Author Topic: Internet Vulnerability & Exploits (Read 1889 times)

fresh1 · « **Reply #100 on:** March 03, 2012, 02:12:50 PM »

hmmmm interesting..... found via the wizards links

,,(as usual

)

CloudFlare: How we got caught in LulzSec-CIA crossfire

http://www.zdnet.co.uk/news/security-threats/2012/03/01/cloudflare-how-we-got-caught-in-lulzsec-cia-crossfire-40095169/

Wizard X · « **Reply #101 on:** March 10, 2012, 11:31:46 PM »

Android apps expose personal data to advertisers. http://www.zdnet.co.uk/news/security-threats/2012/03/05/android-apps-expose-personal-data-to-advertisers-40095193/

DDoS botnet clients start integrating the Apache Killer exploit. http://www.networkworld.com/news/2012/030712-ddos-botnet-clients-start-integrating-257040.html

Google Chrome falls in first five minutes of hacking contest. http://www.v3.co.uk/v3-uk/news/2157997/chrome-falls-minutes-hacking-contest

Anonymous dumps Symantec's anti-virus code online. http://www.v3.co.uk/v3-uk/news/2158310/anonymous-dumps-symantecs-anti-virus-code-online

French team brings down IE9 at Pwn2Own hacking contest. http://www.computerworld.com/s/article/9225055/French_team_brings_down_IE9_at_Pwn2Own_hacking_contest?taxonomyId=17

Wizard X · « **Reply #102 on:** March 17, 2012, 10:44:16 PM »

Security managers split on BYOD, skeptical of Android devices. http://www.computerworld.com/s/article/9225162/Security_managers_split_on_BYOD_skeptical_of_Android_devices?taxonomyId=17

Public safety sees opportunity, pitfalls in social media. http://www.computerworld.com/s/article/9225242/Public_safety_sees_opportunity_pitfalls_in_social_media?taxonomyId=17
For instance, in preparation for the Rugby World Cup, New Zealand police set up a system that scrapes YouTube, Twitter and Flickr, plotting the message, photo and video uploads on a map. Hovering over an icon with a mouse let an officer see the tweet, photo or still image from the video.

Kaspersky Lab spots malware signed with stolen digital certificate. http://www.networkworld.com/news/2012/031512-kaspersky-malware-257336.html

Wizard X · « **Reply #103 on:** March 22, 2012, 11:54:53 PM »

Francis Provencher has discovered a vulnerability in Adobe Photoshop, which can be exploited by malicious people to potentially compromise a user's system. http://secunia.com/advisories/48457/

Two vulnerabilities have been reported in libzip, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.
http://secunia.com/advisories/48469/

Mu Dynamics has reported two vulnerabilities in GnuTLS, which can be exploited by malicious people to potentially compromise an application using the library. http://secunia.com/advisories/48488/

Andrea Micalizzi has discovered a vulnerability in Dell Webcam Central, which can be exploited by malicious people to compromise a user's system. http://secunia.com/advisories/48450/

Multiple vulnerabilities have been reported in VLC Media Player, which can be exploited by malicious people to compromise a user's system. http://secunia.com/advisories/48503/

VMware has acknowledged multiple vulnerabilities in multiple VMware products, which can be exploited by malicious users to disclose certain information and by malicious people to disclose potentially sensitive information, hijack a user's session, conduct DNS cache poisoning attacks, bypass certain security restrictions, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system. http://secunia.com/advisories/48444/

Two vulnerabilities have been reported in Asterisk, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
http://secunia.com/advisories/48417/

Wizard X · « **Reply #104 on:** March 25, 2012, 10:55:14 PM »

Microsoft investigates RDP exploit security leak. http://www.zdnet.co.uk/news/security-threats/2012/03/19/microsoft-investigates-rdp-exploit-security-leak-40095294/

New iPad has already been jailbroken. http://www.computerworld.com/s/article/9225306/New_iPad_has_already_been_jailbroken?taxonomyId=17

Symantec says stolen encryption key is the source of signed malware. http://news.techworld.com/security/3345654/symantec-says-stolen-encryption-key-is-source-of-signed-malware/

Firefox to turn on default encryption for Google searches. http://www.computerworld.com/s/article/9225393/Firefox_to_turn_on_default_encryption_for_Google_searches

Internet security better but foul exploits grow, IBM says. http://www.networkworld.com/news/2012/032312-ibm-internet-security-257604.html

