Dennis Fisher and Mike Mimoso discuss the Windows HTTP.sys vulnerability, Google’s decision to turn off the NPAPI in Chrome and the voting machine security disaster in Virginia.
Monthly Archives: April 2015
New Dark-Web Market Is Selling Zero Day To Hackers
ACLU Notes Whistleblower Sites Not Protected By HTTPS
Enigma Machine Auctioned Off For Record Price
WikiLeaks Reveals Searchable Sony Pictures Documents
Active DoS Exploits for MS15-034 Under Way
Public denial-of-service exploits for a critical vulnerability in Microsoft’s implementation of the HTTP protocol stack, HTTP.sys are under way, while remote code execution attacks may still be to come.
Emails and documents leaked during Sony hack released by WikiLeaks
Hundreds and thousands of documents and emails breached during last Christmas’ cyberattack on Sony Pictures have been published on WikiLeaks, reports the BBC.
The post Emails and documents leaked during Sony hack released by WikiLeaks appeared first on We Live Security.
Minecraft exploit makes it “easy†for hackers to crash servers
A security researcher has posted a Minecraft flaw that makes it “easy” for hackers to crash the game’s servers.
The post Minecraft exploit makes it “easy” for hackers to crash servers appeared first on We Live Security.
Will people always ignore security warnings?
How much of people’s willingness to ignore security warnings is down to their brains?
The post Will people always ignore security warnings? appeared first on We Live Security.
CVE-2014-5370 – Arbitrary File Retrieval + Deletion In New Atlanta BlueDragon CFChart Servlet
Posted by Portcullis Advisories on Apr 17
Vulnerability title: Arbitrary File Retrieval + Deletion In New Atlanta BlueDragon CFChart Servlet
CVE: CVE-2014-5370
Vendor: New Atlanta
Product: BlueDragon CFChart Servlet
Affected version: 7.1.1.17759
Fixed version: 7.1.1.18527
Reported by: Mike Westmacott
Details:
The CFChart servlet of BlueDragon (component com.naryx.tagfusion.cfm.cfchartServlet) is vulnerable to arbitrary file
retrieval due to a directory traversal vulnerability. In…