Exploit code for a recently patched denial-of-service vulnerability that affects Microsoft’s ASP.NET web development platform has been published online, therefore increasing the risk of potential attacks. The vulnerability, identified as CVE-2011-3414, was disclosed in December at the Chaos Communication Congress, Europe’s largest and oldest hacker conference. Shortly afterward Microsoft published…
Exploit of Wi-Fi Protected Setup Flaw Poses Risks for Consumers, Not Enterprises
Many home Wi-Fi networks are at risk thanks to an exploit released over the holidays, but enterprise organizations are generally unaffected by the vulnerability. View full post on eSecurityPlanet RSS Feed View full post on National Cyber Security
XSS flaw in WordPress 3.3 – How the smallest things make testing tough
Researchers discovered a cross-site scripting flaw in WordPress 3.3 yesterday that only occurs if you ran the installation with an IP address instead of a domain name. WordPress 3.3.1 is now available to fix the vulnerability. View full post on Naked Security – Sophos View full post on National Cyber…
Microsoft patches dangerous web flaw in double time
Microsoft has issued an out-of-band fix for a vulnerability in its ASP.NET web platform that could allow an attacker to launch a successful DoS attack on a server using a nothing more sophisticated than a stream of 100kb files. Although not yet being exploited in the wild, Microsoft decided the…
Microsoft Releases Emergency Patch for ASP.NET Flaw
The update was released approximately two weeks before the company’s regularly scheduled security update. View full post on eSecurityPlanet RSS Feed View full post on National Cyber Security
‘Duqu’ zero-day Windows flaw patched this week
Microsoft will tomorrow patch the zero-day kernel Word vulnerability exploited by the mysterious Duqu malware, more than a month after its existence was first made public. In a pre-release draft covering the 13 December Patch Tuesday release that excluded helpful security bulletin numbers, Microsoft appears to have slipped in a…
Spanish brickie finds Facebook hacking flaw
A Spanish builder stumbled on an online loophole that enables users to send Facebook messages in other users’ names, prompting an alert by authorities, he said Wednesday. View full post on facebook hacker – Yahoo! News Search Results View full post on National Cyber Security
Unpatched Apache flaw allows access to internal network
IDG News Service – A yet-to-be-patched flaw discovered in the Apache HTTP server allows attackers to access protected resources on internal networks if some rewrite rules are not defined properly. The vulnerability affects Apache installations that operate in reverse proxy mode, a type of configuration used for load balancing, caching…
ISC issues temporary patch for zero-day BIND 9 DNS server flaw
A temporary patch has been released for BIND 9 DNS servers, mitigating a zero-day vulnerability causing server crashes. It’s unclear if exploits are in the wild. <img alt="ISC issues temporary patch for zero-day BIND 9 DNS server flaw, Blog, Server, Flaw, TEMPORARY, issues, zeroday, patch, BIND"height="0" width="0" border="0" style="display:none" src="http://segment-pixel.invitemedia.com/pixel?code=TechBiz…
Secunia offers flaw hunters new hassle-free reporting service
Security management company Secunia is setting itself up as an ‘honest intermediary’ through which independent researchers can report and have security vulnerabilities checked out at no cost. The Secunia Vulnerability Coordination Reward Programme (SVCRP) will offer vulnerability researchers a more flexible scheme through which flaws can be reported, the company…