Browsing Tag: vulnerabilities

Categories: Vulnerabilities

Microsoft on Tuesday fixed a critical vulnerability in a component of Office, SQL Server and other widely deployed applications that attackers already are using in targeted attacks. The flaw in the Microsoft Common Controls component, which was one of the 26 vulnerabilities fixed in nine bulletins issued today, can be exploited remotely and Microsoft said that attackers have been using malicious RTF files sent via email to take advantage of the bug.

Read more...

Categories: Web Security

A security researchers has discovered a pair of methods that enable him to bypass the protections offered by Microsoft’s EMET anti-exploit technology. The Enhanced Mitigation Experience Toolkit, which Microsoft updated late last month to include one of the three technologies that were finalists in the company’s BlueHat Prize competition, is designed to prevent certain kinds of exploits from hitting software vulnerabilities. But now a researcher has developed two techniques that can bypass the protections.

Read more...

Categories: Malware, Vulnerabilities

The Java CVE-2012-1723 vulnerability is suddenly the golden child of bugs. The flaw, which Oracle patched in June, has been the target of several pieces of malware and Web-based attacks of late, and now researchers say there is a phishing scam targeting payroll and HR employees that involves and exploit for the Java bug, as well.

Read more...

SQL injection attacks have been going on for years, and the vulnerabilities and exploitation techniques are well-understood and widely discussed. However, they’re still quite prevalent and are used in a variety of scenarios. One recent example is the attack on a Yahoo site that resulted in a breach of 450,000 usernames and passwords. In this video, Ryan O’Boyle of Veracode discusses the nature of SQL injection attacks and how to defend against them.

Read more...

Categories: Vulnerabilities

Officials at Huawei Technologies say that they’re looking into claims by security researchers made at DEF CON last week that there are a handful of serious security vulnerabilities in some of the company’s routers. Saying it employs “rigorous security strategies and policies” Huawei is trying to verify the flaws discovered by researchers Felix “FX” Lindner and Gregor Kopf.

Read more...

Apple’s iOS and Google’s Android have been on opposite ends of the security continuum for the last few years, with iOS remaining resistant to malware and Android becoming a frequent target for attackers and malware authors. Google has been taking steps to change that in recent releases, and the latest version of its mobile operating system, Android 4.1 Jelly Bean, includes several new exploit mitigations and a more extensive implementation of ASLR to help defeat many kinds of exploits.

Read more...