Free Republic 3rd Quarter Fundraising Target: $88,000 Receipts & Pledges to-date: $44,961
51%  
Woo hoo!! And we're now over 51%!! Thank you all very much!! God bless.

Keyword: vulnerability

Brevity: Headers | « Text »
  • The Stack Clash (Major Vulnerability found in Linux, Solaris, Free/Net/OpenBSD)

    06/20/2017 2:52:48 PM PDT · by dayglored · 31 replies
    Qualys Security Labs Blog ^ | Jun 19, 2017 | Qualys Research Team
    Note from dayglored: This article is about a flaw in the *IX systems -- Linux, FreeBSD, NetBSD, OpenBSD, Solaris. It does NOT apply to Windows, nor as far as I can tell, to OS X (even though OS X is based on FreeBSD). What is the Stack Clash? The Stack Clash is a vulnerability in the memory management of several operating systems. It affects Linux, OpenBSD, NetBSD, FreeBSD and Solaris, on i386 and amd64. It can be exploited by attackers to corrupt memory and execute arbitrary code.Qualys researchers discovered this vulnerability and developed seven exploits and seven proofs of concept...
  • Android bug fear in 900 million phones

    08/08/2016 1:39:53 AM PDT · by Swordmaker · 20 replies
    BBC ^ | August 8, 2016 | By Mark Ward
    The flaws affect devices containing Qualcomm chips Serious security flaws that could give attackers complete access to a phone's data have been found in software used on tens of millions of Android devices. The bugs were uncovered by Checkpoint researchers looking at software running on chipsets made by US firm Qualcomm. Qualcomm processors are found in about 900 million Android phones, the company said. However, there is no evidence of the vulnerabilities currently being used in attacks by cyberthieves. "I'm pretty sure you will see these vulnerabilities being used in the next three to four months," said Michael Shaulov, head...
  • Zero-day exploit can bypass rootless on Mac to modify the system without detection

    03/27/2016 12:18:07 AM PDT · by Swordmaker · 16 replies
    Digital Trends ^ | March 25, 2016 | By Justin Pot
    A zero-day exploit affecting Mac OS X allows attackers to execute arbitrary code on any binary. That’s not good, and it gets worse. The exploit bypasses System Identity Protection (SIP, sometimes called rootless), and is almost impossible to trace once implemented. Apple has been notified and a patch is on the way.“Our researchers recently uncovered a major flaw which allows for local privilege escalation and bypass of System Integrity Protection, Apple’s newest protection feature,” wrote SentinelOne in a blog post announcing the discovery. A talk given by Pedro Vilaça at SyScan360, a security conference in downtown Singapore this week, outlined...
  • DROWN Attack - New Server SSL Encryption Vulnerability Announced, 1/3 of Internet Is At Risk

    03/02/2016 1:10:04 PM PST · by dayglored · 27 replies
    DROWN Attack Website ^ | March 1, 2016 | (Various researchers)
    As described in this paper "DROWN: Breaking TLS using SSLv2" (PDF), it is possible to crack current TLS encryption using an old, obsolete, but nevertheless still deployed protocol, SSLv2. This is a server-side issue -- it is not something clients (normal users) can do anything about. Folks browsing the web have to rely on the system admins at their favorite websites, mail portals, banks, shops, etc. to fix this. It is estimated that a third of the public servers on the Internet are vulnerable to this attack. You can test the servers in a given domain using this tool from...
  • Zero-Day FFmpeg Vulnerability Lets Anyone Steal Files from Remote Machines

    01/14/2016 7:18:26 PM PST · by Utilizer · 19 replies
    Softpedia ^ | Jan 13, 2016 22:03 GMT | Marius Nestor
    A zero-day vulnerability in the FFmpeg open-source multimedia framework, which is currently used in numerous Linux kernel-based operating systems and software applications, also for the Mac OS X and Windows platforms, was unveiled recently. The vulnerability was discovered on January 12, 2016, by Russian programmer Maxim Andreev in the current stable builds of the FFmpeg software, and it would appear that it allows anyone who has the necessary skills to hack a computer to read local files on a remote machine and send them over the network using a specially crafted video file. The vulnerability is limited to reading local...
  • Surprise, Apple's OS X Comes Out as Most Vulnerable Software of 2015

    01/03/2016 5:58:53 PM PST · by Up Yours Marxists · 92 replies
    Hackread ^ | January 3, 2015 17:01 UTC | Ali Raza
    In a study conducted by CVE Details, the most vulnerable software of the previous year has been identified as Apple’s OS X and the tech-giant is also the company with most bugs. With 2016 coming, people in all sectors have been busy summarizing 2015 with reports and lists of who have been the winners and who have been the losers. The tech experts and security personnel have been at it too, with CVE Details producing a list of most vulnerable software of the past year. Many would have expected the list to be topped by Adobe Flash, for the software...
  • 'Devastating' flaw found in Windows' authentication system (Uh-oh, a major Kerberos vulnerability)

