Adobe released an emergency patch for a critical vulnerability affecting Flash Player for Windows, Linux and OS X, the exploitation of which can result in an attacker gaining remote control of the compromised systems. The security flaw exists in Adobe Flash Player 12.0.0.43 and earlier versions Adobe thanks Alexander Polyakov and Anton Ivanov of Kaspersky Labs […]
Peter Gramantik, a malware researchers from Sucuri has discovered a new way to distribute malware that relies on reading JavaScript code stored in an obfuscated PNG file’s metadata to trigger iFrame injections. This injection makes it very harder for antivirus detection because the injection method is deeply engrained in the image’s metadata. This iframe can be seen […]
A security pen tester from Germany @secalert discovered remote code execution vulnerability on ebay website. As per David Vieira-Kurtz blog , “I found a controller which was prone to remote-code-execution due to a type-cast issue in combination with complex curly syntax. ” David exploited the RCE flaw on ebay.com website and displayed output of phpinfo() […] Visualizing cyber attacks around the world has become easier than before and its made real by Google & Arbor Networks. A joint collaboration between the two companies resulted in ‘Digital Attack map” tool. The usability of the tool is not still expanded but the beautiful graphical page shows various points of ho the attack takes […] We have seen fingerprint reader, face recognition authentication for a while. Smartphone manufacturers have been rumoring about this and Apple finally introduces it. Apple announced their new IPhone 5s with fingerprint reader yesterday. It’s a cool factor to have fingerprint instead of the password or pattern based authentication. Apple claims that fingerprint is stored local […] Maladvertisers targeted L.A. Times sending its thousands of users to Blackhole exploit kit and other malicious sites. Security researcher’s from Blue Coat have discovered a set of malicious domains sending traffic to the searcherstypediscksruns dot com/.net/.org family of Blackhole sites, including adhidclick.com, ortclick.com and several other affiliated sites. These sites were registered During December 2012 […] Recently Roger from posted a question regarding increased traffic on TOR network. After NSA’s surveillance the first suspect was assuming internet users have started using tor network to surf anonymously. However the exponential increased intraffic showed its something more than just the users. The suspect was it must be a botnet. Even Arma posted saying […] According to Securelist.com, Obad.a infects in two steps along with another mobile Trojan named as TrojanSMS.AndroidOS.Opfake.a. This Trojan was noted as one of the most sophisticated Trojan by Kaspersky this May. The infection starts when a legitimate user gets a text message with following text. “MMS message has been delivered, download from www.otkroi.com”. When a […] A critical vulnerability has been discovered in Cisco Secure ACS which allows a remote attacker to gain complete control of a vulnerable device. The successful exploitation of the vulnerability may allow an unauthenticated, remote attacker to execute arbitrary commands and take full control of the operating system that hosts the Cisco Secure Access Control Server […] Researchers from London’s Royal Holloway University designed a tool to fight against phishing using a tool called Uni-IDM(IDSpace). This identity management tool has been introduced to improve security and usability for user authentication. At this point in time, password based authentication has been used all over the world for authentication. As per the university research […]