Sunday, March 29, 2026
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

Independent

IndependentSecuriteam
admin

SSD Advisory – CloudMe Unauthenticated Remote Buffer Overflow

Credit to Author: SSD / Noam Rathaus| Date: Sun, 11 Feb 2018 07:06:24 +0000

The following advisory describes one (1) vulnerability found in CloudMe. CloudMe is “a file storage service operated by CloudMe AB that offers cloud storage, file synchronization and client software. It features a blue folder that appears on all devices with the same content, all files are synchronized between devices.” The vulnerability found is a buffer … Continue reading SSD Advisory – CloudMe Unauthenticated Remote Buffer Overflow

Read More
IndependentSecuriteam
admin

SSD Advisory – Hack2Win – Cisco RV132W Multiple Vulnerabilities

Credit to Author: SSD / Maor Schwartz| Date: Sun, 11 Feb 2018 06:10:03 +0000

Vulnerabilities Summary The following advisory describes two (2) vulnerabilities found in Cisco RV132W Wireless N VPN version 1.0.1.8 The Cisco RV132W Wireless-N ADSL2+ VPN Router is “easy to use, set up, and deploy. This flexible router offers great performance and is suited for small or home offices (SOHO) and smaller deployments.” The vulnerabilities found are: … Continue reading SSD Advisory – Hack2Win – Cisco RV132W Multiple Vulnerabilities

Read More
ComputerWorldIndependent
admin

Governments eye their own blockchain cryptocurrencies

Credit to Author: Lucas Mearian| Date: Fri, 09 Feb 2018 03:11:00 -0800

Last year’s blockchain pilot projects are rapidly becoming this year’s live implementations in a variety of industries, and even sectors that have until now been vexed by the distributed ledger technology are following suit.

Case in point: Governments, which are moving to regulate blockchain technology and the cryptocurrencies it underpins.

Cryptocurrencies such as bitcoin that live in open networks, have so far inhabited a  regulatory gray area, because there’s no way for a central authority to track users. The distributed ledgers, however, are useful because they can enable cross-border transactions over peer-to-peer networks in real time, anywhere in the world – without a central governing authority such as a bank or credit card company.

To read this article in full, please click here

Read More
IndependentSecuriteam
admin

SSD Advisory – Multiple IoT Vendors – Multiple Vulnerabilities

Credit to Author: SSD / Maor Schwartz| Date: Thu, 08 Feb 2018 08:02:43 +0000

Vulnerabilities summary The following advisory describes three (3) vulnerabilities found in the following vendors: Lorex StarVedia Eminent Kraun The vulnerabilities found: Hard-coded credentials Remote command injection (2) It is possible to chain the vulnerabilities and to achieve unauthenticated remote command execution. Credit An independent security researcher, Robert Kugler (https://www.s3cur3.it), has reported this vulnerabilities to Beyond … Continue reading SSD Advisory – Multiple IoT Vendors – Multiple Vulnerabilities

Read More
IndependentKrebs
admin

U.S. Arrests 13, Charges 36 in ‘Infraud’ Cybercrime Forum Bust

Credit to Author: BrianKrebs| Date: Thu, 08 Feb 2018 18:04:22 +0000

The U.S. Justice Department announced charges on Wednesday against three dozen individuals thought to be key members of ‘Infraud,” a long-running cybercrime forum that federal prosecutors say cost consumers more than a half billion dollars. In conjunction with the forum takedown, 13 alleged Infraud members from the United States and six other countries were arrested. Started in October 2010, Infraud was short for “In Fraud We Trust,” and collectively the forum referred to itself as the “Ministry of Fraudulently [sic] Affairs.” As a mostly English-language fraud forum, Infraud attracted nearly 11,000 members from around the globe who sold, traded and bought everything from stolen identities and credit card accounts to ATM skimmers, botnet hosting and malicious software.

Read More
IndependentSecuriteam
admin

SSD安全公告-GitStack未经验证的远程代码执行漏洞

Credit to Author: SSD / Maor Schwartz| Date: Tue, 06 Feb 2018 08:44:21 +0000

漏洞概要 以下安全公告描述了在GitStack中存在的一个未经身份验证的动作,允许远程攻击者添加新用户,然后用于触发远程代码执行。 GitStack是一个可以让你设置你自己私人Git服务器的软件。 这意味着你可以创建一个没有任何内容的版本控制系统。GitStack可以非常容易的保持你的服务器是最新的。它是真正Git for Windows,并与任何其他Git客户端兼容。GitStack对于小团队来说是完全免费的。 漏洞提交者 一位独立的安全研究人员 Kacper Szurek向 Beyond Security 的 SSD 报告了该漏洞 厂商响应 自2017年10月17日起,我们多次尝试联系GitStack,已经收到回应,但未提供有关解决方案或解决方法的详细信息。 CVE:CVE-2018-5955 漏洞详细信息 用户可控的输入没有经过充分的过滤,未经身份验证的攻击者可以通过发送以下POST请求在GitStack服务器中添加新用户: [crayon-5a7a29f09ace6671375808/] 一旦攻击者将用户添加到服务器,他就可以启用web repository功能。 现在,攻击者可以从远程创建一个repository,并禁止其他人访问我们新的repository。 在repository中,攻击者可以上传后门并使用它来执行代码: 漏洞证明 [crayon-5a7a29f09acf2853583590/]

Read More
IndependentKrebs
admin

Would You Have Spotted This Skimmer?

Credit to Author: BrianKrebs| Date: Tue, 06 Feb 2018 14:53:42 +0000

When you realize how easy it is for thieves to compromise an ATM or credit card terminal with skimming devices, it’s difficult not to inspect or even pull on these machines when you’re forced to use them personally — half expecting something will come detached. For those unfamiliar with the stealth of these skimming devices and the thieves who install them, read on.

Read More