Earlier this month, security outfit FireEye’s 'FireEye as a Service' researchers out in Singapore [discovered and reported](https://www.fireeye.com/blog/threat-research/2015/06/operation-clandestine-wolf-adobe-flash-zero-day.html) on a phishing campaign that was found to be exploiting a zero-day in Adobe Flash Player vulnerability (CVE-2015-3113). That campaign has been well and truly active for a while now, with attacking emails including links to compromised sites serving up benign content if you are lucky and a malicious version of the Adobe Flash Player complete with the exploit code if you are not. Adobe has now [responded with a security update](https://helpx.adobe.com/security/products/flash-player/apsb15-14.html) with the following recommendations: Users of the Adobe Flash Player Desktop …

Member Avatar
Member Avatar
+2 forum 1

So it seems that an Internet Explorer zero day vulnerability allowed the back door to be opened that resulted in the [URL="http://www.daniweb.com/news/story252590.html"]hack attack on Google[/URL] and many others that has received such publicity this week. According to [URL="http://siblog.mcafee.com/cto/operation-%E2%80%9Caurora%E2%80%9D-hit-google-others/"]McAfee[/URL] it has identified an Internet Explorer vulnerability as being one of the attack vectors but the security vendor also warns that targeted attacks such as this often use "a cocktail of zero-day vulnerabilities combined with sophisticated social engineering scenarios" so it is possible, likely even, that other as yet unidentified attack vectors were also involved. However, McAfee dismisses some early reports which …

Member Avatar
Member Avatar
+0 forum 4

Hello, I am curious about how to root an Android phone without using any one click methods. A Google search returns only how to use programs to do this for you. Obviously there is a security vulnerability that is exploited, but I'd like to know in detail how this is done. Thanks, Cheeve

Member Avatar
Member Avatar
+0 forum 3

FireEye security researchers are warning that they have [detected a new zero-day vulnerability](http://blog.fireeye.com/research/2013/02/yaj0-yet-another-java-zero-day-2.html) that is being used successfully in the wild against browser clients with both Java 6u41 and Java 7u15 installed. Given that the Java 7 update was only released a couple of weeks ago, this is yet more bad news for Oracle and for users of the Java browser plug-in. bad news, but not exactly surprising as security researchers have been finding flaws in the update since it was made available. The difference here is that this isn't just a lab-based, theoretical, vulnerability: this is, it would appear, …

Member Avatar
Member Avatar
+3 forum 11

Reports are coming in thick and fast about 'state-sponsored' zero-day exploits hitting business websites in the UK. The latest, disclosed yesterday by [SophosLabs](http://nakedsecurity.sophos.com/2012/06/20/aeronautical-state-sponsored-exploit/), involves an as yet unnamed European aeronautical parts supplier and follows on from another the day before involving a European medical company site. In both cases the same unpatched vulnerability in Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 that can allow remote code execution, as detailed in [Microsoft Security Advisory 2719615](http://technet.microsoft.com/en-us/security/advisory/2719615) appears to have been successfully exploited. ![dweb-fixit01](/attachments/small/0/dweb-fixit01.jpg "align-right") The vulnerability impacts users of all currently supported versions of Windows including Windows 7, as well …

Member Avatar
Member Avatar
+1 forum 3

Last week saw the discovery of YAJE: Yet Another Java Exploit. Sadly, Java vulnerabilities are neither new nor uncommon and the bad guys are quick to exploit them in the wild. Some claim that Oracle is in too much of a rush to extricate itself from this unholy mess and while being quick to patch whatever vulnerability is currently making the media headlines is still leaving far too many insecurities in the software unfixed. But does that mean it's time to give up on Java? ![dweb-java01](/attachments/small/0/dweb-java01.jpg "align-right") AlienVault's Head of Labs, Jaime Blasco, reproduced the latest exploit in a previously …

Member Avatar
Member Avatar
+3 forum 6

An in-the-wild exploit targeting a vulnerability with Java 7 has led to security experts the world over warning users to disable the Java plug-in for their browser clients at the very least, and preferably uninstall Java altogether. The CVE-2012-4681 vulnerability, comprising two flaws, along with a couple of other 'related vulnerabilities' has now been patched by Oracle which strongly recommends users apply the updates as soon as possible. Security Explorations, the Polish security company that first notified Oracle about the vulnerabilities many weeks ago, is less convinced. ![javasec7](/attachments/small/0/javasec7.jpg "align-right") It would appear that the company has found another vulnerability in …

Member Avatar
Member Avatar
+0 forum 4

If you are a user of Adobe Flash, be sure to apply the latest security update if you want to avoid becoming part of an in-the-wild attack exploiting a vulnerability which currently seems to be exploiting users of Internet Explorer on the Windows platform only. Adobe has, however, issued an [emergency security patch](https://www.adobe.com/support/security/bulletins/apsb12-09.html) for Android, Linux and Mac users as well as those with Windows which kind of suggests it could be indicative of a wider problem with the software. ![dweb-flash](/attachments/small/0/dweb-flash.jpg "align-right") Adobe is recommending that any users of Flash Player v11.2.202.233 and earlier for Windows, Mac and Linux should …