Hackers booby-trap WordPress site with botnet-weaving Trojan. http://www.theregister.co.uk/2012/03/23/wordpress_vuln_botnet_exploit/
The trojan: http://labs.m86security.com/2012/03/the-cridex-trojan-targets-137-financial-organizations-in-one-go/

Congress warned that military systems may already be pwned. http://www.theregister.co.uk/2012/03/24/congress_dod_pwned/

Wizard X · « **Reply #105 on:** March 29, 2012, 11:32:27 PM »

Multiple vulnerabilities have been reported in Opera, which can be exploited by malicious people to conduct spoofing attacks, bypass certain security restrictions, and potentially compromise a user's system.
http://secunia.com/advisories/48535/

IBM has acknowledged multiple vulnerabilities in IBM 31-bit SDK for z/OS, which can be exploited by malicious people to disclose sensitive information, manipulate certain data, cause a DoS (Denial of Service),
and compromise a vulnerable system. http://secunia.com/advisories/48546/

Multiple vulnerabilities have been reported in Google Chrome, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system. http://secunia.com/advisories/48512/

Francis Provencher has discovered a vulnerability in Adobe Photoshop, which can be exploited by malicious people to compromise a user's system. http://secunia.com/advisories/48457/

A vulnerability has been reported in phpFox, which can be exploited by malicious people to compromise a vulnerable system. http://secunia.com/advisories/48550/

Multiple vulnerabilities have been reported in Pale Moon, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, disclose certain sensitive information, and compromise a user's system. http://secunia.com/advisories/48561/

rgod has discovered a vulnerability in Cisco Linksys PlayerPT ActiveX Control, which can be exploited by malicious people to compromise a user's system. http://secunia.com/advisories/48543/

A vulnerability has been reported in Webglimpse, which can be exploited by malicious people to compromise a vulnerable system. http://secunia.com/advisories/48452/

fresh1 · « **Reply #106 on:** March 30, 2012, 03:55:21 AM »

multiple vulnerabilities

malicious people

fuckin great!!! (but whats new?)

these hackers are like invisible cyber locksmiths

can you imagine the uproar if the same level of penetration was occurring in their houses?

myCH3 · « **Reply #107 on:** March 31, 2012, 06:34:13 AM »

Its almost as bad man going without one for three weeks made me realize how much It is almost an extension of my senses was gone, luckily I had a smart phone but I guess as a digital native its to much to not have all the information in the world at my fingertips if I only know how to look for it.

fresh1 · « **Reply #108 on:** April 01, 2012, 09:55:12 AM »

Quote

Its almost as bad man going without one for three weeks made me realize how much It is almost an extension of my senses was gone

Yeah Its a bit like losing your car/drivers licence

and you can have withdrawals WITHOUT drugs...great just fuckin great!

Quote

all the information in the world at my fingertips if I only know how to look for it.

fuckin wonderful isnt it? Sadly those who could do with the knowledge most, probably dont care

as sedits signature (at SM) says "knowledge is useless to useless people"

Wizard X · « **Reply #109 on:** April 07, 2012, 10:58:17 PM »

Global Payments breach raises questions. http://www.computerworld.com/s/article/9225769/Global_Payments_breach_raises_questions?taxonomyId=17

How to tell if you're caught in the giant Global Payments credit card fraud.
http://www.computerworld.com/s/article/9225765/How_to_tell_if_you_39_re_caught_in_the_giant_Global_Payments_credit_card_fraud?taxonomyId=17

Federal IT pros look at BYOD security, management concerns. http://www.networkworld.com/news/2012/040512-byod-feds-258024.html

Andrei Costin has discovered a vulnerability in Ghostscript, which can be exploited by malicious people to compromise a vulnerable system. http://secunia.com/advisories/47855/

Two vulnerabilities have been reported in Invensys products, which can be exploited by malicious people to compromise a user's system. http://secunia.com/advisories/48675/

Andrea Micalizzi has discovered multiple vulnerabilities in Quest InTrust, which can be exploited by malicious people to manipulate certain data and compromise a user's system. http://secunia.com/advisories/48566/

VMware has acknowledged multiple vulnerabilities in VMware ESX Server, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system. http://secunia.com/advisories/48612/

Wizard X · « **Reply #110 on:** April 15, 2012, 12:17:24 AM »

