LIVE HACKING

WebKit Vulnerability Allows Attackers to Take Control of Android Devices

Ethical Hacker — Mon, 27 Feb 2012 07:37:16 +0000

(LiveHacking.Com) – CrowdStrike, a new security technology company formed by key cyber security executives from McAfee, will demonstrate a new WebKit based attack against Google Android which results in the attacker gaining access to critical system processes and taking complete control of the victim’s device. The firm plans the demo as part of its debut [...]

Philips Electronics Website Hacked, 200,000 Records Stolen

Ethical Hacker — Fri, 24 Feb 2012 09:06:18 +0000

(LiveHacking.Com) – One of the largest electronics companies in the world, Philips Electronics, has been hacked. According to The Hacker News, the hackers defaced a Philips subdomain and left their names “bch195″ and “HaxOr” claiming to be members of Team INTRA. The hackers posted information on the security breach on pastebin which itself contained links to the [...]

New Version of Metasploit Targets IPv6 Risks

Ethical Hacker — Thu, 23 Feb 2012 19:40:44 +0000

(LiveHacking.Com) – Rapid7 has released a new version of Metasploit, its popular penetration testing toolkit, with new functionality to assess the security of IPv6 enabled systems. With Metasploit 4.2 users can test whether IPv6 addresses on their network are vulnerable to cyber-attacks. The framework includes hundreds of working remote exploits for a variety of platforms and the new IPv6 [...]

McAfee Says Malware Surpassed 75 Million Samples in 2011

Ethical Hacker — Wed, 22 Feb 2012 12:46:22 +0000

(LiveHacking.Com) – McAfee has released its Q4 2011 Threat Report (a PDF) and it shows that last year McAfee collected over 75 million unique malware samples! It also shows that 2011 was by far the busiest periods for mobile malware with Android the number one target for writers of mobile malware. The most common type [...]

DDoS Attack Tool Comes to Android

Ethical Hacker — Tue, 21 Feb 2012 14:30:21 +0000

(LiveHacking.Com) – McAfree has reported that the common Low Orbit Ion Cannon (LOIC) denial of service (DoS) tool has been ported to Android. ‘Ported’ might be too strong of a word as this mobile device version is in fact a wrapper around the Javascript version. Nonetheless, this is an interesting advancement in the ubiquity of [...]

Mozilla Sends Another Message to Certificate Authorities

Ethical Hacker — Mon, 20 Feb 2012 08:08:07 +0000

(LiveHacking.Com) – Mozilla has sent an email to all certificate authorities in the Mozilla root program to reiterate that the issuance of subordinate CA certificates for the purposes of SSL man-in-the-middle interception or traffic management is unacceptable. Mozilla has asked the CAs to revoke any such certificates by April 27, 2012. After that date, if [...]

Mozilla Releases Another New Version of Firefox to Fix Yet Another Critical Vulnerability

Ethical Hacker — Mon, 20 Feb 2012 07:50:27 +0000

(LiveHacking.Com) – Less then 7 days after the release of Firefox 10.0.1, Mozilla has now released a new version of Firefox (10.0.2) and Thunderbird (also 10.0.2) to fix a Critical libpng integer overflow vulnerability. The bug, which affects Firefox, Thunderbird, SeaMonkey, is an integer overflow in the libpng library that can lead to a heap-buffer [...]

Is SSL Falling Apart? New Research Papers Find More Holes

Ethical Hacker — Fri, 17 Feb 2012 07:57:06 +0000

(LiveHacking.Com) – Two new research papers (here and here) have been published which examine the low level details of SSL, specifically randomness aspects, and the results are surprising. According to the “Ron was wrong, Whit is right” paper, two out of every one thousand RSA moduli that on the Internet today offer no security. While the Princeton’s Center for Information Technology Policy [...]

Google Release Chrome 17.0.963.56 to Fix Vulnerabilities and Update Flash

Ethical Hacker — Thu, 16 Feb 2012 08:01:43 +0000

(LiveHacking.Com) – Google has updated Chrome to 17.0.963.56 for Windows, Mac and Linux. This release includes a number of stability and security fixes and also includes a new version of Flash. Google paid out nearly $7000 to security researchers who contributed to fixing these security issues. The full list of security related bugs fixed is: [...]

Microsoft Addresses Twenty One Vulnerabilities in Windows, IE and .NET

Ethical Hacker — Wed, 15 Feb 2012 07:17:18 +0000

(LiveHacking.Com) – Microsoft has released fixes to address multiple vulnerabilities as part of its February’s Patch Tuesday. The fixes affect Microsoft Windows, Internet Explorer, .Net Framework, Silverlight, Office, and Windows Server Software. These vulnerabilities may allow an attacker to execute arbitrary code or operate with elevated privileges. Twenty one vulnerabilities were addressed. Microsoft recommends that [...]

