Norway have uncovered evidence of a vast Middle Eastern espionage network that for the past year has deployed malicious software to sp...

Cross-platform Trojan : Mac, Windows, Linux - Nothing safe !

Security researchers working for F-Secure have found a web exploit that detects the operating system of the computer and drops a different trojan to match.The attack was first seen on a Columbian transport website which had been hacked by a third party. This malware is known as GetShell.A and...

[SECURITY] Fedora 16 Update: sudo-1.8.3p1-2.fc16

Sudo superuser do allows a system administrator to give certain users or groups of users the ability to run some or all commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict...

DUQU – Another Stuxnet in the Making ?

DUQU – Another Stuxnet in the Making ? Article by : Nidhi Rastogi is a Cyber security professional based in New York. Article shared from THE HACKER NEWS magazine - November Edition. You can download Complete Magazine here. Barely a year into discovering Stuxnet, the world recently saw its powerf...

Dirt Jumper Caught in the Act

In late July 2011, a specific piece of malware came to our attention. Analysis revealed that this particular piece of malware was launching DDoS attacks and we have direct evidence of DDoS attack on two Russian websites. One of these was a gaming website, the other involved in selling a popular...

Reports: Rustock Born in the USA

U.S. hosting firms accounted for the bulk of the command and control centers for the Rustock botnet, with many firms claiming that they had no idea they were harboring an illegal criminal network on their infrastructure, according to a story in Krebsonsecurity.com. Threatpost reported last week...

Twitter Botnet Discovered in Mexico

Security researchers have discovered another botnet that uses Twitter as a command and control channel. Read the full article. The Register...

Mariposa Bot Found Pre-Loaded on Second Vodafone Handset

It seems that the HTC Magic phone distributed by Vodafone in Spain that security researchers discovered recently was pre-loaded with the Mariposa bot client was not an isolated incident after all, as the concerned party had claimed. An employee of another Spanish security vendor found the same...

CMD Backdoor for the remote execution of arbitrary code-a vulnerability warning-the black bar safety net

| The following is quoted fragment: The originalCMD Backdoor for the remote execution of arbitrary code Double-click automatically scroll Publisher: zero release time: 2006-3-20 read: 4 3 times VB CMD Backdoor for remote execution of arbitrary commands source code. Function automatic complex...

CVE-2005-2790

BFCommand & Control Server Manager BFCC 1.22A and earlier, and BFVCC 2.14B and earlier, relies on the client to enforce permissions and perform actions such as disconnections, which allows remote attackers to bypass administrative restrictions via a modified client...

CVE-2005-2790

BFCommand & Control Server Manager BFCC 1.22A and earlier, and BFVCC 2.14B and earlier, relies on the client to enforce permissions and perform actions such as disconnections, which allows remote attackers to bypass administrative restrictions via a modified client...