Reversing Prince Harming’s kiss of deathFg, reverse.put.as BlogThe suspend/resume vulnerability disclosed a few weeks ago (named Prince Harming by Katie Moussouris) turned out to be a zero day. While (I believe) its real world impact is small, it is nonetheless a critical vulnerability and (another) spectacular failure from Apple.Senin, 06 Jul 2015
Drupal plugs critical vulnerability leaving thousands of websites open to attackAlastair Stevenson, V3.co.ukOpen source content management system (CMS) service Drupal has rushed out a wave of security updates plugging flaws that leave numerous businesses and government departments open to attack.Senin, 06 Jul 2015
NSA and GCHQ target security firm including KasperskyPierluigi Paganini, Security AffairsThe list of companies hacked by the intelligence agencies is long and includes prestigious names like Kaspersky Lab, F-Secure, ESET, Avast, BitDefender, AVG, and Checkpoint.Senin, 06 Jul 2015
Critical vulnerabilities in Windows and Adobe Reader exposed by hackerKarl Thomas, welivesecurityA hacker has published an extensive list of Adobe Reader and Windows vulnerabilities based on his research into a relatively obscure area of font management.Jumat, 03 Jul 2015
Default SSH Key Found in Many Cisco Security AppliancesDennis Fisher, ThreatPost (Kaspersky Blog)"The company said that all of its Web Security Virtual Appliances, Email Security Virtual Appliances, and Content Security Management Virtual Appliances are affected by the vulnerability. This bug is about as serious as they come for enterprises."Kamis, 02 Jul 2015
Trend Micro Discovers Apache Cordova Vulnerability that Allows One-Click Modification of Android AppsSteven Shen, Security Intelligence Blog (Trend Micro)We’ve discovered a vulnerability in the Apache Cordova app framework that allows attackers to modify the behavior of apps just by clicking a URL. The extent of the modifications can range from causing nuisance for app users to crashing the apps completely.Rabu, 17 Jun 2015
The Cost of Bad Threat IntelligenceSergio Caltagirone, activeresponse.orgThere is no doubt that threat intelligence is now “a thing.” At RSA 2015 I couldn’t help but notice how many vendor booths were hawking their relevance to threat intelligence. I hear about a threat intelligence start-up almost weekly. That is not surprising given venture capital is flowing and C-suite customers are now investing in “threat intelligence.” Everyone wants a piece of the pie.Rabu, 17 Jun 2015
Synology Fixes File-Takeover Flaw in Cloud Station OS X Client Dennis Fisher, Threat Post (Kaspersky blog)There is a vulnerability in some versions of Synology’s Cloud Station client for OS X that can enable any user to take over system files and gain complete control of the machine. ...Rabu, 17 Jun 2015
Redis EVAL Lua Sandbox EscapeBen Murphy's BlogIt is possible to break out of the Lua sandbox in Redis and execute arbitrary code. This vulnerability is not new and is heavily based on Peter Cawley’s work with Lua bytecode type confusion. Rabu, 17 Jun 2015
Pixiewps - Bruteforce Offline the WPS Pin (Pixie Dust Attack)Lydecker Black, KitploitPixiewps is a tool written in C used to bruteforce offline the WPS pin exploiting the low or non-existing entropy of some APs (pixie dust attack). It is meant for educational purposes only. All credits for the research go to Dominique Bongard.Rabu, 17 Jun 2015
Disclaimer | Copyright © 2013 - Id-SIRTII/CC
Id-SIRTII/CC - Indonesia Security Incident Response Team on Internet Infrastructure/Coordination Center
Menara Ravindo Lt. 17, Jl. Kebon Sirih No. 75 Jakarta Pusat, 10340, Indonesia
Member of: