A Brazilian political website has been compromised and is injecting iFrames that attempt to change the victim’s router DNS settings.
Tag Archives: Vulnerabilities
Details Disclosed for Critical Vulnerability Patched in Webmin
The University of Texas information security office disclosed details of a vulnerability in remote management software Webmin that could allow someone to remotely delete files on a host server.
Apache Warns of Tomcat Remote Code Execution Vulnerability
Some older versions of Apache Tomcat, the company’s open source web server and servlet container, are vulnerable to remote code execution.
Adobe Patches Host of Memory Bugs in Flash Player
Adobe announced security updates and a new version of Flash Player for Windows, Mac and Linux; the company also announced it was postponing a scheduled update for Reader and Acrobat.
Research Finds No Large Scale Heartbleed Exploit Attempts Before Vulnerability Disclosure
In the days and weeks following the public disclosure of the OpenSSL Heartbleed vulnerability in April, security researchers and others wondered aloud whether there were some organizations–perhaps the NSA–that had known about the bug for some time and had been using it for targeted attacks. A definitive answer to that question may never come, but […]
Israeli Think-Tank Site Serves Sweet Orange Exploit
Drive-by malware downloads have been spotted on the website of a prominent Israel think-tank, the Jerusalem Center for Public Affairs. The attacks seems to target bank credentials.
Feared Home Depot Breach Sparks More Interest in Backoff PoS Malware
Security experts are digging into point-of-sale malware, Backoff in particular, as speculation rages on about how hackers pulled off the Home Depot data breach.
Some Cable Modems Found to Leak Sensitive Data Via SNMP
Cable modems sold by two manufacturers expose a wide variety of sensitive information over SNMP, including usernames and passwords, WEP keys and SSIDs. Researchers who discovered the vulnerabilities say they’re trivially exploitable and plan to release Metasploit modules for them later this month. The broadband modems, manufactured by Netmaster and ARRIS, leak the sensitive information […]
CERT/CC Enumerates Android App SSL Validation Failures
The CERT Coordination Center at Carnegie Mellon today released a list of Android applications hosted on Google Play and Amazon that it says fail to validate SSL certificates over HTTPS.
Twitter Launches Bug Bounty Program
Twitter is the latest major Internet company to establish a bug bounty program, and has put no upper limit on the bounty that a researcher can earn for reporting a vulnerability. The company announced on Wednesday that it will operate its bounty program through the HackerOne platform, a bug bounty system that enables vendors to […]