    12/15/2015 1:41:21 PM PST · by dayglored · 32 replies
    The Register ^ | Dec 15, 2015 | Kieren McCarthy
    Security researcher @dfirblog has discovered what he calls a devastating flaw in Windows' Kerberos authentication system. The flaw cannot be fixed and the only solution is to introduce and use Microsoft's Credential Guard program to prevent passwords from being stored in memory, according to his extensive blog post. The flaw results from how the third-party authentication system creates secret keys: by using the password associated with a disabled username (krbtgt). That password is rarely changed, making it possible to bypass the authentication system altogether and allow an attacker to grant themselves admin privileges, as well as create secret passwords for...
  • NEW Adobe Flash Zero-day Vulnerability / Exploit - Uninstall Flash Today From All Computers

    10/15/2015 11:34:56 AM PDT · by dayglored · 63 replies
    (vanity, multiple sources) ^ | Oct 15, 2015 | (vanity, multiple sources)
    Yet another bad new Zero-Day (already exploited) Adobe Flash vulnerability. Time to uninstall Flash from all your computers and keep it off for good! To remove Flash from Windows: Close your browser In Control Panel -> Programs and Features, remove/uninstall all Adobe Flash or Shockwave items. Restart your browser Go to Add-ons/Plugins and confirm there are no Shockwave or Flash plugins. To remove Flash from OS X (10.6 and later): Download and run this Flash uninstaller: http://fpdownload.macromedia.com/get/flashplayer/current/support/uninstall_flash_player_osx.dmg To remove Flash from Linux: Close your browser Use "apt-get remove", "yum erase", or find the flashplayer .so (e.g. in /usr/lib[64]/mozilla/plugins or ~/.mozilla/plugins)...
  • Patch! Microsoft emits emergency fix for THIRD Hacking Team hole (Critical Windows Vulnerability)

    07/20/2015 1:58:13 PM PDT · by dayglored · 16 replies
    The Register ^ | July 20, 2015 | Chris Williams
    Microsoft has, in the past couple of minutes, released a security update for all supported versions of Windows to fix a critical remote-code execution vulnerability. Details of the vulnerability were found and reported to Microsoft by security researchers poring over internal memos leaked online from spyware-maker Hacking Team. This follows an elevation-of-privilege hole in Windows, and a remote-code execution vuln in Internet Explorer 11, that were also uncovered from the Hacking Team files, and patched last week by Microsoft. This latest security flaw (MS15-078) lies within the Windows Adobe Type Manager Library, and can be exploited by attackers to hijack...
  • Dont Let the Grinch Steal Christmas (Linux Vulnerability)

    12/18/2014 2:47:48 PM PST · by zeugma · 20 replies
    AlertLogic Blog ^ | December 16, 2014 | Stephen Coty
    Dont Let the Grinch Steal Christmas December 16, 2014 Posted by: Stephen Coty, Chief Security EvangelistLeave a comment Blog Contributions by Tyler Borland, Sr. Security Researcher and Stephen Coty, Chief Security Evangelist, Alert Logic Since we are in the thick of the holiday season, we are analyzing which operating systems support the needs of e-commerce and brick and mortar retail shops. Due to the lower cost of ownership and efficiencies such as a non-resource heavy operating system that allow for applications to run more smoothly, we found that Linux is dominating when it comes to e-commerce site deployment. According...
  • New zero day vulnerability identified in all versions of IE

    04/27/2014 4:26:55 PM PDT · by dayglored · 95 replies
    Cnet ^ | Apr 27, 2014 | Steven Musil
    A new zero day vulnerability that resides in all versions of Internet Explorer has been spotted in the wild, Microsoft confirmed late Saturday. The vulnerability, which could allow remote code execution, is being used in "limited, targeted attacks," according to an advisory issued by Microsoft. While all versions of the web browser, IE 6 through 11, are affected by the vulnerability, attacks are currently targeting IE versions 9, 10 and 11, according to security firm Fire Eye, which first reported the flaw Friday. The attack leverages a previously unknown "use after free" vulnerability -- data corruption that occurs after memory...
  • Major security flaw threatens Linux users

    03/05/2014 10:20:50 AM PST · by ShadowAce · 56 replies
    Network World ^ | 4 March 2014 | Jon Gold
    A source code mistake in the GnuTLS library an open-source software building block used in a large number of different Linux distributions to handle secure Internet connections could prove a serious threat to the privacy of Linux users, as developers rush to patch the vulnerability. Nikos Mavrogiannopolous, the developer of GnuTLS, announced Monday in a mailing list message that he had implemented a fix to the source code that closes the loophole. The flaw would have enabled an attacker to spoof GnuTLS system for verifying certificates, exposing supposedly secure connections to stealthy eavesdropping. By creating a specific type...
  • Backdoor in mission-critical systems (Grid,etc controllers)

