Israel's Iron Dome Missile Defense System hacked by Chinese hackers

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <a href="http://2.bp.blogspot.com/-Cun6lI7yd64/U9fswTJb-1I/AAAAAAAADVo/afeFgzuyQ8U/s1600/0400.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Iron Dome Missile Defense System hacked, Iron Dome hacked" border="0" src="http://2.bp.blogspot.com/-Cun6lI7yd64/U9fswTJb-1I/AAAAAAAADVo/afeFgzuyQ8U/s1600/0400.jpg" title="Israel's Iron Dome Missile Defense System hacked by Chinese hackers" /></a></div> Unknown group of hackers have breached the computers system of three defense contractors that built Israel’s missile defense mechanism, Iron Dome. The investigation done by the Cyber Engineering Services Inc. (CyberESI), claims that the incident was occurred in 2011 and 2012.<br /> <br /> On this breach hackers have managed steal large amount of data related to the technology used for building the missile shield Iron Drone. All the stolen data were highly sensitive, that includes all the details information and documentation about the Iron Drone. Hackers have also managed to steal the information about Unmanned Aerial Vehicles, ballistic rockets and the Arrow III missile interceptor which was designed by Boeing and other U.S.-based companies.<br /> <div style="text-align: center;"> <script async="" src="//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"></script> <!-- Nick --> <br /> <ins class="adsbygoogle" data-ad-client="ca-pub-1618281995222563" data-ad-slot="2512029935" style="display: inline-block; height: 60px; width: 468px;"></ins><script> (adsbygoogle = window.adsbygoogle || []).push({}); </script> </div> Security blogger Brian Kerbs <a href="http://krebsonsecurity.com/2014/07/hackers-plundered-israeli-defense-firms-that-built-iron-dome-missile-defense-system/" target="_blank">wrote</a> that hackers group was from China (not confirmed yet) have hacked into the system of  three defense companies in Israel: Elisra Group, Israel Aerospace Industries, and Rafael Advanced Defense Systems.<br /> <br /> After the notify of breached Israel Aerospace Industries (IAI) contacted Israel’s authorities and took the necessary measures to prevent this type of events in the future.<br /> <br /> On the statement speak out by CyberESI’s founder and chief executive officer Joseph Drissel stats-<br /> “Much of the documentation stolen by the hackers contained knowledge about technology that was not developed by Israel only, but by American company Boeing, too, as is the case of the Arrow III missiles” . <br /> <blockquote class="tr_bq"> “Most of the technology in the Arrow 3 wasn’t designed by Israel, but by Boeing and other U.S. defense contractors,” Drissel told the security blogger. “We transferred this technology to them, and they coughed it all up. In the process, they essentially gave up a bunch of stuff that’s probably being used in our systems as well,” he added.</blockquote>  Drissel also says that the system of IAI had been breached on April 2012, and the attack was from infamous chineese hackers group known as “Comment Crew”– a group of cyber warriors linked to the Chinese People’s Liberation Army (PLA).<br /> <br /> Hackers might have used the social engineering attacks with the crafted phishing emails. After the breach of the companies system, attacker extracted all types of documents, from the emails sent by a CEO to the PowerPoint presentations containing all the necessary information about Iron Dome and other sophisticated ballistic projects.<br /> <br /> <br /></div>

Israel's Iron Dome Missile Defense System hacked by Chinese hackers

Unknown group of hackers have breached the computers system of three defense contractors that bui...

Read more »

