Lorex LH162400 DVR firmware version 5.2.0-20141008 has a hard-coded administrative backdoor credential.
Monthly Archives: May 2016
Avast security news wrap-up
Can your bad passwords cost you money and cause trouble?
That question was answered with a resounding YES by college football star Laremy Tunsil. A hacked Twitter and Instagram account cost that falling sports star an estimated $13 million. Don’t let your easy-to-crack passwords cost you. Use a password manager or follow our tips for strong passwords.
CERT Warns Of Hardcoded Creds In Medical App
Google Pays $65k To Shutter 23 Chrome Bugs
Australian Police To Sell 24,518 Seized Bitcoins
Packet Fence 6.0.2
PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
WebKitGTK+ Code Execution / Denial Of Service / Memory Corruption
WebKitGTK+ versions prior to 2.12.3 and 2.12.1 suffer from memory corruption, code execution, information disclosure, and denial of service vulnerabilities.
Jetty 9.3.8 Path Sanitization
The Jetty path normalization mechanism suffers of an implementation issue when parsing the request URLs. The path normalization logic implemented in the PathResource class and introduced in Jetty versions 9.3.x can be defeated by requesting malicious URLs containing specific escaped characters. Leveraging on this weakness, a malicious user can gain access to protected resources (e.g. WEB-INF and META-INF folders and their contents) and defeat application filters or other security constraints implemented in the servlet configuration. Versions 9.3.0 through 9.3.8 are affected.
Debian Security Advisory 3588-1
Debian Linux Security Advisory 3588-1 – Two vulnerabilities were discovered in Symfony, a PHP framework.
65 million Tumblr users should probably be careful…
65 million Tumblr users have had their details compromised as a result of a recently-discovered breach dating back to 2013. But it’s not just their passwords that they should be concerned about.
The post 65 million Tumblr users should probably be careful… appeared first on We Live Security.