'Critical' security bugs dating back to 1987 found in X Window

27-year-old flaw and others slain in open-source patch batch X.org, which develops the open-source X Window System for Linux and other Unix-y desktops, has warned security flaws have been discovered in the code – and some of them have been hanging around for 27 years. The bugs can be exploited by applications to crash the window system, or ... Read More »

15th Dec 2014
RIG Exploit Kit Used in Drupal CMS Exploit Incidents

The public disclosure of a critical SQL injection vulnerability affecting all builds of Drupal 7, save for the last one, gave way to increased cybercriminal activity leveraging the RIG Exploit Kit to compromise website visitors through drive-by download attacks. The bad actors would rely on a simple redirect method via an iframe injected into the ... Read More »

5th Nov 2014
Attackers Abuse UPnP Devices in DDoS Attacks, Akamai Warns

Researchers at Akamai Technologies have issued a warning about a spate of distributed denial-of-service attacks being launched via Universal Plug and Play (UPnP) devices.   According to Akamai's Prolexic Security Engineering & Response Team (PLXsert), there has been a spike in reflection and amplification distributed ... Read More »

18th Oct 2014
Drupal Fixes Highly Critical SQL Injection Flaw

Drupal has patched a critical SQL injection vulnerability in version 7.x of the content management system that can allow arbitrary code execution. The flaw lies in an API that is specifically designed to help prevent against SQL injection attacks. “Drupal 7 includes a database abstraction API to ensure that queries executed against the ... Read More »

17th Oct 2014
Joomla Re-Issues Security Update After Patches Glitch

Users of the Joomla content management system have been on a patching roller coaster the past 24 hours with one set of patches for critical vulnerabilities being pulled last night before being re-issued today. The Joomla update, bringing the CMS up to version 3.3.6, is a security update addressing a high priority remote file inclusion ... Read More »

1st Oct 2014
Drupal Patches XSS Vulnerability in Spam Module

Drupal released an update that patches a cross-site scripting vulnerability in a popular spam and content moderation module used by websites built on the open source CMS. The vulnerability was in a feature of the Mollom module that is installed on at least 60,000 sites, said Drupal security team volunteer Greg Knaddison, director of ... Read More »

19th Sep 2014
THREE QUARTERS of Android mobes open to web page spy bug

A Metasploit module has been developed to easily exploit a dangerous flaw in 75 percent of Android devices that allows attackers to hijack a users' open websites. The exploit targets vulnerability (CVE-2014-6041) in Android versions 4.2.1 and below and was disclosed without fanfare on 1 September, but had since gathered dust, ... Read More »

18th Sep 2014
Archie Exploit Kit Targets Adobe, Silverlight Vulnerabilities

A relatively new exploit kit that borrows modules copied from the Metasploit Framework and exploits any older versions of Adobe Flash, Reader and, Silverlight the user may be using has begun to make the rounds. Jaime Blasco, the director of AlienVault Labs dug deeper into kit, known as Archie, on the company’s blog ... Read More »

18th Sep 2014
Macro based malware is on the rise

Malware authors have a rediscovered their love for Visual Basic, as the percentage of macro based malware rose from around 6% of all document malware in June to 28% in July, Sophos researchers have found.Gabor Szappanos, principal researcher at SophosLabs, explained in a paper published earlier this year the advantages of Visual Basic ... Read More »

18th Sep 2014
470 million sites exist for 24 hours, 22% are malicious

Blue Coat researchers analyzed more than 660 million unique hostnames requested by 75 million global users over a 90-day period. They found that 71 percent of the hostnames, or 470 million, were “One Day Wonders,” sites that appeared only for a single day.The largest generators of these sites include organizations that have a ... Read More »

9th Sep 2014