CBI Arrests Hackers For Stealing Microsoft Product Keys

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <a href="http://1.bp.blogspot.com/-cEama4WRr2M/U9c8ThKwucI/AAAAAAAADVY/pxo9dqdIc_k/s1600/handcuffs-flickr-victor.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Indian hacker arrested, Microsoft hacker, Microsoft pirated, Pirated windows, hacking Windows" border="0" src="http://1.bp.blogspot.com/-cEama4WRr2M/U9c8ThKwucI/AAAAAAAADVY/pxo9dqdIc_k/s1600/handcuffs-flickr-victor.jpg" title="CBI Arrests Hackers For Stealing Microsoft Product Keys" /></a></div> The piracy concerns is increasing and this is one that is something impossible to stop. With the recent updates from the Microsoft side, its says that <b>Indian hacker have been arrested for hacking Microsoft's sites and stolen Microsoft products activation keys</b>.<br /> <br /> Microsoft have recently worked with the Indian Authorities to arrest an individual who reportedly hacked its servers and stole several product keys for its software. According to press statement hacker had sold the stolen products keys online.<br /> <div style="text-align: center;"> <script async="" src="//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"></script> <!-- Nick --> <br /> <ins class="adsbygoogle" data-ad-client="ca-pub-1618281995222563" data-ad-slot="2512029935" style="display: inline-block; height: 60px; width: 468px;"></ins><script> (adsbygoogle = window.adsbygoogle || []).push({}); </script></div> Central Bureau Investigation (CBI) have confirmed the report in an <a href="http://cbi.nic.in/pressreleases/pr_2014-07-25-3.php" target="_blank">official press release</a> and added that it seized several hard disks and routers that were used to commit the fraud and which could serve as evidence during the trial.<br /> <br /> On the statement CBI says-<br /> <blockquote class="tr_bq"> “The Central Bureau of Investigation has arrested a private person at Chennai (Tamil Nadu) in a case relating to offences of alleged cyber crime offences for the purpose of stealing Microsoft’s product keys as well as cheating unsuspecting consumers,”.</blockquote> Its not only with Microsoft as a software company that have been affected with piracy, there are many other software makers company which are having the issue. The company has launched several campaigns not only to make consumers aware that genuine software is the best choice for their computers, but also to encourage retailers and partners to purchase legitimate applications in order to avoid losing customers’ trust. <br /> <br /> Recently, the upcoming movie 'Expendables 3' have been leaked online before its official release and Torrent freaks have also noted that Expendables 3 is the <a href="http://torrentfreak.com/top-10-most-pirated-movies-of-the-week-140728/" target="_blank">most pirated movies of this week</a>, which had been <a href="http://torrentfreak.com/expendables-3-leaks-online-100k-copies-down-in-hours-140725/" target="_blank">download more than 100,000 times</a> within a hours. </div>

CBI Arrests Hackers For Stealing Microsoft Product Keys

The piracy concerns is increasing and this is one that is something impossible to stop. With the ...

Read more »

iPhones extracting deep personal data - Apple Employee

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <a href="http://2.bp.blogspot.com/-4k8QVfsimjQ/U9Zd1NPKX1I/AAAAAAAADVI/EpPVfbKlfwQ/s1600/apple-iphone-3gss-photo-336064-s-1280x782.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/-4k8QVfsimjQ/U9Zd1NPKX1I/AAAAAAAADVI/EpPVfbKlfwQ/s1600/apple-iphone-3gss-photo-336064-s-1280x782.jpg" /></a></div> This week Apple employees have acknowledge that Personal data including text messages, contact lists and photos can be extracted from iPhones through previously unpublicised techniques.<br /> <div> <br /></div> The same techniques to circumvent backup encryption could be used by law enforcement or others with access to the "trusted" computers to which the devices have been connected, according to the security expert who prompted Apple's admission.<br /> <div style="text-align: center;"> <script async="" src="//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"></script> <!-- Nick --> <br /> <ins class="adsbygoogle" data-ad-client="ca-pub-1618281995222563" data-ad-slot="2512029935" style="display: inline-block; height: 60px; width: 468px;"></ins><script> (adsbygoogle = window.adsbygoogle || []).push({}); </script></div> Last week a forensic security researcher Jonathan Zdziarski, have <a href="http://www.cyberkendra.com/2014/07/researcher-identifies-suspicious.html" target="_blank">claimed</a> that Apple iOS device have many of the unwanted programs that are spying the users device and have a backdoor in it. The claimed was made in the Hackers on Planet Earth conference. Researcher also noted that users are not notified that the services are running and cannot disable them, Zdziarski said. There is no way for iPhone users to know what computers have previously been granted trusted status via the backup process or block future connections.<br /> <br /> Some of them cited it as evidence of Apple collaboration with the National Security Agency.<br /> <br /> But after the claim <a href="http://www.cyberkendra.com/2014/07/apple-denies-of-installing-backdoors-on.html" target="_blank">Apple have denies of creating any backdoor</a> and also point that company didn't have any relation with NSA or any government agency. Apple have given a statement to a tech reporter of the Financial Times.<br /> <br /> Chief executive officer of Securosis, Rich Mogull- said Zdziarski’s work was overhyped but technically accurate. “They are collecting more than they should be, and the only way to get it is to compromise security, - he added.</div>

iPhones extracting deep personal data - Apple Employee

This week Apple employees have acknowledge that Personal data including text messages, contact li...

