Monthly Archives: March 2013

PostgreSQL to release a highly critical Security fix

The PostgreSQL Global Development Group will be releasing a new security update for all versions on Thursday April 4th, 2013. This release will include a fix for a high-exposure security vulnerability and all users are strongly urged to apply the

Scylla – Framework for Penetration Testing

Scylla is another tool that you can use for penetration testing protocols used by different applications. Scylla works with three basic stages, the pre-hack stage where the tool can readily obtain information about the remote application without resorting to brute-force

South Korean Malware Infects, Wipes MBR

South Korean company NSHC have released more information about the software tools that have been used for attacks March 20, 2013 against banking systems and media in South Korea. The computer networks of three broadcasters and two banks froze at

Trend Micro Warns of Attacks Against ICS/SCADA Systems

At Blackhat Europe 2013 in Amsterdam security researcher at Trend Micro revealed a collaborative honeypot project with Scada security team that was running fake ICS/Scada devices used in many critical infrastructure power and water plants. The honeypot were optimized and

Microsoft Patch Tuesday: Microsoft fixes critical flaws in IE

Microsoft about to release a bunch of security patches for windows operating system. Seven patches are coming to fix four critical vulnerabilities that allow an attacker to execute malicious program on remote system by redirecting victims to a malicious website.

SUDO Auth Bypass Vulnerability

Authentication bypass vulnerability has been discovered in sudo utility, the affected versions are Sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 inclusive. The security bug allows an attacker with a physical access to run commands without user’s password. UNIX sudo

Evernote warns of possible security breach

One of the popular online services Evernote has been hacked this week. Unknown attacker gained access to a database for email addresses and passwords. The sensitive information is not yet published but it is always possible that attacker publish the