Utah breach 10X worse than originally thought. http://www.computerworld.com/s/article/9225994/Utah_breach_10X_worse_than_originally_thought?taxonomyId=17

Web attacks use smart redirection to evade URL security scanners. http://www.networkworld.com/news/2012/040912-web-attacks-use-smart-redirection-258079.html

FBI frets about dumb security in smart meters. http://www.theregister.co.uk/2012/04/09/fbi_on_smart_meter_security/

How to Tell If an Email Is a Phishing Scam. http://www.computerworld.com/s/article/9226056/How_to_Tell_If_an_Email_Is_a_Phishing_Scam?taxonomyId=17&pageNumber=1

Japanese ATMs to use palm readers in place of cash cards. http://www.networkworld.com/news/2012/041112-japanese-atms-to-use-palm-258152.html

CIA's Secret Fear: High-Tech Border Checks Will Blow Spie's Cover. http://www.wired.com/dangerroom/2012/04/cia-spies-biometric-tech/

Slow Flashback Trojan response is Apple's "Adobe moment" http://features.techworld.com/security/3350670/slow-flashback-trojan-response-is-apples-adobe-moment/

How to secure your BIOS. http://howto.techworld.com/security/3349232/how-secure-your-bios/
Since the BIOS loads before the operating system - and before you enter your user credentials - malware surreptitiously introduced into the BIOS could activate itself long before any anti-malware software has an opportunity to detect it. A sophisticated and malicious program operating at such a low level could take control of your PC without providing a clue that it was there.

Wizard X · « **Reply #111 on:** April 21, 2012, 09:30:28 AM »

Embedded system security much more dangerous, costly than traditional software vulnerabilities. http://www.networkworld.com/news/2012/041612-embedded-system-security-much-more-258318.html

5,000 new malicious Android apps found in first three months of 2012. http://www.v3.co.uk/v3-uk/news/2168397/-malicious-android-apps-months-2012

Top 10 ways to protect your privacy and avoid the government prying eyes. http://www.v3.co.uk/v3-uk/news/2168645/protect-privacy-avoid-government-s-prying-eyes

Wizard X · « **Reply #112 on:** April 28, 2012, 09:49:23 AM »

VMware source code stolen, impact unclear. http://www.networkworld.com/news/2012/042512-vmware-source-code-258680.html

VMware confirms ESX source code had been stolen and published. http://www.theregister.co.uk/2012/04/25/vmware_source_code_leak/

House passes CISPA cyberthreat sharing bill, despite privacy concerns. http://www.computerworld.com/s/article/9226639/House_passes_CISPA_cyberthreat_sharing_bill_despite_privacy_concerns?taxonomyId=17

Tsathoggua · « **Reply #113 on:** April 30, 2012, 06:49:51 PM »

Wizard-such a low-level piece of malware has already been developed. Nasty bit of work and no mistake, and EXTREMELY difficult to detect. Its a rootkit going by the name of blue pill (a matrix reference if Tsathoggua is not mistaken)

http://en.wikipedia.org/wiki/Blue_Pill_(software) a little more information on this nasty little fucker.

Wizard X · « **Reply #114 on:** May 06, 2012, 12:05:28 AM »

Iran admits expanded cyberattacks, claims it's identified hackers. http://www.computerworld.com/s/article/9226754/Iran_admits_expanded_cyberattacks_claims_it_s_identified_hackers?taxonomyId=17

Skype slurping software threatens IP exposure. http://www.theregister.co.uk/2012/05/01/skype_ip_security/
Researchers: Skype Ignored Location-Tracking Vulnerability for More Than a Year. http://www.wired.com/threatlevel/2012/05/skype-location-tracking/

Kaspersky: Apple security is like Microsoft's in 2002. http://www.theregister.co.uk/2012/05/02/kaspersky_apple_flashback_microsoft/

The 10 worst Web application-logic flaws that hackers love to abuse. http://www.computerworld.com/s/article/9226821/The_10_worst_Web_application_logic_flaws_that_hackers_love_to_abuse?taxonomyId=17

Hackers hold bank to ransom over stolen data. http://www.zdnet.co.uk/news/security-threats/2012/05/04/hackers-hold-bank-to-ransom-over-stolen-data-40155167/

Microsoft boots Chinese firm for leaking Windows exploit. http://www.computerworld.com/s/article/9226877/Microsoft_boots_Chinese_firm_for_leaking_Windows_exploit?taxonomyId=17

