Monthly Archives: June 2015

AVG

Could hackers use your GoPro to spy on you?

It turns out that baby monitors are not the only weak point in our digitally connected homes. Earlier this week, security researchers Pen Test Partners warned that Internet enabled GoPro Cameras were vulnerable to hijacking.

As reported on the BBC, the researchers gained access to a GoPro Hero4 camera, even though it appeared off, and could see and hear through the device, as well as delete videos stored on it.

According to the report, the attacker could “wake” the device, turn off its recording lights, and then video-stream what the device could see to his own mobile phone.”

According to a GoPro statement, the issue is not an issue of security but rather of poor password choices by their users. “We follow the industry-standard security protocol called WPA2-PSK (pre-shared key) mode…. We require our customers to create a password 8-16 characters in length; it’s their choice to decide how complex they want it to be.”

Clearly, this is a potentially harmful risk to privacy and security, so the first and most important thing that you should do if concerned by this attack is create strong passwords.

The following infographic has three simple steps that you can take to help create a strong password that will help keep your devices and personal data safe.

Security

Phishers Going the Long Way Round to Avoid Filtering Systems

Any human with an email address likely has gotten thousands of spam messages that look like delivery notifications, invoices, or other alleged communications from shipping companies such as UPS or DHL. They typically contain malicious attachments with exploits for a browser or plug-in vulnerability, but a researcher at the University of Cambridge has run across […]

NVD

CVE-2014-9201 (m-2001d_digital_tapchanger_control, m-2001d_digital_tapchanger_control_d-0214_firmware, m-6200_digital_voltage_regulator_control, m-6200_digital_voltage_regulator_control_d-0198_firmware, m-6200a_digital_voltage_regulator_control, m-6200a_digital_voltage_regulator_control_d-0228_firmware, m-6280_digital_capacitor_bank_control, m-6280_digital_capacitor_bank_control_firmware, m-6280a_digital_capacitor_bank_control, m-6280a_digital_capacitor_bank_control_d-0254_firmware, m-6283a_three_phase_digital_capacitor_bank_control, m-6283a_three_phase_digital_capacitor_bank_control_d-0346_firmware)

Beckwith Electric M-6200 Digital Voltage Regulator Control with firmware before D-0198V04.07.00, M-6200A Digital Voltage Regulator Control with firmware before D-0228V02.01.07, M-2001D Digital Tapchanger Control with firmware before D-0214V01.10.04, M-6283A Three Phase Digital Capacitor Bank Control with firmware before D-0346V03.00.02, M-6280A Digital Capacitor Bank Control with firmware before D-0254V03.05.05, and M-6280 Digital Capacitor Bank Control do not properly generate TCP initial sequence number (ISN) values, which makes it easier for remote attackers to spoof TCP sessions by predicting an ISN value.

NVD

CVE-2015-1000 (softcms)

Stack-based buffer overflow in the OpenForIPCamTest method in the RTSPVIDEO.rtspvideoCtrl.1 (aka SStreamVideo) ActiveX control in Moxa SoftCMS before 1.3 allows remote attackers to execute arbitrary code via the StrRtspPath parameter.

NVD

CVE-2015-3950 (442sr_os)

Cross-site request forgery (CSRF) vulnerability in XZERES 442SR OS on 442SR wind turbines allows remote attackers to hijack the authentication of admins for requests that select a different default admin user via a GET request.

Full Disclosure

1 Click Extract Audio v2.3.6 – Activex Buffer Overflow

Posted by Vulnerability Lab on Jun 05

Document Title:
===============
1 Click Extract Audio v2.3.6 – Activex Buffer Overflow

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1506

Video: http://www.vulnerability-lab.com/get_content.php?id=1507

Release Date:
=============
2015-06-05

Vulnerability Laboratory ID (VL-ID):
====================================
1506

Common Vulnerability Scoring System:
====================================
6.1…