Clik here to view.
Gawker Roadkill? How To Find Out and Recover
No Yes CLARIFICATION: This story corrects information concerning the availability of the stolen account names and passwords online. Millions of Web users are waking up to news that broke over the...
View ArticleTectia SSH Server Remote Authentication Bypass Exploit Published
UPDATE--Unix and Linux versions of Tectia SSH server as well as the open source versions of Free FTPD and FreeSSHD for Windows are vulnerable to a critical remote authentication bypass exploit...
View ArticleClik here to view.
Incomplete Java Patch Paved Way for Latest Zero Day Mess
The exploit targeting the latest zero-day vulnerability in the Java platform is dropping ransomware, and has been found in another exploit kit. Security experts, including U.S.-CERT last night, advise...
View ArticleMixed Reviews on Oracle’s Java Security Update
Oracle is working hard to restore some faith in the security of the Java browser plug-in with a number of enhancements announced yesterday, specifically to in-house code testing, as well as policy...
View ArticleOracle Addresses Java’s Symptoms, But Doesn’t Cure Sickness
For all of Oracle’s bluster last Thursday about Java security enhancements, next to nothing was said about the real issue behind months of misery this year: the Java sandbox. Oracle broke its radio...
View ArticleIPMI Protocol, BMC Vulnerabilities Expose Thousands of Servers to Attack
Baseboard management controllers, embedded computers present in most servers, are vulnerable to a half dozen critical vulnerabilities that could enable an attacker to gain remote control over the host...
View ArticleNew Project Sonar Crowdsources Embedded Device Vulnerability Analysis
The state of embedded device security is poor, and there hasn’t been much in the way of discussion to the contrary. It’s well established that vendors skimp on security, selling for example, routers...
View ArticlePhony Order Faxed to Registrar Leads to Metasploit Defacement
A pro-Palestine hacker collective went old-school in its takedown of the Metasploit and Rapid7 websites today. Metasploit creator and HD Moore confirmed via Twitter that Metasploit.com was hacked via a...
View ArticleRegistrar in Metasploit DNS Hijacking Not Duped by Fax
The registrar for the Metasploit and Rapid7 websites, both of which were victims of a DNS hijacking attack on Friday, was not duped by a spoofed change request sent via fax as it originally reported....
View ArticleSeven IPMI Firmware Zero Days Disclosed
Metasploit creator and Rapid7 CSO HD Moore today disclosed seven zero-day vulnerabilities in IPMI firmware from vendor Super Micro. The security issues were reported to the vendor in August, however...
View ArticleGmail Image Proxy Changes Have Privacy, Security Implications
Google’s decision to automatically display images in Gmail messages has security experts on edge about the privacy and security implications of the move. Of particular concern is the ability of an...
View ArticleVulnerabilities in IPMI Protocol Have Long Shelf Life
Noted researcher Dan Farmer published a paper on the depth and breadth of IPMI vulnerabilities in server Baseboard Management Controllers, and the news isn't good.
View ArticlePlaintext Supermicro IPMI Credentials Exposed
Weaknesses in Supermicro IPMI-based baseboard management controllers expose remote passwords in plaintext.
View ArticleMozilla 1024-Bit Cert Deprecation Leaves 107,000 Sites Untrusted
Data compiled from Rapid7's Project Sonar scan found 107,000 websites running 1024-bit CA certificates that will soon be untrusted as Mozilla announces it will no longer support the shorter, weaker keys.
View ArticleNAT-PMP Protocol Vulnerability Puts 1.2 Million SOHO Routers At Risk
More than 1 million SOHO routers and embedded devices are vulnerable to a serious vulnerability in the NAT-PMP protocol that enables traffic hijacking and denial of service attacks.
View ArticlePHP Applications, WordPress Subject to Ghost glibc Vulnerability
Researchers at Sucuri revealed that applications such as WordPress that support PHP could also be subject to the Ghost vulnerability in glibc.
View ArticleAdvantech ICS Gear Still Vulnerable to Shellshock, Heartbleed
Rapid7 disclosed that Advantech EKI industrial control gear remains vulnerable to Shellshock and Heartbleed, in addition to a host of other vulnerabilities.
View ArticleJuniper Backdoor Password Goes Public
The password protecting one of the two Juniper backdoors was published after it was discovered by researchers at Fox-IT and Rapid7.
View ArticleJuniper Backdoor Picture Getting Clearer
Crypto and security experts digging into the Juniper backdoor have determined that attackers have subverted an alleged NSA backdoor in the Dual_EC_DRBG algorithm used in NetScreen firewalls.
View ArticleHD Moore To Build New Venture Capital Firm
Metasploit creator HD Moore announced he’s leaving Rapid7 at the end of the month for a new venture capital opportunity.
View Article
