14 matches found
Security Vulnerability in Internet-Connected Construction Cranes
This seems bad: The F25 software was found to contain a capture replay vulnerability -- basically an attacker would be able to eavesdrop on radio transmissions between the crane and the controller, and then send their own spoofed commands over the air to seize control of the crane. "These devices...
Dramatic Drop in Vulnerable NTP Servers Used in DDoS Attacks
While patching of webservers vulnerable to the Heartbleed OpenSSL bug may have stalled, the same cannot be said about repairs to NTP servers that could be leveraged in devastating amplification attacks. A spate of distributed denial-of-service attacks DDoS tore through companies in January and...
Exploits for Two-Year-Old PHP Security Vulnerability Found
Close to two years ago, a serious vulnerability in PHP was accidentally disclosed after it was discovered months prior during a hacking contest. A patch was released in relatively short order, and one would assume that given PHP’s prevalence as a web development framework, the fix would have been...
NTP Amplification Flaw To Blame For Gaming DDoS Attacks
US-CERT has issued an advisory that warns enterprises about distributed denial of service attacks flooding networks with massive amounts of UDP traffic using publicly available network time protocol NTP servers. Known as NTP amplification attacks, hackers are exploiting something known as the...
WordPress Update 3.5.2 Patches Seven Vulnerabilities
WordPress, which has been a jumping off point for a number of targeted attacks and other high-profile hacks, has been updated and the latest version includes a number of security patches. Version 3.5.2, released late last week, includes seven security fixes and some additional hardening, accordin...
Chorus Grows Louder to Disable Java 7 After Exploit Hits Mainstream
More security researchers are recommending users disable the current version of Java after zero-day exploits gained traction in the Web world. Patrick Runald, director of security research for Websense, told PC World today that his team had uncovered more than 100 infected domains – a figure...
Attack Tool Released for WPS PIN Vulnerability
Just a day after security researcher Stefan Viehbock released details of a vulnerability in the WiFi Protected Setup WPS standard that enables attackers to recover the router PIN, a security firm has published an open-source tool capable of exploiting the vulnerability. The tool, known as Reaver,...
Easy Router PIN Guessing with new WiFi Setup vulnerability
Easy Router PIN Guessing with new WiFi Setup vulnerability There is a newly discovered vulnerability in the WiFi Protected Setup standard that reduces the number of attempts it would take an attacker to brute-force the PIN for a wireless router's setup process. The flaw results in too much...
Internet Systems Consortium Releases BIND-P1 Patches
The Internet Systems Consortium has released updates for BIND to address a vulnerability. This vulnerability may allow an attacker to cause a denial-of-service condition. Please refer to the Internet Systems Consortium advisory for additional information. US-CERT recommends that administrators of...
RealNetworks, Inc. Releases Update for RealPlayer
RealNetworks, Inc. has released an update for Windows RealPlayer 14.0.1 and prior to address a vulnerability. Exploitation of this vulnerability may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the RealNetworks, Inc. security advisory and appl...
Apple Patches Safari Browser Holes
Apple on Thursday issued updates for its Safari Web browser to fix more than two dozen vulnerabilities that left the browser open to Web-based attacks. The company released Safari versions 5.0.3 and 4.1.3 for Mac OS X and Windows XP SP2, Vista and Windows 7. The updated versions fix 27 reported...
RealNetworks Releases Update to Address Vulnerabilities in RealPlayer
RealNetworks, Inc. has released an update for RealPlayer to address multiple vulnerabilities. These vulnerabilities may allow a remote, unauthenticated attacker to execute arbitrary code or obtain sensitive information. US-CERT encourages users and administrators to review the RealNetworks, Inc...
Hackers Pounce on Michael Jackson's Death
As night follows day, malicious hackers are following high-profile news around celebrity deaths to launch attacks. According to a warning from the U.S. Computer Emergency Response team, there are several spam campaigns, phishing attacks, and malicious code targeting the recent deaths of Michael...
InstallShield InstallFromTheWeb ActiveX Control Multiple Overflows
InstallFromTheWeb IFTW, a web-enabled software installation product from InstallShield, is installed on the remote host. The version of InstallFromTheWeb on the remote host includes an ActiveX control that is reportedly affected by multiple and, as yet, unspecified buffer overflow vulnerabilities...