RSS Reader for Computer Security Articles
Credit to Author: BrianKrebs| Date: Tue, 09 Jan 2018 18:48:04 +0000
Overstock.com (NASDAQ:OSTK) just fixed a serious glitch in the Coinbase bitcoin payment section of its site that allowed customers to buy any item at a tiny fraction of the listed price. Potentially more punishing, the flaw let anyone paying with bitcoin reap many times the authorized bitcoin refund amount on any canceled orders.
Read More
Credit to Author: SSD / Maor Schwartz| Date: Mon, 08 Jan 2018 06:21:27 +0000
Vulnerability Summary The following advisory describes an unauthenticated persistent XSS that leads to unauthorized root access found in Sophos XG version 17. Sophos XG Firewall “provides unprecedented visibility into your network, users, and applications directly from the all-new control center. You also get rich on-box reporting and the option to add Sophos iView for centralized … Continue reading SSD Advisory – Sophos XG from Unauthenticated Persistent XSS to Unauthorized Root Access
Read More
Credit to Author: SSD / Noam Rathaus| Date: Mon, 08 Jan 2018 06:15:57 +0000
In our post found here: https://blogs.securiteam.com/index.php/archives/3616, we hid a challenge. The challenge was split into two parts: 1. Finding it 2. Solving it Finding it wasn’t very hard, the challenge was hidden inside the image, it wasn’t anything fancy, just inside the image you had a zip file appended to the end of the file: … Continue reading Happy New Year 2018 – Challenge Solution
Read More
Credit to Author: Jonny Evans| Date: Mon, 08 Jan 2018 07:06:00 -0800
Even while we accept that coding skills are key to some future employment, Apple is under some pressure to improve parental controls to help prevent children from becoming hooked on their phones. Apple already provides some protection parents can use to limit their children’s smartphone use. Here’s what you need to know:
Apple has similar controls for iPads, iPhones, Macs and the Apple TV. Apple calls these Restrictions, and you can use them to block or limit apps and features that children can access on their device. Among other things, these tools can restrict use of Safari, the camera, Siri, FaceTime, AirDrop, CarPlay and individual apps. You can also prevent others from deleting apps, making in-app purchases, playing multiplayer games. Privacy settings let you control things like location services, contacts, calendars, reminders and share my location, and you can also apply account-related protections.
Host Steve Ragan unpacks the latest news about Chinese company DJI's bug bounty program, plus new developments in video surveillance and more, with Fahmida Rashid.
Credit to Author: Woody Leonhard| Date: Mon, 08 Jan 2018 05:28:00 -0800
Microsoft’s hasty Meltdown/Spectre patches, released late on Jan. 4, have started baring their fangs. Complaints about Win10 Fall Creators Update cumulative update KB 4056892 and Win7 Monthly Rollup KB 4056894 resulting in blue screens — particularly on AMD Athlon, Sempron, Opteron and Turion processors — started appearing shortly after the patches were released.
Credit to Author: SSD / Maor Schwartz| Date: Sun, 07 Jan 2018 06:28:24 +0000
漏洞概要 以下安全公告描述了在D-Link DSL-6850U BZ_1.00.01 – BZ_1.00.09中的发现的两个漏洞。 D-Link DSL-6850U是一款“以色列Bezeq制造的路由器”,在这款路由器中发现的漏洞是: 默认凭证 远程命令执行 漏洞提交者 一位独立的安全研究人员向 Beyond Security 的 SSD 报告了该漏洞 厂商响应 Bezeq在6月9日被告知了这个漏洞,并且发布了补丁来解决这些漏洞。 漏洞详细信息 该设备定制的固件存在以下问题: 默认启用远程Web管理 不能禁用默认帐户 默认凭证 默认帐户用户名是:support 密码是:support 远程命令执行 shell界面只允许执行一组内置命令,但是你可以通过’&’ ‘||’ 插入命令到shell: [crayon-5a529cda84c8f912287642/] 上述命令执行后返回一个BusyBox shell
Read More
Credit to Author: Gregg Keizer| Date: Sat, 06 Jan 2018 12:58:00 -0800
Amid the panicked response this week to the news of significant, though not-yet-exploited, vulnerabilities in the vast bulk of the world’s microprocessors, it went almost unnoticed that most browser makers responded by updating their wares in the hope of fending off possible web-based attacks.
The Google-driven revelations – it was members of the search firm’s Project Zero security team who identified the multiple flaws in processors designed by Intel, AMD and ARM – were to go public next week, on Jan. 9, this month’s Patch Tuesday. At that time, a coordinated effort by multiple vendors, from OS developers to silicon makers, was to debut with patches to protect, as best could be done without replacing the CPU itself, systems against flaws grouped under the umbrella terms of Meltdown and Spectre. That plan went out the window when leaks started to circulate earlier this week.