Read more »

Russia Offers $100,000 for Cracking TOR

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <a href="http://2.bp.blogspot.com/-nsq_mulTchE/U9Pt4UJi07I/AAAAAAAADU4/KtkDMW-Ii68/s1600/435384-tor-the-onion-network.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="TOR Security, Breaking TOR privacy, TOR vulnerability, TOR rewards, TOR network, hacking TOR network, TOR hacked, TOR breacking reward, Russian reward for TOR" border="0" src="http://2.bp.blogspot.com/-nsq_mulTchE/U9Pt4UJi07I/AAAAAAAADU4/KtkDMW-Ii68/s1600/435384-tor-the-onion-network.jpg" title="Russia Offers $100,000 for Cracking Tor" /></a></div> Everyone searching for the loop holes in TOR bundle and everyone wants to break TOR security. As from long time NSA is searching for the loopholes in TOR now with that Russia is also came. Russian government is offering money to break the TOR security.<br /> <br /> Russian government is reportedly increasing its efforts to kill all kinds of anonymity and privacy on the Internet by putting the target on the Tor network. Russia’s Interior Ministry made the announced and  started to offer money for people who can create a reliable way to decrypt data sent over TOR. The reward for breaking the TOR security is said of $111,290 or €84,790.<br /> <div style="text-align: center;"> <script async="" src="//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"></script> <!-- Nick --> <br /> <ins class="adsbygoogle" data-ad-client="ca-pub-1618281995222563" data-ad-slot="2512029935" style="display: inline-block; height: 60px; width: 468px;"></ins><script> (adsbygoogle = window.adsbygoogle || []).push({}); </script> </div> On this announcement lawyer for Russia’s Pirate Party <a href="http://rt.com/news/175408-russia-internet-tor-service/" target="_blank">said</a>-<br /> <blockquote class="tr_bq"> “Law enforcers are worried about the ability of internet users to anonymously visit the internet, and particularly blocked sites. Also, the new blogging law that comes into force in August says that all bloggers with a daily audience of over 3,000 must register their identity. But someone blogging through TOR can do so anonymously,”</blockquote> According to the online magazine <b>Apparat.cc</b> stats, it is being noted that TOR had 80,000 users in May, which has been increased to 200,000 this month. It seems that Russian government have made announcement to make the control over the internet users in the country. It have an issue with the growing popularity of Tor within the country, especially following the various Internet censorship efforts taken by the country’s government.<br /> <br /> As with the last <a href="http://www.cyberkendra.com/2014/07/breaking-tor-security-presentation-on.html" target="_blank">announcement from the Black Hat 2014</a> made many of them sad because of cancellation of the talk which is for de-anonymizing the TOR. </div>

Russia Offers $100,000 for Cracking TOR

Everyone searching for the loop holes in TOR bundle and everyone wants to break TOR security. As ...

Read more »

