Latest News
Nmap 7 Released!
Nmap project released Nmap 7 after three years and half development. The new version of Nmap had more 100 contributors and 3,200 code commits since Nmap 6. The new version has 171 Nmap Scripting Engine (NSE) and supports fully IPv6 from host discovery to port scanning to OS detection. … [Read More...]
Apple fixes security vulnerabilities in Safari, OS X, iOS and Apple TV
(LiveHacking.Com) – Apple has released a massive set of security fixes to address vulnerabilities in OS X, iOS, Safari, and Apple TV. The update for OS X is largest of all the patches and addresses 80 unique vulnerabilities. The OS X Yosemite v10.10.3 update is available for OS X Yosemite v10.10 to v10.10.2, while Security Update 2015-004 is available for OS X Mountain Lion v10.8.5 and OS X Mavericks v10.9.5. Of … [Read More...]
The OpenSSL project releases new versions of its software to squash 12 security vulnerabilities
(LiveHacking.Com) – The OpenSSL Project announced on March 16th that it would make a new release of its OpenSSL suite to fix a number security defects. As promised the project published three new versions today, OpenSSL versions 1.0.2a, 1.0.1m, 1.0.0r and 0.9.8zf. The highest severity defect fixed by these releases is classified as High. Before looking at the defects which have been fixed, it is worth noting that … [Read More...]
FREAK vulnerability weakens secure Web sites
(LiveHacking.Com) – FREAK (or 'Factoring attack on RSA-EXPORT Keys') is a newly disclosed vulnerability that can force browsers into using weaker encryption keys. Once the connection is using weaker keys then the traffic can be cracked relatively quickly. This then exposes all the information that was being sent over the secure connection. The vulnerability stems directly from an old U.S. government policy that … [Read More...]
WP-Slimstat vulnerability exposes WordPress websites to SQL injection attacks
(LiveHacking.Com) – A recent security advisory from Sucri has revealed that the popular Wordpress plugin WP-Slimstat is vulnerable to SQL injection attacks because of a weak secret key. If exploited fully the bug could allow hackers to use SQL injection attacks to download sensitive information from a susceptible site's database, including username, and (hopefully) hashed passwords. According to Sucri it could … [Read More...]
Google backpedals on its arbitrary vulnerability disclosure policy
(LiveHacking.Com) – Google has been under fire in the last few weeks for arbitrarily disclosing zero-day vulnerabilities which give hackers the information they need to attack susceptible systems. When Google makes these disclosures it knows full well that it is risking the security and privacy of potentially millions of people. The positive side of these disclosures is that Google guarantees that vendors, like … [Read More...]
Cross Site Scripting vulnerability found in IE 11
(LiveHacking.Com) – A new Cross Site Scripting (XSS) vulnerability has been found in IE 11. According to an email sent by David Leo, a researcher with information security company Deusen, to the Full Disclosure mailing list, the vulnerability can allow an attacker to steal anything from a third party domain, and likewise inject anything into a third party domain. Deusen has also posted a proof of concept which … [Read More...]
Apple updates iOS, OS X and Apple TV in monster patch release
(LiveHacking.Com) – Following Google’s disclose of a number of zero day vulnerabilities in OS X, Apple has released a huge set of patches that fix a range of Critical security problems on OS X, iOS, Apple TV, and Safari. Starting with OS X, Apple’s patches fix 54 separate CVEs including 11 from Google’s Project Zero. Among the fixes are patches for the 3 bugs which Google disclosed last week: An error existed … [Read More...]
Google discloses three more zero-day vulnerabilities, this time for OS X
(LiveHacking.Com) – Google recently came under some heavy criticism when it disclosed a zero-day vulnerability in Windows just days before Microsoft was scheduled to release a fix. Now the search giant as done it again. But this time Google shows that it is truly non-partisan because the disclosures aren't for Windows, but for OS X. The first vulnerability allows an attacker to pass arbitrary commands to the … [Read More...]
Microsoft to fix Windows vulnerability that Google publicly disclosed last week
(LiveHacking.Com) – Microsoft will be issuing a series of security bulletins today (Patch Tuesday) to address security vulnerabilities in its products. One of these fixes will be for a vulnerability that Google intentionally disclosed to the public last week. Security experts at Google found a bug which could allow an attacker to gain elevated privileges on a Windows 8.1 machine. After the vulnerability was found, … [Read More...]