Samsung printers provides backdoor for attackers

Admin account in Samsung printers allows an attacker to take full control of the devices. The account seems to be a hard-coded community string with full SNMP read and write access. This account remains active, even when SNMP is disabled in the printer's administration interface. "As a general good security practice, only allow connections from trusted hosts and networks. Restricting access would prevent an attacker from accessing an SNMP interface using the affected credentials from a blocked network location," US-CERT advises. Besides Samsung-branded printers, some devices that the company produced for Dell also seem to be affected. However, the flaw seems to only affect models produced before 31 October 2012.

eBay patches two critical security flaws

eBay recently patched two potentially critical vulnerabilities, a cross-site scripting bug and a SQL injection vulnerability. For SQL issue the vulnerable script is 'sea.ebay.com/news.php' that attackers unauthorized read/write/edit access to a SQL database. Whereas XSS flaw could allow a hacker to access a seller's account and the ability to insert a XSS exploit into the code on a product's page.

Yahoo admits 40K passwords breached

In a recent security breach Yahoo! has been the victim of losing around 40,000 user credentials. The company on Thursday issued a statement confirming that on 11 July, an attacker had breached company systems and lifted the data from archived information related to the Yahoo Contributor Network. The information included account information from Yahoo and other services. Yahoo has responded swiftly to address the breach. "We have taken swift action and have now fixed this vulnerability, deployed additional security measures for affected Yahoo users, enhanced our underlying security controls and are in the process of notifying affected users," the company said.