MailPoet Vulnerability Targets 50,000 WordPress Sites

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <a href="http://3.bp.blogspot.com/-_bixocCIzDg/U9Hrj5SRWwI/AAAAAAAADUY/WFC3mvA7VB4/s1600/wysija-MailPoet-Wordpress-Plugin.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="MailPoet Vulnerability, WordPress Vulnerability, Vulnerability in Word Press plugins" border="0" src="http://3.bp.blogspot.com/-_bixocCIzDg/U9Hrj5SRWwI/AAAAAAAADUY/WFC3mvA7VB4/s1600/wysija-MailPoet-Wordpress-Plugin.jpg" title="MailPoet Vulnerability Targets 50,000 WordPress Sites" /></a></div> A free and open source blogging tool as well as content management system (CMS), WordPress is now in targets of Cyber hackers. With the continuous security <a href="http://www.cyberkendra.com/search/label/Security" target="_blank">vulnerability</a> in some of the popular plugins make it easy to hack WordPress sites. So Security firm have recommend all WordPress users to upgrade its CMS version along with the plugins that they use.<br /> <div> <br /></div> In early of this month security researcher and CEO of the security firm <b>Sucuri, Daniel Cid</b> have pointed a security vulnerability on one of the popular plugins called <b><a href="http://threatpost.com/critical-vulnerability-in-wordpress-plugin-could-allow-site-takeover" target="_blank">MailPoet</a></b>, formerly known as <b>Wysija Newsletter. </b><br /> <div style="text-align: center;"> <script async="" src="//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"></script> <!-- Nick --> <br /> <ins class="adsbygoogle" data-ad-client="ca-pub-1618281995222563" data-ad-slot="2512029935" style="display: inline-block; height: 60px; width: 468px;"></ins><script> (adsbygoogle = window.adsbygoogle || []).push({}); </script></div> <div> <b>MailPoet, </b> plugins which has been downloaded more than 1.7 millions that allows developers running WordPress to send newsletters and manage subscribers within the content management system, is being now using by hackers to hack WordPress Site.</div> <div> <br /></div> <div> A critical security vulnerability in MailPoet which allows the attacker to inject any file including malware, defacements and spam, whatever they wanted on the server and that too without any authentication.</div> <div> <br /></div> <div> On the blog post Daniel have wrote that about <a href="http://blog.sucuri.net/2014/07/mailpoet-vulnerability-exploited-in-the-wild-breaking-thousands-of-wordpress-sites.html" target="_blank">50,000 websites have been compromised</a> by hackers within the<a href="http://blog.sucuri.net/2014/07/remote-file-upload-vulnerability-on-mailpoet-wysija-newsletters.html" target="_blank"> three weeks of vulnerability</a> made public, using vulnerable MailPoet plugins. The backdoor installed is a very nasty and creates an admin account that gives attackers full administrative control. It also injects backdoor code into all themes and core files.</div> <div> <br /></div> <div> Sucuri added-</div> The worst part with this infection is that the malicious code also overwrites valid files, which are very difficult to recover without a good backup in place. It causes many websites to fall over and display the message:<br /> <blockquote class="tr_bq"> Parse error: syntax error, unexpected ‘)’ in /home/user/public_html/site/wp-config.php on line 91.</blockquote>  At the mean time the exploit is not effected in current release version of of MailPoet 2.6.7, so users are recommend to upgrade the plugins to latest version.<br /> <br /> Earlier also security firm Sucuri  have discovered many critical vulnerability in WordPress plugins as like vulnerability in <a href="http://blog.sucuri.net/2014/07/disclosure-insecure-nonce-generation-in-wptouch.html" target="_blank">WPtouch Plugins</a>, <a href="http://www.cyberkendra.com/2014/06/vulnerabilities-in-all-in-one-seo-pack.html" target="_blank">All in one SEO pack</a>, and also in <a href="http://blog.sucuri.net/2014/06/anatomy-of-a-remote-code-execution-bug-on-disqus.html" target="_blank">Disqus Comment System</a>.</div>

MailPoet Vulnerability Targets 50,000 WordPress Sites

A free and open source blogging tool as well as content management system (CMS), WordPress is now...

Read more »

Researchers Demonstrate Zero-Day Flaws in Tails Operating System

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <a href="http://1.bp.blogspot.com/-aEiaJxYAsK8/U9FgCDsIcTI/AAAAAAAADUI/V9KcyjKD1bc/s1600/Upcoming-Privacy-Conscious-Tails-OS-1-1-Could-Include-Zero-Day-Flaws-451655-2.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Zero-Day Flaws in Tails, Tails Operating System hacked, TOR hacked" border="0" src="http://1.bp.blogspot.com/-aEiaJxYAsK8/U9FgCDsIcTI/AAAAAAAADUI/V9KcyjKD1bc/s1600/Upcoming-Privacy-Conscious-Tails-OS-1-1-Could-Include-Zero-Day-Flaws-451655-2.jpg" title="Researchers Demonstrate Zero-Day Flaws in Tails Operating System" /></a></div> Researcher at Exodus Intelligence have discovered a Zero-day critical vulnerability in  security dedicated Linux-based Tails operating system, that could lead to de-anonymize any of the its users identity. The Vulnerability was in I2P software which is a component of the Operating System.<br /> <br /> On the <a href="http://blog.exodusintel.com/2014/07/23/silverbullets_and_fairytails/" target="_blank">blog post</a> Exodus researcher have thoroughly described the vulnerability and also posted a demonstrated video of vulnerability that unmask an anonymous user of the Tails operating system. On the demostrated video researcher have demonstrate the exploit using Tail s 1.1, but they have noted that the current version of the Tails operating system was still vulnerable to methods that could expose the identity of the user<br /> <div style="text-align: center;"> <script async="" src="//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"></script> <!-- Nick --> <br /> <ins class="adsbygoogle" data-ad-client="ca-pub-1618281995222563" data-ad-slot="2512029935" style="display: inline-block; height: 60px; width: 468px;"></ins><script> (adsbygoogle = window.adsbygoogle || []).push({}); </script></div> The researchers at Exodus claims they can use the vulnerability to upload malicious code to a system running Tails, execute the payload remotely, and de-anonymize the targeted users’ public IP address as well.<br /> <div> <br /></div> <blockquote class="tr_bq"> Tails is a Debian Linux-based operating system which integrates tools that run the connection through the TOR network in order to keep the identity of the user secret.</blockquote>  Exodus Intelligence claims that there are number of vulnerability present in Security oriented operating system, and there is no available patch.<br /> <br /> On the blog post Exodus says that <span style="background-color: white; font-family: 'Segoe UI', 'Gill Sans Light', Helvetica; font-size: 16px; line-height: 30px; text-align: justify;"> </span>actual problem lies in the heavily encrypted networking program called the Invisible Internet Project (I2P). The network layer that Tails uses to hide the user's public IP address from other websites and servers in order to keep the user anonymous on the web.<br /> <span style="font-size: large;"><b>Video Demonstration </b></span><br /> <div style="text-align: center;"> <iframe allowfullscreen="" frameborder="0" height="360" src="//www.youtube.com/embed/Ehc_jVj21zM" width="640"></iframe></div> Exodus team had already notify I2P as well as Tails to the problem and said they will not disclose the vulnerability until have released the patched version of Tails. But Exodus have already sell its Zero-day exploit to its clients which includes US agencies and DARPA.<br /> <br /> Users should question the tools they use, they should go even further to understand the underlying mechanisms that interlock to grant them security," reads the blog post.<br /> <div> <br /></div> The Exodus Intelligence security researchers also mentioned that they will released more technical details on the vulnerability once the bug get fixed from I2P and the patched version of Tails OS released.</div>