Wizard X · « **Reply #115 on:** May 11, 2012, 12:04:42 AM »

-- Microsoft --

Microsoft Silverlight Multiple Vulnerabilities. http://secunia.com/advisories/49122/

Microsoft Office Multiple Vulnerabilities. http://secunia.com/advisories/49121/

Microsoft Windows Multiple Vulnerabilities. http://secunia.com/advisories/49120/

Microsoft .NET Framework Multiple Vulnerabilities. http://secunia.com/advisories/49119/

Microsoft .NET Framework Two Serialization Vulnerabilities. http://secunia.com/advisories/49117/

Microsoft Windows Partition Manager Privilege Escalation Vulnerability. http://secunia.com/advisories/49115/

Microsoft Windows TCP/IP Stack Two Vulnerabilities. http://secunia.com/advisories/49114/

Microsoft Visio Viewer VSD File Format Memory Corruption Vulnerability. http://secunia.com/advisories/49113/

Microsoft Office Excel Multiple Vulnerabilities. http://secunia.com/advisories/49112/

Microsoft Office Word RTF Data Parsing Vulnerability. http://secunia.com/advisories/49111/

-- Apple --

Apple Safari Multiple Vulnerabilities. http://secunia.com/advisories/47292/

Apple Mac OS X Multiple Vulnerabilities. http://secunia.com/advisories/49039/

Apple iOS Multiple Vulnerabilities. http://secunia.com/advisories/48454/

-- Adobe --

Adobe Photoshop Two TIFF Processing Memory Corruption Vulnerabilities. http://secunia.com/advisories/48457/

Adobe Illustrator Multiple Vulnerabilities. http://secunia.com/advisories/47118/

Adobe Flash Professional JPG Processing Integer Overflow Vulnerability. http://secunia.com/advisories/47116/

Adobe Shockwave Player Multiple Vulnerabilities. http://secunia.com/advisories/49086/

http://secunia.com/advisories/business_solutions/

1. [SA48009] Oracle Java SE Multiple Vulnerabilities
2. [SA49096] Adobe Flash Player Object Confusion Vulnerability
3. [SA49021] Microsoft Windows win32k.sys Denial of Service Vulnerability
4. [SA49019] VMware ESX Server / ESXi Multiple Vulnerabilities
5. [SA49014] PHP PHP-CGI QUERY_STRING Parameter Vulnerability
6. [SA49032] VMware Workstation / Player / Fusion Two Privilege Escalation Vulnerabilities
7. [SA48992] Google Chrome Multiple Vulnerabilities
8. [SA49022] FFmpeg Multiple Vulnerabilities
9. [SA49054] HP Insight Management Agents Multiple Vulnerabilities
10. [SA48978] HP SNMP Agents URL Redirect and Cross-Site Scripting Vulnerabilities

Wizard X · « **Reply #116 on:** May 20, 2012, 01:56:32 AM »

CERT warns of targeted phishing attacks against gas pipeline firms. http://www.networkworld.com/news/2012/050712-cert-warns-of-targeted-phishing-259049.html
DHS: Gas pipeline industry under significant ongoing cyberattack. http://www.networkworld.com/news/2012/050812-pipeline-cyberattack-259069.html

Apple logging passwords in plain text. http://www.theregister.co.uk/2012/05/06/lion_logging_passwords_by_accident/

Twitter Breached, 50k Accounts Posted to Internet. http://www.networkworld.com/news/2012/050912-twitter-breached-50k-accounts-posted-259137.html
Twitter jumps on Do Not Track bandwagon. http://www.computerworld.com/s/article/9227288/Twitter_jumps_on_Do_Not_Track_bandwagon?taxonomyId=17

PHP devs lob second patch at super-critical CGI bug. http://www.theregister.co.uk/2012/05/09/php_cgi_patch/

Adobe: Pay upgrade price to patch critical bugs. http://www.computerworld.com/s/article/9227099/Adobe_Pay_upgrade_price_to_patch_critical_bugs?taxonomyId=17

Amnesty UK website hacked to serve lethal Gh0st RAT Trojan. http://news.techworld.com/security/3357186/amnesty-uk-website-hacked-serve-lethal-gh0st-rat-trojan/

Hackers break into bitcoin exchange, steal $90,000 in bitcoins. http://www.computerworld.com/s/article/9227157/Hackers_break_into_bitcoin_exchange_steal_90_000_in_bitcoins?taxonomyId=17

