Vulnerability

Oracle has eliminated 50 vulnerabilities in Java

The manufacturer also re eliminated zero-day vulnerability that is fixed in the past month. Oracle is under pressure from the international information security community has released an update to Java 7 Update 13 vulnerabilities which actively exploited by hackers. Company has removed a total of 50 vulnerabilities, and has released a solution for breach CVE-2013-0422(…)

The administration of the airport in Dusseldorf closed gaps in security

According to the notice on the site Vulnerability Lab, the airline closed the security vulnerabilities in its web-site. As we learned from security bulletin site vulnerability-lab.com, on the official web-site of the airport in Duesseldorf was closed a number of dangerous vulnerabilities. As specified in the Vulnerability Lab, several SQL injection vulnerabilities that allowed an attacker to(…)

The number of security holes in software this year has decreased

The number of publicly disclosed vulnerabilities in 2011 decreased, as well as the proportion of bugs that were exploited. Affects the development of a safe? Attacking this year reached a great success, but a common attack vector – the exploitation of vulnerabilities in software – it seems on the decline. According to preliminary data companies that(…)

Simple HTML-tag leads to a drop of Windows 7

Uncorrected critical error in the 64-bit Windows 7 makes the computers vulnerable to fail with a “blue screen of death.” A memory corruption bug in Win 7 x64 can also allow to introduce malicious code into the machine at the kernel level, warned the company Secunia. Fortunately, the 32-bit OS is not susceptible to the bug was discovered(…)

Hackers can get other people’s mobile phones to send paid messages

Disadvantages of mobile communication standards give fraudsters the opportunity without the knowledge of the phone owner to arrange sending SMS messages to premium rate numbers or to create difficulties in obtaining ordinary text messages. The vulnerability concerns the messaging system for applications that are installed by operators in the SIM-card. This system is called SIM Application(…)

Researcher found 0day vulnerabilities in products of Kaspersky 2011/2012

Vulnerability researcher Benjamin Kuntz interregional found a new 0-day vulnerability that allows to perform memory deterioration in Kaspersky Anti-Virus 2011/2012 and Internet Security 2011/2012. The vulnerability exploited locally when calling exception filter / protection of Kaspersky, it can be used by hackers to disrupt the activities of the software. Affects all the instances of protection: the(…)

According to buyer fixes, IBM, HP and Microsoft top the list of laggards

IBM, HP and Microsoft topped the list of companies that are not released within 6 months after notification of patches from the world’s largest program to hunt for bugs. During 2011 TippingPoint, unit HP, for a total of 29 issued a report on “zero-day” vulnerabilities that are 6 months or more are not obscured by(…)

10 most important Open Source projects in 2011

That came to an end for another year. It’s time to step back and evaluate everything that has happened during this period. It turns out that in 2011 became a model in terms of support for open source projects. So select 10 projects have been quite difficult. But what is meant by the word “important”? Obviously, this is not(…)

CSS shaders contribute to data theft

Software developers from Google, Apple, Adobe, etc. struggling with the security risks that have risen due to the emerging graphics technology, which in its present form can jeopardize millions of users. “The technology, known as CSS shaders , is designed to display a variety of distortion effects such as vibration, ripples and wrinkles. It works by providing a(…)

SCADA endangers critical infrastructure

According to warnings of U.S. agencies that protect national critical infrastructure, electronic devices used to control the equipment at water treatment plants and other industrial sites contain serious flaws that could allow attackers to remotely manage them. “Some models of the PLC Modicon Quantum, used in industrial control systems contain several hidden accounts that use(…)