Hak5 – Building a high performance home router

This was a pretty cool setup.

Posted in Networking | Leave a comment

Apple Releases Security Updates for QuickTime, Safari, Mac EFI, OS X Yosemite, and iOS

Apple has released security updates for QuickTime, Safari, Mac Extensible Firmware Interface (EFI), OS X Yosemite, and iOS. Exploitation of some of these vulnerabilities may allow an attacker to obtain elevated privileges or crash applications.

Available updates include:

  • QuickTime 7.7.7 for Windows 7 and Windows Vista
  • Safari 8.0.7, Safari 7.1.7, and Safari 6.2.7 for OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.3
  • Mac EFI for OS X Mountain Lion v10.8.5 and OS X Mavericks v10.9.5
  • OS X Yosemite 10.10.4 for OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10 to v10.10.3
  • iOS 8.4 for iPhone 4s and later, iPod touch 5th generation and later, and iPad 2 and later

US-CERT encourages users and administrators to review Apple security updates HT204947(link is external), HT204950(link is external),HT204934(link is external), HT204942(link is external), HT204941(link is external) and apply the necessary updates.

Posted in News and Security | Leave a comment

ISC Releases Security Updates for BIND

The Internet Systems Consortium (ISC) has released security updates to address a vulnerability in BIND. Exploitation of this vulnerability may allow a remote attacker to cause a denial of service condition.

Updates available include:

  • BIND 9-version 9.9.7-P1
  • BIND 9-version 9.10.2-P2

Users and administrators are encouraged to review ISC Knowledge Base Article AA-01267 and apply the necessary updates.

Posted in News and Security | Leave a comment

Adobe Releases Security Update for Shockwave Player

Adobe has released a security update to address critical vulnerabilities in Shockwave Player for Windows and Macintosh. Exploitation of these vulnerabilities could allow an attacker to take control of an affected system.

Users and administrators are encouraged to review Adobe Security Bulletin APSB15-17(link is external) and apply the necessary update.

Posted in News and Security | Leave a comment

Microsoft Releases July 2015 Security Bulletin

Microsoft has released 14 updates to address vulnerabilities in Microsoft Windows. Exploitation of some of these vulnerabilities could allow remote code execution or elevation of privileges.

US-CERT encourages users and administrators to review Microsoft Security Bulletins MS15-058 and MS15-065 through MS15-077(link is external) and apply the necessary updates.

Posted in News and Security | Leave a comment

Oracle Releases July 2015 Security Advisory

Oracle has released security fixes to address 193 vulnerabilities as part of its quarterly Critical Patch Update. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

Users and administrators are encouraged to review the Oracle July 2015 Critical Patch Update(link is external) and apply the necessary updates.

Posted in News and Security | Leave a comment

OpenSSL Releases Security Advisory

OpenSSL has released updates to address a vulnerability that could impact proper certificate verification. A remote attacker could ‘issue’ invalid certificates that pass validation by affected versions.

Updates available include:

  • OpenSSL 1.0.2d for 1.0.2b/1.02c users
  • OpenSSL 1.0.1p for 1.0.1n/1.0.1o users

Users and administrators are encouraged to review the OpenSSL Security Advisory and apply the necessary updates.

Posted in News and Security | Leave a comment

VMware Releases Security Advisory

VMware has released security updates to address a host privilege escalation vulnerability in VMware Workstation, Player and Horizon View Client for Windows. Exploitation of this vulnerability may allow an attacker to escalate privileges on an affected VMware system.

Updates available include:

  • VMware Workstation 11.1.1
  • VMware Workstation 10.0.7
  • VMware Player 7.1.1
  • VMware Player 6.0.7
  • VMware Horizon Client for Windows (with Local Mode Option) 5.4.2

Users and administrators are encouraged to review the VMware Security Advisory VMSA-2015-0005(link is external) and apply the necessary updates.

Posted in News and Security | Leave a comment

July 2015 Patch Microsoft, Adobe, and Oracle introduce Security Patches for Zero Day Vulnerabilities

Microsoft addressed the recently discovered zero-day vulnerability in Internet Explorer that also emerged from the Hacking Team leak. The said vulnerability, covered in MS15-065 and rated as ‘critical’, could allow attackers to take control of the system once successfully exploited.  In addition, a proof-of-concept (PoC) code has been spotted by one of our threats researchers. All in all, Microsoft released a total of 14 security bulletins, 4 of which are tagged as ‘critical’ and the rest as ‘important’.

Adobe has also rolled out its security patches to fix the recent slew of  Flash zero-day vulnerabilities that also came out of the Hacking team leak.  Both Adobe Flash Player zero-day vulnerabilities assigned with CVE-2015-5122 and CVE-2015-5123 respectively can allow an attacker to take control of the affected system once successfully exploited.  Our researchers are continuously monitoring any vulnerabilities and exploits that may arise from the whopping 440GB of leaked emails from Hacking team.

Oracle also joined the bandwagon and released its own security updates to fix the Java zero-day exploit(designated with CVE-2015-2590), which was the first in nearly two years.  This zero-day exploit was used in the targeted attack campaign, Operation Pawn Storm that often hit military and defense contractors from the US and its allies among others.  Oracle’s patch update also contains fixes to address the other 193 new vulnerabilities.


							
Posted in News and Security | Leave a comment

An end to Flash as Firefox blocks it over hacking holes?

Adobe’s Flash blocked by mainstream browser over critical security bugs actively exploited by hackers, as calls for its decommissioning rise.

966

 

Mozilla has blocked every version of Adobe’s Flash plugin from running within its Firefox browser, while Facebook’s head of security has called for Adobe to kill it off.

The moves come following a series of vulnerabilities in Flash being actively exploited, including those exposed by the Hacking Team compromise.

Firefox users seeking to view Flash-based content, such as videos, adverts or more complex web tools for uploading images and other actions, will need to click again and accept a warning that “Flash is known to be vulnerable. Use with caution”.

That means users of Firefox cannot use Flash by default and will not be able to until Adobe patches the security bugs and updates the plugin. Adobe has struggled to keep up with the number of bugs and vulnerabilities being exposed within Flash.

At the same time, Facebook’s head of security Alex Stamos, who is previously credited with significantly improving the security of Yahoo’s operations, called for Flash to be killed off.

Stamos said that a date for the decommissioning of Flash needed to be set in stone so that the industry has time to switch away from the much maligned plugin.

“Nobody takes the time to rewrite their tools and upgrade to HTML5 because they expect Flash to live forever. We need a date to drive it,” said Stamos.

Many alternatives have been made available to replace Flash. Several high-profile video streaming services, including Sky TV and Netflix switched to Microsoft’s Silverlight instead of Flash. Even Silverlight, however, has been rejected by browsers including Google’s Chrome, forcing others to use HTML5.

The move towards using native HTML5 for the majority of Flash uses has been welcomed by most, although some services that require digital rights management to secure licences have resisted the move.

Should Facebook ditch Flash wholesale, which is still used by some of the games and apps published on the social network by third-party publishers and a few of its own upload tools, it would send a powerful message.

The majority of the large US technology companies, including Google and Apple, which famously blocked Flash from existing on its iPhone and iPad, have moved towards more modern and secure technologies.


							
Posted in News and Security | Leave a comment