Monthly Archives: March 2013
PostgreSQL to release a highly critical Security fix
The PostgreSQL Global Development Group will be releasing a new security update for all versions on Thursday April 4th, 2013. This release will include a fix for a high-exposure security vulnerability and all users are strongly urged to apply the
Scylla – Framework for Penetration Testing
Scylla is another tool that you can use for penetration testing protocols used by different applications. Scylla works with three basic stages, the pre-hack stage where the tool can readily obtain information about the remote application without resorting to brute-force
South Korean Malware Infects, Wipes MBR
South Korean company NSHC have released more information about the software tools that have been used for attacks March 20, 2013 against banking systems and media in South Korea. The computer networks of three broadcasters and two banks froze at
Trend Micro Warns of Attacks Against ICS/SCADA Systems
At Blackhat Europe 2013 in Amsterdam security researcher at Trend Micro revealed a collaborative honeypot project with Scada security team that was running fake ICS/Scada devices used in many critical infrastructure power and water plants. The honeypot were optimized and
Microsoft Patch Tuesday: Microsoft fixes critical flaws in IE
Microsoft about to release a bunch of security patches for windows operating system. Seven patches are coming to fix four critical vulnerabilities that allow an attacker to execute malicious program on remote system by redirecting victims to a malicious website.
SUDO Auth Bypass Vulnerability
Authentication bypass vulnerability has been discovered in sudo utility, the affected versions are Sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 inclusive. The security bug allows an attacker with a physical access to run commands without user’s password. UNIX sudo
Evernote warns of possible security breach
One of the popular online services Evernote has been hacked this week. Unknown attacker gained access to a database for email addresses and passwords. The sensitive information is not yet published but it is always possible that attacker publish the
