The biggest DDoS (Distributed Denial of Service) attack in the history of the internet was carried out last week. The victim was Spamhaus anti-spam organisation. According to Akamai, Spamhaus was facing increasing traffic about a week ago, but have surged in the last few days, reaching a never previously experienced level of some 300 gigabits per second at peak hours, says Akamai. <more>
Tuesday, March 26, 2013
Last week, Apple just released a fix for lock screen bypass that was discovered in mid-February. Unfortunately, it seems another trick that allows similar access to the device has already been discovered. According to The Next Web, this vulnerability is present in iOS 6.1.3. This version was just released earlier this week and contained a number of bug fixes along with a fix for the lock screen bypass. The method for bypassing the lock screen in that instance was pretty complicated. This time, it's much, much easier.
Posted by cERTx at 8:56 AM
A vulnerability related to account hijacking has been identified by a security researcher Rishi Narang which puts Microsoft, Twitter, LinkedIn and Yahoo users at risk. While Google and Facebook customers are not impacted by the flaw. According to the expert, the vulnerability, which can be leveraged to launch session fixation attacks, is caused by an issue with the management of cookies and sessions.<more>
Posted by cERTx at 8:49 AM
Monday, March 4, 2013
Less than a week after the latest zero-day flaw in Oracle's Java software was discovered, security researchers have discovered yet another bug that can allow attacks on computers. The latest flaw, which researchers from FireEye dubbed the vulnerability YAJ0 - Yet Another Java Zero-Day, is already being exploited "in the wild." According to FireEye, new zero-day vulnerability has been used to attack multiple customers, especially those whose browsers have Java v1.6 Update 41 and Java v1.7 Update 15 installed. Unlike other popular Java vulnerabilities, this new vulnerability "leads to arbitrary memory read and write in JVM process."
Posted by cERTx at 7:09 AM
Developer Feross Aboukhadijeh has published that allows a web page to fill up a hard disk without any action on the user's part. If you'd like to try out the "HTML5 Hard Disk Filler" at your own peril, simply go to www.filldisk.com – but beware: the script will immediately get to work and clog up your hard disk with cat images. <<more>>
Posted by cERTx at 7:06 AM
The last update of Flash Player was just two weeks ago and now it's being updated again - this time to block exploits that target the Firefox browser. The new advisory points to three fixes in the update, two involved in blocking the Firefox exploit and one correcting a generally applicable, serious flaw. The problems affect Flash Player on Windows, Mac OS X and Linux, but do not appear to affect Flash on Android. In the month of February, Adobe released emergency updates to Flash Player, taking its version number, on Windows and Mac, up to 11.5.502.149. Then further patches were released on 12 February as part of the regularly scheduled Patch Tuesday, bringing the version number up to 11.6.602.168. In the latest update the version number rises to 11.6.602.171 for Windows and Mac OS X versions; the updates can be downloaded from Adobe. <<more>>
Posted by cERTx at 7:03 AM