Over the past week some researchers have published new methods and tools for embedded device hacking and ways to improve blind SQL injection. It will be interesting to see the scope of where embedded device hacking goes, as more devices are getting additional capabilities, that may be coming in exchange for security. Also, the NIST [...]
A proof of concept has been released for one of the vulnerabilities announced in Decembers Microsoft Update. The vulnerability in Message Queuing Service (ms07-065) now has a working proof of concept exploit available to the public. If you have not updated, or do not have automatic updates enabled, please do so. Also, with the recent [...]
Not a lot happening today in vulnerability news. However, a new round of the storm worm has been circulating. This time the emails are coming with “Happy New Years” themes. This one is seems to be pointing to the domain “uhavepostcard.com”. So be wary of any ecards in your inbox.
First it was Trojan firmware on network routers, firewalls and other network appliances. That was followed by attackers installing trojans and malware on USB keys and then dumping them back into those sale bins by the registers. Now, SANS is reporting that a number of digital picture frames sold by retailers were pre-infected with malware, [...]
Groove Virtual Office is reported to have a vulnerable ActiveX control. The vulnerability is a buffer overflow which could potentially allow code execution if an exploit were successful. This vulnerability applies to Groove Virtual Office 3.x, and does not affect the newest version included in Office 2007. At this time there’s no patch, so it [...]
Since MSI is a PCI scanning vendor, we are often included in various RFP/RFQ processes for the purchase of network scanning and assessment services. Over the last couple of years, one problem continually seems to raise its ugly head in RFP after RFP. That issue is the lack of clarity in the RFP. Usually, the [...]
A new book due to be released, details vulnerabilities within Web “2.0″ content. We expect this to create a rise in general knowledge among these web applications. One specific area within the book details , as of yet, unpatched Adobe Flash XSS vulnerabilities. It is speculated that there are thousands of Flash apps out there [...]
Please remind teens, kids and adults who might receive computers for the holidays this year to patch them before general use. They should ensure that software and network firewalls are in place before connecting them to ANY network. They should also ensure that they have anti-malware software that is up to date for any and [...]
Two fairly interesting items tonight: 1) SANS is getting reports that the Storm worm is active again. This time sending messages attempting to draw victims to the “merry christmasdude.com” <take out the space> domain. As of 10:30 PM Eastern tonight, the domain is being flooded with traffic, but appears to be functional. SANS is suggesting [...]
IBM Lotus Domino Web Access is vulnerable to a buffer overflow. An ActiveX control (dwa7.dwa7.1) is responsible for this error. This can be exploited remotely and successful exploitation could result in the execution of arbitrary code. The vulnerability is reported in dwa7W.dll version 7.0.34.1. Users should set the kill bit for this ActiveX control until [...]