This is a guest post written by Alex Bod, Information Security Researcher and the founder of the Gods Hackers Team. The information about a set of vulnerabilities called HTTPoxy was published on July 18. Using this, attackers can replace the HTTP_PROXY environment variable that allows them to redirect http-queries to the Web applications on their […]
Security researchers from China-based tech company Tencent have identified a series of vulnerabilities that can be exploited to remotely hack an unmodified Tesla Model S while it’s parked or on the move. The researchers managed to perform various actions. While the vehicle was parked, the experts demonstrated that they could: control the sunroof, the turn […]
Not a month passes without seeing some major car manufacturer that has cybersecurity issues. This month we have seen made public a report from February 2016 related to BMW. The short story The BMW ConnectedDrive Web portal was found to contain a vulnerability that could result in a compromise of registered or valid vehicle […]
I get very often asked about these two concepts and I noticed that there is a lot of unclarity around these topics. At the end, I will tell you my own opinion and give you some advices. Vulnerability scan Also known as Vulnerability Assessment, looks for known vulnerabilities in your systems and reports potential […]
Richard Adhikari wrote a good overview about the “OpenSSH Flaw Could Leak Crypto Keys” in the LinuxInsider.com website. I got quoted : The flaws are not dangerous, security consultant Sorin Mustaca said. “In order to exploit this vulnerability, an attacker must convince its target OpenSSH client to connect to a malicious server — an unlikely […]
With over 500 million users worldwide, WinRAR is by far the most popular compression program. An independent security lab found a remote code execution vulnerability in the official WInRAR SFX v5.21 software. The vulnerability allows remote attackers to unauthorized execute system specific code to compromise a target system. The issue is located in the Text […]
39 fixes are supposed to be delivered via iOS 8.3. Areas like KeyStore, Drivers, Backup, Kernel, Certificate Trust Policy, Networking, Lock Screen, Safari and the WebKit, and many more are being fixed. Apple doesn’t provide how critical the issues were, but from what I see there, at least a dozen or so made me raise my […]
After Heartbleed, Poodle and FREAK which turned the IT world upside down, numerous companies have asked to have a though review of the most used SSL implementation in the world: OpenSSL. And indeed, in order to avoid being again in the news, the OpenSSL Foundation is set to release later this week several patches for […]
UPDATE on the FREAK vulnerability in SSL: it affects not only Android and iOS but all Windows versions too. I wrote about the new SSL vulnerability called FREAK – Factoring RSA Export Keys – affects around 36% of all sites trusted by browsers and around 10% of the Alexa top one million domains, according to […]
After Heartbleed, a new security vulnerability in SSL is making headlines and producing again headaches for security experts. As any good and mind blowing (for most people) vulnerability, it has a nice name – FREAK, a CVE number – CVE-2015-0204 and a dedicated website https://freakattack.com/ . FREAK – Factoring RSA Export Keys – affects around […]
