Tag Archive | "Vulnerability"

Tags: , , ,

IBM Patches ‘Apache Killer’ DOS Vulnerability in IBM i


IBM has released two patches to fix the dangerous denial of services security vulnerability in the HTTP server for IBM I. The HTTP server for IBM I is based on the apache web server. The patches will fix the flaws of denial of services in Apache HTTP server byte range and also the Apache Killer security flaw which is widely used by hackers for the attacks on the network servers. The flaws patched for IBM I 6.1 and IBM I 7.1

Read more…

Posted in NewsComments Off

Tags: ,

Mac user ‘cluelessness’ causes vulnerability


According to iSec Security Analyst Alex Stamos, most the American belive that the only PC’s are vulnerable to malware and virus attacks, but not the Mac devices, such as iPhone, iPad and Mac notebooks and PC’s. Even the servers are also built for susceptible to the attacks, as most of the servers are built of the ease of the use but not to with stand the high profile hacking attacks on the network.

Read more…

Posted in NewsComments Off

Tags: , , , , ,

Apache Confirms DoS Vulnerability in Web Server, Promises Quick Patch


Apache is about to patch the vulnerability that exposes the web server using it Apache software to Denial of Services attacks. The “Apache Killer” Dos tool which is capable of attacking the webserver is available online making the server insecure. The server software has a flaw in handling the multiple overlapping HTTP ranges. The company is about to fix the vulnerability in Apache 2.0 version and 2.2 version within next 96 hours.

Read more…

Posted in NewsComments Off

Tags: , ,

Vulnerability in Tim Thumb Word Press plugins: The effects


Vulnerability in Tim Thumb’s word press blogging platform plugins were exposed. Mr. Mark Maunder of technology company, Feedjit, noticed the vulnerability in wordpress plugin. The vulnerability is affecting the image resizing tool which is used WordPress blogging site. 10,000 WordPress running websites were infected with the code. Developers are now working on the vulnerability to fix it quickly.

Read more…

Posted in NewsComments Off

Tags: , ,

Drop box for Android security bypass vulnerability


Security issue regarding Android’s DropBox, which can be exploited by hacker to bypass security restrictions, was reported by Tyrone Erasmus of MWR Info Security. The Android application can communicate with each other, using the DropBox vulnerability the email address, access secret and access key to the DropBox account and the files which are stored in application database area are at a risk of being stolen. The vulnerability was fixed in the DropBox version 1.1.4, which is currently available in Android market.

Read more…

Posted in NewsComments Off

Tags: ,

SAP will issue patch for NetWeaver vulnerability


SAP is launching a new patch for the security bug affecting the J2EE platform (Java 2 Platform Enterprise Edition) SAP’s Netweaver middleware. The patch will not be a part of out-of-cycle emergency fix, but will be a part of regular security update. The announcement was made during a presentation at the Black Hat security conference in Las Vegas on Thursday.

Read more…

Posted in NewsComments Off

Tags: , ,

eEye Improves Vulnerability Prioritization Capabilities


eEye Digital Security’s has announced a new product “CS Management version 2.5”.The product identifies the lesser known vulnerabilities and offers solutions to them. The consumers can customize the Common Vulnerability Scoring System (CVSS) .It supports both the mobile devices and some select non windows applications.

Read more…

Posted in NewsComments Off

Tags: , , ,

RSA hack exploited Flash vulnerability


The company confirmed, the hack hat compromised RSA’s SecurID product resulted from a targeted advanced persistent threat that took advantage of zero-day vulnerability in the Adobe Flash Player. Attack took the form of two spear phishing e-mails sent over two days to two small groups of RSA employees. The e-mail’s subject line read “2011 Recruitment Plan,” Rivner wrote, and “the e-mail was crafted well enough to trick one of the employees to retrieve it from their Junk mail folder, and open the attached Excel file.”

Read more…

Posted in NewsComments Off

Tags: ,

Cisco ACS unauthorized password change vulnerability


Vulnerability exists in some Cisco Secure Access Control System (ACS) versions that could allow a remote, unauthenticated attacker to change the password of any user. Successful exploitation requires the user account to be defined on the internal identity store. This vulnerability does not allow an attacker to perform any other changes to the ACS database. That is, an attacker cannot change access policies, device properties, or any account attributes except the user password.

Read more…

Posted in Blogs & DiscussionsComments Off

Tags: , , ,

Web applications are new vulnerability to cybercrime


According to Cenzic Inc and Ponemon Institute 73% of businesses have insecure web applications that have been hacked at least once in the last 24 months. These businesses are relying on their network firewalls to protect their website but this is like using a cardboard shield in a sword fight. Businesses have to start investing even more when it comes to online security.

Read more…

Posted in NewsComments Off