Member Avatar
Member Avatar
+0 forum 1

Hi, a question about stand-alone Java applications that do not have a background DB. In our Uni class we were asked to build a very small application using JOptionPane methods such as "showInputDialog". The application asks for users name and birthdate and at the end displays a summary of these to the user. The values entered by the user is fed to a variable of type String. After building this tiny app I am wondering if there is a way to feed it any characters that would cause it to crash. It does not seem to react to much of …

Member Avatar
Member Avatar
+0 forum 3

when i try to use the exploit (ms08_067_netapi) with many payloads i get the same error everytime on any pc even mine [*]automatically detecting the target... [*]fingerprint windows 7 professional 7601 service pack-(build 1)-lang:unkown [*]we could not detect the language pack defaulting to english [*]exploit exception no matching target [*]exploit completed but no session was created help please

Member Avatar
+0 forum 0

[ATTACH=RIGHT]16747[/ATTACH]Sony’s impenetrable fortress, a.k.a, the PlayStation 3, has been compromised. OzModChips.com just announced their version of a “jailbreak” for the PS3. What they claim to have is a plug-and-play modchip in the form of a USB stick. When plugged into the PS3, it allows an impressive amount of access into the system, most important of all, the ability to backup your retail PS3 discs onto a USB hard-drive, and subsequently, play the backups without the retail disc in the system. Does it really work? Have the hackers really found a way to exploit a weakness in the PS3? Well, it’s …

Member Avatar
Member Avatar
+2 forum 2

Many of the biggest forum-based online communities, including DaniWeb, are powered by vBulletin software. So it came as something of a shock when the BBC reported that a [URL="http://www.bbc.co.uk/news/technology-10714192"]vBulletin security flaw means that any hacker could "easily access the main administrator username and password for a site"[/URL]. But is the security flaw really both that simple and that serious, and are DaniWeb users at risk? [attach]16094[/attach]Let's answer the most important question first: No, DaniWeb users are not and have never been at risk from this security flaw as it only impacted upon a specific new version of vBulletin that was …

Member Avatar
Member Avatar
+1 forum 1

The good news is that security savvy Windows users will, more than likely, have already disabled the AutoRun and AutoPlay features. The bad news is that a new zero-day vulnerability could care less, and executes automatically anyway. [attach]15918[/attach]The zero-day vulnerability in question was first spotted by Sergey Ulase, a researcher with security vendor VirusBlokAda, who when [URL="http://anti-virus.by/en/tempo.shtml"]talking about some new malware samples he had been analysing noted[/URL] "You should take into consideration that virus infects Operation System in unusual way through vulnerability in processing lnk-files (without usage of autorun.inf file). So you just have to open infected USB storage device …

Member Avatar
+0 forum 0

File under FAIL: social network widget maker RockYou has fallen victim to a SQL injection flaw and as a result some 32.6 million users are being urged to change their passwords as a matter of urgency. Security specialists Imperva discovered the problem at social networking development site Rockyou.com and issued a warning to users of its applications earlier this week. "Rockyou.com is not just any software site. Since its creation in 2006, it's become the hub for many social networking sites such as Bebo, Facebook and Myspace, to mention but a few" said Amichai Shulman, Imperva CTO. Shulman claimed that …

Member Avatar
Member Avatar
+1 forum 2

I just had a Jaws moment. You know, you think it is safe to go back in the water and then a bloody great shark bites your legs off. Except in this case you can replace the sea with the Internet and the shark with the [URL="http://www.daniweb.com/blogs/entry4339.html"]equally dangerous Gumblar[/URL]. According to the [URL="http://www.scansafe.com/gtr"]latest ScanSafe numbers[/URL], Gumblar was responsible for a whopping 29% of all the web malware blocks it saw during October. Gumblar, in case you were wondering, is the collective name for a family of website compromises which are particularly nasty. Using a variety of routes to infection, Gumblar …

Member Avatar
+0 forum 0

Over the weekend news broke that a worm had started infecting Jailbroken iPhones in Australia. Nobody really took the exploit too seriously as all the 'ikee worm' did was change the phone wallpaper to a picture of 80's pop singer Rick Astley in a kind of warped tribute to the RickRolling Internet meme of last year. However, [URL="http://www.itpro.co.uk/blogs/daveyw/2009/11/08/warning-iphone-worm-starts-rickrolling/"]I warned[/URL] at the time that "as code variants continue to appear it is only a matter of time, and probably not that much of it, before a malicious party uses it to deliver a payload that is a whole lot more troublesome …

