News

Exploits / vulnerabilities

Article | 26/11/2011 Unpatched Apache reverse proxy flaw allows access to internal network
A yet-to-be-patched flaw discovered in the Apache HTTP server allows attackers to access protected resources on the internal network if some rewrite r...
Article | 18/11/2011 ISC patches BIND denial-of-service flaw that crashed servers worldwide
The Internet Systems Consortium (ISC), an organization that maintains several software products critical for Internet infrastructure, has released a p...
Article | 15/11/2011 Apple secures iTunes update checking to address man-in-the-middle vulnerability
Apple's iTunes 10.5.1 update addresses a weakness in the application's update mechanism that could be exploited to trick users into visiting malicious...
Article | 15/11/2011 Researchers bypass the restrictions of Mac OS X default sandbox profiles
The restrictions imposed by Mac OS X generic application sandbox profiles can be easily bypassed, researchers from Core Security Technologies found.
Article | 4/11/2011 Microsoft issues workaround for Duqu attack while it prepares a patch
Microsoft has published code to temporarily blunt attacks against a software vulnerability exploited by Duqu, an advanced piece of malicious software ...
Article | 4/11/2011 Ongoing drive-by download campaign hijacked MIT server
A server belonging to the Massachusetts Institute of Technology was commandeered by hackers who used it to launch attacks against other websites as pa...
Article | 2/11/2011 Secunia offers to coordinate vulnerability disclosure on behalf of researchers
Danish vulnerability management company Secunia aims to make the task of reporting software vulnerabilities easier for security researchers by offerin...
Article | 2/11/2011 Duqu exploits zero-day Windows kernel vulnerability to infect computers
Security researchers from the CrySyS laboratory in Hungary have located an installer for Duqu, the <a href="http://www.pcworld.com/businesscenter/arti...
Article | 1/11/2011 Old image resize script leaves 1 million Web pages compromised
A serious code injection vulnerability affecting timthumb, a popular image resize script used in many WordPress themes and plugins, has been exploited...
Article | 27/10/2011 Researchers demo cloud security issue with Amazon AWS attack
Researchers from the Horst Goertz Institute (HGI) of the Ruhr-University Bochum (RUB) in Germany have demonstrated an account hijacking attack against...
Article | 27/10/2011 Researchers demo cloud security issue with Amazon AWS attack
Researchers from the Horst Goertz Institute (HGI) of the Ruhr-University Bochum (RUB) in Germany have demonstrated an account hijacking attack against...
Article | 26/10/2011 Exploit-powered Android Trojan uses update attack
A new variant of the DroidKungFu Android Trojan is posing as a legitimate application update in order to infect handsets, according to security resear...
Article | 21/10/2011 Adobe to fix Flash flaw that allows webcam spying
Adobe is working on a fix for a Flash Player vulnerability that can be exploited via clickjacking techniques to turn on people's webcams or microphone...
Article | 20/10/2011 Opera denies refusing to patch critical vulnerability
Opera Software has released an update for its desktop browser in order to address a critical vulnerability in its handling of Scalable Vector Graphics...
Article | 20/10/2011 German federal Trojan eavesdrops on 15 applications, experts find
A Trojan used by German law enforcement authorities to intercept Internet phone calls is capable of monitoring traffic from 15 programs, including bro...