Displaying items by tag: Exploit

This one goes in the “this is why patching is important” file and highlights the need to be able to quickly apply patches for critical flaws found in different devices and software. After the disclosure of a critical vulnerability tracked as CVE-2022-1388 (CVSS 9.8) that was identified in multiple versions of F5’s BIG-IP operating system complete with patches last week. We have already seen researchers develop POC code for it and now hear that attackers are actively exploiting the flaw in the wild.

Published in Security Talk

After three spate 0-day vulnerabilities are found in your product you can pretty much expect the market to call for you go away. This is the situation that Adobe is in right now. After fighting to their little slice of dominance in the computing industry Adobe’s Flash is arguably one of the most commonly used APIs to rendering rich content. This has made them a rather large target for a number of years… well this and the fact that the Flash development team has made some rather poor choices when it comes to their application.

Published in News
Thursday, 25 September 2014 06:46

New Bash bug likely to be worse than Heartbleed.

A day after we published an article on how deficient most developers are when it comes to properly planning for security we are hearing about a new bug that infects one of the core components of an operating system. Dubbed Bash or Shellshock this new flaw affects the shell in an OS. The shell in an OS is what allows you to interact with systems. When you run an application it will often run code through the shell to give you the desired result.

Published in News

One thing I find interesting is the lack of any real memory in the technical press. It seems that the people that write about trends and events happening in the technical world often do not remember what has happened before. We saw this with the HeartBleed bug and are seeing it again with BadUSB. If you do not know what this is, well it is a new exploit found in the fundamental way USB works.

Published in News
Saturday, 02 August 2014 16:51

Welcome to Black Hat and DEF CON 2014

We are on the ground in Las Vegas, NV to cover Black Hat and DEF CON 2014. We will be bringing you coverage of the latest in hacks, exploits and the tools that are supposed to protect you from the “bad guys”. We also brought along some fun toys that are perfect to travel security. Granted nothing we brought it going to keep you 100% safe, but in the real world every little bit helps.

Published in Shows and Events

A couple of days ago we posted a story about a group of developers that complained to Valve about their lack of a Bug Bounty. In their complaint was an inference that having a form of reward would make people want to identify and report bugs and exploits in a timely manner. On the surface that would seem to make sense, but there is a flip side to this line of thinking. There will also be times when people will wait to report something to ensure they get the most money out of their efforts.

Published in News
Wednesday, 23 July 2014 11:20

TOR Vulnerability Talk at Black HAT 2014 Canceld

The TOR Project has been the go-to group when it comes to anonymity. This group and their TOR browser bundle are used by millions of people daily and not just to surf for illegal items or porn. In many cases the use of TOR allows dissidents in countries with oppressive governments to maintain connections to the outside world and also communicate. In areas like China TOR and their obfuscator project allow free access to the internet despite the great firewall of China.

Published in News

There is nothing like finding out that the application you bought to keep you safe on the internet can actually be used to insert malicious code. Well this is what AVG Secure Search toolbar users are finding out this morning as news of a vulnerability has hit the web. According to the report from CERT version 18.1.6 and older of AVG Secure Search and AVG SafeGuard install an Active X control that is just bad news.

Published in News

In the browser wars there is always going to be the argument over which browser is “better”. You will hear people talk about how fast, secure, cool, feature rich their favorite browser is, but in the end all of them really fall short of where they should be. Oddly enough it is Microsoft’s Internet Explorer that gets the brunt of the jokes and jabs (in many cases rightly so). However at this year’s Pwn2Own it was Mozilla’s FireFox that got tossed around like a rag doll.

Published in News

There is no such thing as a secure operating system; it is as simple as that. Despite years and years of hearing about how this OS or that OS is secure it is simply not true. We have watched as each new contender has fallen to either security researchers or to the “bad guys” out there in the shadowy places on the internet. Today we hear about an issue with Microsoft’s vaunted EMET toolkit.

Published in News
Page 1 of 3