Tag Archive for: patched

Many vulnerabilities in older Huawei 3G routers won’t get patched

/in

Huawei doesn’t plan to patch more than a dozen models of 3G routers that have severe software vulnerabilities.

The flaws could allow an attacker to change DNS (Domain Name System) settings, upload new firmware without logging into the device and conduct a denial-of-service attack.

The models of affected routers, distributed by ISPs in 21 countries, are now considered out of Huawei’s support cycle, said Pierre Kim, a security researcher who found the issues and listed the models on his blog.

To read this article in full or to leave a comment, please click here

Network World Security

Cybercriminals adopt recently patched zero-day exploit in a flash

/in

Just four days after Adobe Systems patched a vulnerability in Flash Player, the exploit was adopted by cybercriminals for use in large-scale attacks. This highlights the increasingly small time frame users have to deploy patches.

On Saturday, a malware researcher known online as Kafeine spotted a drive-by download attack done with the Magnitude exploit kit that was exploiting a Flash Player vulnerability patched Tuesday.

The flaw, tracked as CVE-2015-3113 in the Common Vulnerabilities and Exposures database, had zero-day status—that is, it was previously unpatched—when Adobe released a patch for it. It had already been exploited by a China-based cyberespionage group for several weeks in targeted attacks against organizations from the aerospace, defense, construction, engineering, technology, telecommunications and transportation industries.

To read this article in full or to leave a comment, please click here

Network World Security

As easy as 123: Xen hypervisor bug found, fixed, phew…‏make sure you’re patched!

/in

Xen is often used to share one physical server amongst many different customers – and it’s supposed to keep them safely apart. Sometimes, things don’t quite work out…Paul Ducklin explains.
Naked Security – Sophos

Blackphone SSL security flaw was patched within days, says CEO

/in

Researchers checking out the $ 629 (£390) Blackphone ultra-secure Android smartphone recently found a potentially significant vulnerability that could have allowed an attacker to carry out a man-in-the-middle (MitM) to sniff the login credentials for the device’s Silent Circle apps.

The now-patched flaw discovered by Bluebox Security was a relatively straightforward if surprising one to do with the way the Blackphone was found to be implementing SSL security for its cornerstone apps, Silent Phone, Silent Text, Silent Contacts, Secure Wireless and SpiderOak.

To read this article in full or to leave a comment, please click here

Network World Security