Tag Archives: exploit

Attack Code, Metasploit Module Released For Serious Ruby On Rails Bugs

Posted on by

This just got (more) real: Researchers today unleashed exploit code for a pair of newly found vulnerabilities in the popular Web application programming platform Ruby on Rails (RoR), as well as a new Metasploit module for the most serious of the two flaws, raising concerns of potentially damaging attacks to come on Web servers and databases.

via Attack Code, Metasploit Module Released For Serious Ruby On Rails Bugs – Dark Reading.

Security experts recommend patching RoR apps now if you have not already done so. Said O’Donnell in a blog post yesterday:

Microsoft investigating new IE vulnerability used in targeted attacks, IE9 and IE10 users are safe

Posted on by

The malicious JavaScript in question only served the exploit code to browsers whose language was either English (U.S.), Chinese (China), Chinese (Taiwan), Japanese, Korean, or Russian. Once the initial checks passed, the JavaScript proceeded to load an Adobe Flash file named “today.swf.” This file ultimately triggered a heap spray in IE and downloaded a file named “xsainfo.jpg.”

More details of the vulnerability are available at the CERT Knowledgebase ( VU#154201). Here’s the full technical description:

via Microsoft investigating new IE vulnerability used in targeted attacks, IE9 and IE10 users are safe – The Next Web.

Like a Hot Knife Through Butter

Posted on by

In this short post, I’d like to show how hash-DoS can be applied to the btrfs file-system with some astonishing and unexpected success. Btrfs, while still in development stage, is widely considered as being a viable successor of ext4, and an implementation of it is already part of the Linux kernel. According to this page,

via Pascal Junod » Like a Hot Knife Through Butter.

Security Researcher Compromises Cisco VoIP Phones With Vulnerability

Posted on by

As part of the demonstration, Cui inserted and removed a small external circuit board from the phone’s Ethernet port — a move he asserted could be accomplished by someone left alone inside a corporate office for a few seconds. He then used his own smartphone to capture every word spoken near the VoIP phone, even though it was still “on-hook.”

via Security Researcher Compromises Cisco VoIP Phones With Vulnerability – Dark Reading.

Security Hole in Samsung Smart TVs Could Allow Remote Spying

Posted on by

ReVuln’s policy of disclosing security holes only to paying customers has met with disapproval from both vendors and security pros, who argue that companies should do what they can to eradicate dangerous software holes. However, the company is unbowed, maintaining that selling knowledge of software security holes is a legitimate business and helps the company recoup the costs of researcher the holes and developing proof of concept exploits for them.

via Security Hole in Samsung Smart TVs Could Allow Remote Spying | The Security Ledger.

A little short on details as I wondered how this could be done sitting behind a proper firewall.

Security Researcher Discloses New Batch of MySQL Vulnerabilities

Posted on by

The first MySQL vulnerability, a stack-based buffer overflow, would allow an authenticated database user a chance to cause the MySQL daemon to crash, and then execute code with the same privileges as the user running MySQL. A heap-based overflow vulnerability, separate from the previous flaw, could be used to do the same thing – again the damage could be caused by an authenticated database user.

via Security Researcher Discloses New Batch of MySQL Vulnerabilities | SecurityWeek.Com.

Hackers Exploit ‘Zero-Day’ Bugs For 10 Months On Average Before They’re Exposed

Posted on by

One aspect of zero-day exploits use that’s made them tough to track and count has been how closely targeted they are. Unlike the mass malware infections that typically infect many thousands of machines using known vulnerabilties, the majority of the exploits in Symantec’s study only affected a handful of machines–All but four of the exploits infected less than 100 targets, and four were found on only one computer.

via Hackers Exploit ‘Zero-Day’ Bugs For 10 Months On Average Before They’re Exposed – Forbes.

Unsurprisingly, the study shows that hackers target common software like Microsoft Word, Flash and Adobe Reader. Sixteen of the 18 zero-day exploits discovered and analyzed in the study affected Microsoft and Adobe software.

3 years later, hackers who hit Google continue string of potent attacks

Posted on by

The hackers who breached the defenses of Google and at least 34 other big companies three years ago have unleashed a barrage of new attacks since then, many that exploit previously undocumented vulnerabilities in software from Microsoft and Adobe, a new report has found.

via 3 years later, hackers who hit Google continue string of potent attacks | Ars Technica.

Researchers have dubbed this approach “watering hole” attacks, and say they’re “similar to a predator waiting at a watering hole in a desert. The predator knows that victims will eventually have to come to the watering hole, so rather than go hunting, he waits for his victims to come to him.”

Hackers reveal critical vulnerabilities in Huawei routers at Defcon

Posted on by

The vulnerabilities — a session hijack, a heap overflow and a stack overflow — were found in the firmware of Huawei AR18 and AR29 series routers and could be exploited to take control of the devices over the Internet, said Felix Lindner, the head of security firm Recurity Labs and one of the two researchers who found the flaws.

via Hackers reveal critical vulnerabilities in Huawei routers at Defcon – Computerworld.

According to the Huawei website, the AR series routers are used by enterprises and AR18 in particular is marketed as product intended for small and home offices.