Oracle Releases Critical Patch Update for Java

Ethical Hacker — Wed, 15 Feb 2012 06:53:55 +0000

(LiveHacking.Com) – Oracle has released a collection of patches to address multiple security vulnerabilities in Java. The “Critical Patch Update” contains 14 security fixes for the following products: JDK and JRE 7 Update 2 and earlier JDK and JRE 5 Update 30 and earlier JDK and JRE 5.0 Update 33 and earlier SDK and JRE 1.4.2_35 and [...]

Microsoft’s Indian Online Store Hacked

Ethical Hacker — Tue, 14 Feb 2012 08:34:27 +0000

(LiveHacking.Com) – It appears that Microsoft’s online store in India was hacked over the weekend. During the hack the site was defaced and user information exposed including unencrypted passwords. Initially Microsoft didn’t comment on the attack, which is very embrassing for the Redmond company. However they have now commented: “Microsoft is investigating the limited compromise [...]

Dutch ISP KPN Security Breach

Ethical Hacker — Mon, 13 Feb 2012 09:37:50 +0000

(LiveHacking.Com) – One of the largest ISPs in The Netherlands has shut down its email services after a security breach where hackers leaked the credentials and personal information of more than 500 of its customers. KPN discovered the breach at the end of January but after consulting with the Dutch government and law enforcement agencies [...]

Mozilla Fixes Critical Vulnerability in Firefox and Thunderbird

Ethical Hacker — Mon, 13 Feb 2012 09:17:58 +0000

(LiveHacking.Com) – Mozilla has released new versions of Firefox and Thunderbird to fix a “use after free” crash which is potentially exploitable. According to the security advisory Mozilla developers Andrew McCreight and Olli Pettay found that the ReadPrototypeBindings code leaves a XBL binding in a hash table even when the function fails. If this occurs, when [...]

Hackers Strike at iPhone Maker Foxconn

Ethical Hacker — Fri, 10 Feb 2012 07:42:34 +0000

(LiveHacking.Com) – A hacking group calling themselves SwaggSec has launched an attack against Foxconn, the Chinese company who makes iPhones for Apple, and posted data it stole from their servers on The Pirate Bay. According to the blog 9to5Mac the the data contained usernames and passwords for company employees which they were able to verify before access to [...]

Microsoft Preparing Nine Bulletins for February’s Patch Tuesday

Ethical Hacker — Fri, 10 Feb 2012 07:13:59 +0000

(LiveHacking.Com) – Microsoft has released its advance notification of the security bulletins it will issue for February’s patch Tuesday. There will be nine bulletins, addressing 21 vulnerabilities, with severity ratings of critical and important for Microsoft Windows, Internet Explorer, Microsoft Silverlight, Microsoft Server Software, Microsoft Office, and Microsoft .NET Framework. Seven of the nine bulletins [...]

Google Releases Chrome 17 with Security Fixes and New Malicious Downloads Protection

Ethical Hacker — Thu, 09 Feb 2012 08:28:15 +0000

(LiveHacking.Com) – Google has released a new version of its Chrome web browser with twenty security fixes and new functionality to try and protect users from malicious downloads. Chrome 17.0.963.46 fixes one Critical security bug, a race condition after crash of the utility process, eight “High” rated vulnerabilities with the remaining being marked as “Medium” or “Low”. [...]

RealPlayer Updated to Address Security Vulnerabilities

Ethical Hacker — Wed, 08 Feb 2012 08:02:13 +0000

(LiveHacking.Com) – RealNetworks has released new versions of RealPlayer to fix security related vulnerabilities. The new version, RealPlayer 15.02.71, fixes all the known bugs but there are no known reports of any machines actually being compromised as a result of the vulnerabilities. Affected Windows versions are: RealPlayer 11.0 – 11.1 RealPlayer SP 1.0 – 1.1.5 RealPlayer 14.0.0 [...]

Symantec Working with Unnamed Law Enforcement Agency

Ethical Hacker — Tue, 07 Feb 2012 18:38:27 +0000

(LiveHacking.Com) – Following my blog post about Anonymous releasing the source code for pcAnywhere, Symantec has contacted us here at LiveHacking.com with further details of the events leading up to the uploading of the source code. Symantec are underlining the following things: Symantec did NOT offer a bribe to Anonymous. Anonymous tried to extort Symantec [...]

Anonymous Releases Source Code for pcAnywhere [Updated]

Ethical Hacker — Tue, 07 Feb 2012 12:19:29 +0000

Update: Symantec has contacted us here at LiveHacking.com with the following correction: The e-mail string posted on Pastebin by Anonymous was actually between them and a fake e-mail address set up by law enforcement. For more details see Symantec Working with Unnamed Law Enforcement Agency (LiveHacking.Com) – The hacking group Anonymous has tweeted that it has released the source code [...]