    04/26/2012 11:19:35 AM PDT · by dickmc · 5 replies
    Risks Digest ^ | April 25, 2012 | C Y Cripps
    Article regarding alarming major Ruggedcom (Siemens) controller BACKDOOR vulnerability. These controllers are used widely in the electric grid, military, and transportation systems!
  • A simple HTML tag will crash 64-bit Windows 7

    12/21/2011 10:18:07 AM PST · by ShadowAce · 55 replies
    The Register ^ | John Leyden
    An unpatched critical flaw in 64-bit Windows 7 leaves computers vulnerable to a full 'blue screen of death' system crash. The memory corruption bug in x64 Win 7 could also allow malicious kernel-level code to be injected into machines, security alert biz Secunia warns. Fortunately the 32-bit version of Windows 7 is immune to the flaw, which has been pinned down to the win32k.sys operating system file - which contains the kernel portion of the Windows user interface and related infrastructure.Proof-of-concept code showing how to crash vulnerable Win 7 boxes has been leaked: the simple HTML script, when opened in...
  • Whitehats pierce giant hole in Microsoft security shield

    04/18/2011 11:56:11 AM PDT · by ShadowAce · 9 replies
    The Register ^ | 18 April 2011 | Dan Goodin
    In late December, Microsoft researchers responding to publicly posted attack code that exploited a vulnerability in the FTP service of IIS told users it wasn't much of a threat because the worst it probably could do was crash the application. Thanks at least in part to security mitigations added to recent operating systems, attackers targeting the heap-overrun flaw had no way to control data that got overwritten in memory, IIS Security Program Manager Nazim Lala blogged. It was another victory for Microsoft's defense-in-depth approach to code development, which aims to make exploitation harder by adding multiple security layers. However, it...
  • How many names and emails wre stolen recently from CC companies?(vanity)

    04/04/2011 4:50:54 PM PDT · by dynachrome · 31 replies
    me ^ | 4-4-11 | The young and studly Dynachrome
    I have received notification of email breaches from Kroger, Best Buy and Home Depot so far. They seem legit as they are not asking for any info, just notifying me of probable phishing scams based on these breaches. so how many credit cards got info stolen recently?
  • Warning: E-mail virus spreading (DHS investigating?)

    09/09/2010 1:57:15 PM PDT · by Rutles4Ever · 35 replies
    Twitter ^ | 09/09/2010 | Jason Ryan
    "Here You Have" Virus Email spreading. DHS US-CERT Computer Emergency Readiness Team looking into issue. will issue bulletin.
  • Unpatched kernel-level vuln affects all Windows versions

    08/07/2010 9:16:32 AM PDT · by dayglored · 20 replies · 2+ views
    The Register (Brit Tech) | Aug 6, 2010 | Dan Goodlin
    Researchers have identified a kernel-level vulnerability in Windows that allows attackers to gain escalated privileges and may also allow them to remotely execute malicious code. All versions of the Microsoft OS are affected, including the heavily fortified Windows 7. The buffer overflow, which was originally reported here, can be exploited to escalate privileges or crash vulnerable machines, IT research company Vupen said. The flaw may also allow attackers to execute arbitrary code with kernel privileges. The bug resides in the CreateDIBPalette() function of a device driver known as Win32k.sys. It is exploited by pasting a large number of color values...
  • Obama's Nuclear Poser Review

    04/07/2010 3:34:56 AM PDT · by Scanian · 3 replies · 218+ views
    The American Thinker ^ | April 07, 2010 | Pamela Geller
    Barack Obama announced Monday what the New York Times called a "new strategy," his Nuclear Posture Review: he is narrowing the conditions under which the U.S. would use nuclear weapons. For the first time since the U.S. became a nuclear power, the President of the United States has explicitly vowed that we will not use nukes even against countries that use chemical or biological weapons against us, or take us down with a massive cyberattack -- as long as those states are obeying the provisions of the Nuclear Nonproliferation Treaty. He also overruled his own Secretary of Defense and said...
  • New poll: Now, signs of real vulnerability for California's Democratic Sen. Barbara Boxer

    02/15/2010 5:14:59 PM PST · by Nachum · 38 replies · 1,621+ views
    l.a. times ^ | 2/15/10 | staff
    So, is California's brittle Democratic Sen. Barbara Boxer about to become the next Harry Reid? Which is to say, embattled at home. As Reid worked the wallets of San Francisco on Presidents' Day to raise money for his endangered seat in Nevada, some stunning new Rasmussen Reports poll out today makes a compelling point: For the second straight month the three-term senator is unable to break the 50% mark against any potential Republican opponents, the historical measuring mark of vulnerability for an incumbent nine months before an election.