Member Avatar
Member Avatar
+2 forum 1

Odd isn't it, how Microsoft kicked up a fuss when Google announced the Chrome plugin for Internet Explorer on the grounds that it could make the browser more insecure. Indeed, it went as far as to suggest that it doubled the potential surface area for malware and scripted attacks. Yet, amazingly, Microsoft sees no such problem with installing a plugin into the Firefox browser. What's more it is installed without asking the permission of the user and, he says with more than a hint of irony, it left Firefox vulnerable to a drive-by exploit. This is nothing new, as those …

Member Avatar
Member Avatar
+1 forum 5

[URL="http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/"]Multiple arbitrary code execution vulnerabilities in Ruby[/URL] have been revealed by the [URL="http://www.apple.com/support/security/"]Apple Product Security[/URL] team which could lead to Denial of Service attacks. A total of five vulnerabilities have been reported, with versions impacted being: [INDENT]1.8.4 and all prior versions 1.8.5-p230 and all prior versions 1.8.6-p229 and all prior versions 1.8.7-p21 and all prior versions 1.9.0-1 and all prior versions[/INDENT] Upgrading to either 1.8.5-p231, 1.8.6-p230, 1.8.7-p22 or 1.9.0-2 is recommended. This is, of course, of particular interest to Apple as its Mac OS X Leopard comes complete with a Ruby on Rails web development framework. For an in-depth examination …

Member Avatar
+1 forum 0

[URL="http://www.itpro.co.uk/news/187851/apple-iphone-vulnerable-through-safari.html"]According to IT Pro[/URL] the Apple iPhone is vulnerable to Denial of Service attacks. These can occur when an iPhone user opens a JavaScript containing HTML page which triggers the vulnerability. An application Denial of Service attack can then crash the Safari browser on the phone, and quite possibly the iPhone itself. The vulnerability actually lies with the Safari web browser that is used within the latest version 1.1.4 of the Apple iPhone software, and has been uncovered by integrated application delivery solutions outfit [URL="http://www.radware.com"]Radware[/URL] which funnily enough is also offering a solution in the form of its own Security …

Member Avatar
Member Avatar
+0 forum 1

Computerworld is [URL="http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9071638&source=rss_news6"]reporting the possibility[/URL] of a worm or bot in the wild that is specifically targeting D-Link branded routers. It refers to a three year old vulnerability which Symantec security researchers believe is being exploited by a new exploit. Apparently, the Symantec security response team has seen an increase in attack activity as it relates to D-Link devices. Oliver Friedrichs, director of the Symantec security response team, is quoted as saying that it looks like hackers are "exploiting the SNMP vulnerability to reset and reconfigure the administrative password on the routers" after scanning TCP port 23 for an active …

Member Avatar
+0 forum 0

According to [URL="http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9070840&intsrc=hm_list"]reports[/URL] it would appear that Microsoft has confirmed the presence of a critical vulnerability which impacts upon users of MS Word for Windows 2000, XP and Server 2003 SP1. Shame it has taken many weeks for Microsoft to admit this, and only after a second security vendor recently discovered in the wild exploits. The vulnerability exploits bugs in the Microsoft Jet Database Engine, Jet.dll, and Symantec has stated that the attacks have been described by its own Security Response team as using malicious Word 2000, 2002, 2003 and 2007 documents to call the Windows component. Another security outfit, …

Member Avatar
+0 forum 0

[URL="http://www.kaspersky.com/"]Kaspersky Lab[/URL] has released its latest Malware Evolution [URL="http://www.viruslist.com/en/analysis?pubid=204791907"]report[/URL], covering the period between June and September 2006 and, as usual, it makes for interesting reading. Alexander Gostev, Senior Virus Analyst, Kaspersky Lab comments that the first six months of 2006 was “notable for the complexity of the technologies which antivirus companies had to deal with, a large number of new proof of concept programs, and the ever increasing interest shown by hackers in Microsoft Office.” While there was no great exploit epidemic during this latest quarter, nor any new proof of concept viruses for that matter, or even much activity …

Member Avatar
Member Avatar
+0 forum 1

Microsoft has issued an [URL="http://www.microsoft.com/technet/security/advisory/927709.mspx"]advisory [/URL]warning about a Visual Studio 2005 vulnerability in the WMI Object Broker ActiveX control, part of WmiScriptUtils.dll which could allow remote arbitrary code execution. The WMI Object Broker ActiveX control will circumvent the ActiveX security model, because it is marked as being ‘safe for scripting’ which should mean that it will not do anything that could damage the system or weaken security. Which should mean that it is safe from being controlled by a web page script calling its methods. Shoulda, woulda coulda. As [URL="http://www.kb.cert.org/vuls/id/854856"]US-CERT[/URL] explain “the WMI Object Broker ActiveX control includes a method …

Member Avatar
+0 forum 0

The End.