Monthly Archives: January 2013

Backdoors Found In Barracuda Networks Gear


January 24, 2013 By
The Vigilant Application Owner

Krebs on Security – (International) Backdoors found in Barracuda Networks gear. Various spam filters, firewalls, and VPN appliances sold by Barracuda Networks contain undocumented backdoor accounts that could be remotely accessed via secure shell (SSH) and are accessible to hundreds of non-Barracuda companies, the vendor acknowledged. Source: http://krebsonsecurity.com/2013/01/backdoors-found-in-barracuda-networks-gear/

Continue reading...

Security Flaws Leave Networked Printers Open To Attack


January 23, 2013 By
The Vigilant Application Owner

InformationWeek – (International) Security flaws leave networked printers open to attack. A security researcher discovered flaws in Hewlitt-Packard’s JetDirect printer networking software which can be used to bypass security controls, disable printers, or reprint previous documents. Source: http://www.informationweek.com/security/vulnerabilities/security-flaws-leave-networked-printers/240146805

Continue reading...

PayPal Addesses Blind SQL Injection Vulnerability After Being Notified By Experts


January 22, 2013 By
The Vigilant Application Owner

Softpedia – (International) PayPal addresses blind SQL injection vulnerability after being notified by experts. About 5 months after being notified by cyber security experts, PayPal has fixed a security flaw on their Web site which was vulnerable to a Blind SQL Injection. Source: http://news.softpedia.com/news/PayPal-Addresses-Blind-SQL-Injection-Vulnerability-After-Being-Notified-by-Experts-323053.shtml

Continue reading...

Critical Security Vulnerability At Amazon Fixed


January 18, 2013 By
The Vigilant Application Owner

The H – (International) Critical security vulnerability at Amazon fixed. The Amazon Web site has fixed a cross-site scripting vulnerability which could have been used to inject malicious JavaScript code which allows 3rd-party access to various elements of a user’s account, including the shopping cart, history, name, and email address associated with the account. Source: […]

Continue reading...

Security Explorations Identifies Two Vulnerabilities In Java 7 Update 11


By
The Vigilant Application Owner

Softpedia – (International) Security explorations identifies two vulnerabilities in Java 7 Update 11. Security Explorations researchers discovered a pair of vulnerabilities in the newest version of Java that can allow attackers to perform – 7 – a complete sandbox bypass. Source: http://news.softpedia.com/news/Security-Explorations-Identifies-Two-Vulnerabilities-in-Java-7-Update-11-322390.shtml

Continue reading...

FAKEM RATs Disguise Their Traffic As Yahoo! Messenger To Avoid Detection


By
The Vigilant Application Owner

Softpedia – (International) FAKEM RATs disguise their traffic as Yahoo! Messenger to avoid detection. A white paper published by Trend Micro detailed the way that a series of remote access trojans known as FAKEM disguises its traffic to appear as that of commonly used applications or HTML to avoid detection. Source: http://news.softpedia.com/news/FAKEM-RATs-Disguise-Their-Traffic-as-Yahoo-Messenger-to-Avoid-Detection-322227.shtml

Continue reading...

Drupal 7.19 and 6.28 Released To Address XSS, Access Bypass Flaws


January 17, 2013 By
The Vigilant Application Owner

Softpedia – (International) Drupal 7.19 and 6.28 released to address XSS, access bypass flaws. The developers of Drupal released Drupal 7.19 and Drupal 6.28, which address a cross-site scripting vulnerability and several access bypass vulnerabilities present in older versions. Source: http://news.softpedia.com/news/Drupal-7-19-and-6-28-Released-to-Address-XSS-Access-Bypass-Flaws-321861.shtml

Continue reading...

Oracle Releases 86 Patches In Its January Critical Patch Update


January 16, 2013 By
The Vigilant Application Owner

Threatpost – (International) Oracle releases 86 patches in its January Critical Patch Update. Oracle released its quarterly Critical Patch Update, which addresses 86 security vulnerabilities in various Oracle products. Source: http://threatpost.com/en_us/blogs/oracle-releases-86-patches-its-january-critical-patch-update-011613

Continue reading...