Browsing Tag: vulnerabilities

In case you thought that the mass exodus of researchers from TippingPoint’s Zero Day Initiative in recent months meant that the demand for third-party vulnerability markets was waning, fear not. Several former members of the ZDI team have come back together to form a new firm called Exodus Intelligence that will have its own vulnerability purchasing program, among other offerings.

Read more...

Categories: Uncategorized

Less than a week after Microsoft released a patch for a critical vulnerability in Internet Explorer, attack code has become publicly available in the form of a module for the Metasploit Framework. The bug is serious one that enables an attacker to bypass both ASLR and DEP, the two main anti-exploit technologies in IE, and run arbitrary code on the victim’s machine.

Read more...

Categories: Web Security

Two researchers say they’ve found a security hole in Tumblr, one of the most popular sites on the Internet, that could steal users’ authentication cookies to break into their accounts.

Aditya Gupta and Subho Halder say they’ve tried to contact Tumblr about the vulnerability by using mail and Twitter, but so far no one has responded. The social sharing site  hosts 59.4 million micro blogs and has published almost 25 billion posts.

Read more...

Categories: Vulnerabilities

There is a trivially exploitable vulnerability in MySQL that enables an attacker to gain root access to the database server. The bug, which recently was patched, stems from an error in the way that MySQL and MariaDB handle passwords, giving an attacker a chance of getting root access by supplying any password to an affected server.

Read more...

Categories: Vulnerabilities

By Alexander GostevThe Flame malware uses several methods to replicate itself. The most interesting one is the use of the Microsoft Windows Update service. This is implemented in Flame’s “SNACK”, “MUNCH” and “GADGET” modules. Being parts of Flame, these modules are easily reconfigurable. The behavior of these modules is controlled by Flame’s global registry, the database that contains thousands of configuration options.

Read more...