The H Security

Spycam vulnerability reappears in Google Chrome's Flash

Tue, 18 Jun 2013 14:44:00 GMT

It's possible to trick users into activating their webcams through clickjacking trickery and transparent Flash apps in the page. The problem was allegedly fixed in 2011 but is back again in the latest Chrome browser

37 critical Java holes to be fixed today

Tue, 18 Jun 2013 09:19:00 GMT

Java users should be prepared to update their installations later today as Oracle's latest Java update will fix 40 security vulnerabilities, 37 of which can be exploited over the network

Critical vulnerability in Blackberry 10 OS

Mon, 17 Jun 2013 19:39:00 GMT

If attackers can get the user to install a malicious app and convince the user to reset their password using BlackBerry Protect, it is possible to take complete control of a BlackBerry Z10

ICS-CERT issues warning about unsafe medical devices

Mon, 17 Jun 2013 16:32:00 GMT

Patient monitors, medical pumps, and analysis devices like industry control systems, the equipment used in hospitals is increasingly connected to networks. Now, ICS-CERT says that some 300 devices from 40 manufacturers have backdoors

Microsoft denies providing US government with vulnerabilities

Mon, 17 Jun 2013 11:16:00 GMT

Media reports have suggested that Microsoft has been supplying the US government with Windows security vulnerabilities for uses related to the PRISM programme. Microsoft has now released a statement denying all such allegations

Multi-factor authentication for Microsoft cloud

Mon, 17 Jun 2013 09:29:00 GMT

Initially as a preview only, Microsoft is offering Azure customers the facility, after entering their username and password, to authenticate via a smartphone app or over the phone. This option does not, however, come cheap

The H Roundup - Classic Mode for RHEL 7, Business Source & BrickPi

Sat, 15 Jun 2013 12:11:00 GMT

In the week ending 15 June Business Source, GNOME Classic Mode in RHEL 7, users warned to remove the Debian Multimedia repository, Hetzner hacked, GlassFish 4.0, the BrickPi, and a sophisticated Android trojan

The end for Google's Chrome Frame

Fri, 14 Jun 2013 11:26:00 GMT

Google plans to retire its extension for older versions of Internet Explorer next January and recommends users switch to a modern version of IE or make the jump to Chrome in earnest

Users warned to remove Debian Multimedia repository

Fri, 14 Jun 2013 09:10:00 GMT

The Debian project is warning users that the unofficial Debian Multimedia repository has to be considered unsafe as its domain has switched hands and is now under the control of an unknown party

Snowden: US has been hacking Hong Kong and China for years

Thu, 13 Jun 2013 11:05:00 GMT

Over the past few months, the US government has generated increasing amounts of publicity around alleged hacker attacks from China. The Mandiant report on the ATP1 group appeared to provide plenty of evidence. However, the US aren't the only victims

Google warns of increased Iranian phishing

Thu, 13 Jun 2013 10:11:00 GMT

Google is warning Iranian internet users to be on the look out for phishing emails which attempt to compromise their Google accounts. It believes the emails are from the same group behind the DigiNotar compromise in 2011

OWASP top ten of web application security risks released

Thu, 13 Jun 2013 10:02:00 GMT

The Open Web Application Security Project (OWASP) has published its latest top ten of web application security risks. Both cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks lost in importance in favour of other threats

HP's "System Management Homepage" web interface vulnerable

Wed, 12 Jun 2013 15:20:00 GMT

The web management interface of ProLiant and Integrity servers contains a critical vulnerability

Citadel takedown took down security researchers too

Wed, 12 Jun 2013 15:08:00 GMT

In the process of taking down 1462 botnets last week, it appears that Microsoft failed to take down over a third of the domains it was targeting and that an estimated 25% of the domains were being run by security researchers

CyanogenMod is working on privacy mode for apps

Wed, 12 Jun 2013 13:40:00 GMT

CyanogenMod founder Steve "Cyanogen" Kondik is working on privacy mode implementation for the open source third party firmware for Android devices. The per-app setting will allow users to not share their private data with apps

Microsoft doesn't close all holes on June patch day

Wed, 12 Jun 2013 10:00:00 GMT

Microsoft has used its June patch day to close numerous holes in Windows, Internet Explorer and Office. However, the company appears to have left open a privilege escalation hole for which an exploit is being circulated on the net

June updates for Flash and Air close a critical hole

Wed, 12 Jun 2013 09:00:00 GMT

One hole, multiple updates: Adobe has fixed a critical security hole and released new versions of Flash and Air for all platforms

Mozilla, EFF and 86 others launch campaign against surveillance

Tue, 11 Jun 2013 16:41:00 GMT

Mozilla and EFF are among the 86 organisations calling for signatures on a letter to the US Congress to investigate US Government surveillance orders as a response to recent revelations about NSA spying

Mozilla, EFF and 86 others launch campaign against surveillence

Tue, 11 Jun 2013 16:41:00 GMT

zPanel vulnerability permits root access to server

Tue, 11 Jun 2013 14:40:00 GMT

Work on a patch is ongoing, but a hotfix which can be applied manually is already circulating on forums. Until a patch is available, the vulnerable module should be deactivated as soon as possible

Multiple vulnerabilities found in HP Insight Diagnostics

Tue, 11 Jun 2013 12:07:00 GMT

An authenticated remote attacker can exploit multiple vulnerabilities in HP's server management software to get administrator rights on the server. No fix is currently available

Piecemeal patches from QNAP

Mon, 10 Jun 2013 14:19:00 GMT

The company has now released updates for its vulnerable NAS and video surveillance systems

"Sophisticated Android Trojan" identified

Mon, 10 Jun 2013 13:36:00 GMT

Using obfuscation, reflection, encryption and a range of Android vulnerabilities, the latest malware discovered by Kaspersky Lab is believed to have more in common with Windows malware than with other Android pests

Lost+Found: From fake phishing to a Fortinet facepalm

Sun, 09 Jun 2013 08:59:00 GMT

On The H's radar over the last seven days: Fake phishing, textbook SQL injections, security 101 for app developers, reverse engineering malware, a Fortinet faceplam, a pentester edition of Firefox and further news on the QNAP vulnerabilities

The H Roundup - NOOBS, Ubuntu's Bug One and a Windows hole

Sat, 08 Jun 2013 10:59:00 GMT

In the week ending 8 June whatever happened to Google's commitments to open standards, Tavis Ormandy found another Windows hole, Shuttleworth closed Ubuntu Bug One and the Raspberry Pi got a new installation system