Wikipedia warns users about malware injecting ads into its pages. http://www.networkworld.com/news/2012/051512-wikipedia-warns-users-about-malware-259309.html

Smartphone security is heading for 'apocalypse'. http://www.computerworld.com/s/article/9227222/Smartphone_security_is_heading_for_apocalypse_?taxonomyId=17

Wizard X · « **Reply #117 on:** June 10, 2012, 12:03:39 AM »

'Flame' Spread Via Rogue Microsoft Security Certificates. http://www.networkworld.com/news/2012/060412-39flame39-spread-via-rogue-microsoft-259838.html
Unauthorized digital certificates could allow spoofing. http://support.microsoft.com/kb/2718704

Kaspersky describes Flame as a backdoor and a Trojan with worm-like features. The initial point of entry for the virus is unknown -- spearphishing or infected websites are possibilities -- but after the initial infection, the virus can spread through USB sticks or local networks.

Flame is meant to gather information from infected PCs. The virus can sniff out information from input boxes, including passwords hidden by asterisks, record audio from a connected microphone and take screenshots of applications that the virus deems important, such as IM programs. It can also collect information about nearby discoverable Bluetooth devices. The virus then uploads all this information to command and control servers, of which there are about a dozen scattered around the world.

http://www.pcworld.com/article/256508/the_flame_virus_your_faqs_answered.html

Google warns Gmail users of 'state-sponsored' hacks. http://www.computerworld.com/s/article/9227782/Google_warns_Gmail_users_of_state_sponsored_hacks?taxonomyId=17

LinkedIn breach bigger than first thought. http://www.v3.co.uk/v3-uk/news/2182509/linkedin-breach-bigger

eHarmony dating site joins LinkedIn in confirming password breach. http://news.techworld.com/security/3362403/eharmony-dating-site-confirms-password-breach/

fresh1 · « **Reply #118 on:** June 10, 2012, 04:12:06 AM »

apparently computas infected with flame recieved a "suicide code' yesterday which completely removed the virus!!!

That's REALLY scary when you think about the implications of this, esp considering the possible sources of this code!!

Wizard X · « **Reply #119 on:** June 16, 2012, 03:52:21 AM »

Flame crypto attack very hard to pull off, researcher says. http://www.computerworld.com/s/article/9228029/Flame_crypto_attack_very_hard_to_pull_off_researcher_says?taxonomyId=17

MySQL vulnerability allows attackers to bypass password verification. http://www.computerworld.com/s/article/9227965/MySQL_vulnerability_allows_attackers_to_bypass_password_verification?taxonomyId=17

Global Payments still unsure about compromised cardholder data. http://www.zdnet.com/blog/security/global-payments-still-unsure-about-compromised-cardholder-data/12457?tag=search-results-rivers;item0

Have LinkedIn's security woes permanently damaged the social network? http://www.computerworld.com/s/article/9228122/Have_LinkedIn_s_security_woes_permanently_damaged_the_social_network_?taxonomyId=17

Authentication and Authorization: A Deep Dive Report. http://www.computerworld.com/s/article/9228111/Authentication_and_Authorization_A_Deep_Dive_Report?taxonomyId=17

Author Topic: Internet Vulnerability & Exploits (Read 1889 times)

fresh1

Re: Internet Security & Exploits.

Wizard X

Re: Internet Security & Exploits.

Wizard X

Re: Internet Security & Exploits.

Wizard X

Re: Internet Security & Exploits.

Wizard X

Re: Internet Security & Exploits.

Wizard X

Re: Internet Security & Exploits.

fresh1

Re: Internet Security & Exploits.

myCH3

Re: Internet Security & Exploits.

fresh1

Re: Internet Security & Exploits.

Wizard X

Re: Internet Security & Exploits.

Wizard X

Re: Internet Security & Exploits.

Wizard X

Re: Internet Security & Exploits.

Wizard X

Re: Internet Security & Exploits.

Tsathoggua

Re: Internet Security & Exploits.

Wizard X

Re: Internet Security & Exploits.

Wizard X

Re: Internet Security & Exploits.

Wizard X

Re: Internet Security & Exploits.

Wizard X

Re: Internet Security & Exploits.

fresh1

Re: Internet Security & Exploits.

Wizard X

Re: Internet Security & Exploits.