Researchers Demonstrate Zero-Day Flaws in Tails Operating System

Researcher at Exodus Intelligence have discovered a Zero-day critical vulnerability in  security ...

Read more »

European Central Bank hacked, personal data stolen

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <a href="http://4.bp.blogspot.com/-CWKGH8UURq4/U9FRtPoP2qI/AAAAAAAADT4/ElWIm3QmEbM/s1600/ecb_logo_EN.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="European Central Bank hacked, ransom demanded" border="0" src="http://4.bp.blogspot.com/-CWKGH8UURq4/U9FRtPoP2qI/AAAAAAAADT4/ElWIm3QmEbM/s1600/ecb_logo_EN.png" title="European Central Bank hacked, personal data stolen" /></a></div> Ransom is getting common for the cyber criminals, as they are targeting mobile device with the malware that have a capability to encrypt all the data of the infected system and then asked for ransom.<br /> <br /> Here again a unknown <b>hacker have hacked the public website of the European Central Bank (ECB)</b> and stolen customers information, and asked for ransom.<br /> <br /> ECB had made a <a href="http://www.ecb.europa.eu/press/pr/date/2014/html/pr140724.en.html" target="_blank">announcement</a> today, inform about the data breached and also state that hackers have contacted the ECB officials and demanded a ransom in exchange for the data. Bank have not disclose the amount of ransom that hacker asked.<br /> <br /> ECB noted that No internal systems or market sensitive data were compromised. The database serves parts of the ECB website that gather registrations for events such as ECB conferences and visits. It is physically separate from any internal ECB systems.<br /> <br /> Banks says that most of the data were encrypted but parts of database which includes email addresses, some street addresses and phone numbers that were not encrypted.<br /> <br /> The ECB is contacting the users whose email addresses or other data might have been compromised and all passwords have been changed on the system as a precaution.<br /> <br /> ECB noted that it takes data security extremely seriously, and the organisation informed the hack incidenet to the German Police and investigation has been started. Currently <span style="background-color: white; font-family: Arial, Helvetica, sans-serif; font-size: 12px; text-align: justify;">E</span>CB data security experts have addressed the vulnerability.</div>

European Central Bank hacked, personal data stolen

Ransom is getting common for the cyber criminals, as they are targeting mobile device with the ma...

Read more »

Mozilla release 11 Security Updates in Firefox 31

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <a href="http://4.bp.blogspot.com/-taIb-z1M9Fc/U9Cr0XL0DfI/AAAAAAAADTo/lx84f1mgRNo/s1600/Mozilla-Firefox-31-1024x576-8ac61de216ad8b68.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Mozilla Firefox, Firefox 31 updates, security of mozilla" border="0" src="http://4.bp.blogspot.com/-taIb-z1M9Fc/U9Cr0XL0DfI/AAAAAAAADTo/lx84f1mgRNo/s1600/Mozilla-Firefox-31-1024x576-8ac61de216ad8b68.jpg" title="Mozilla release 11 Security Updates in Firefox 31" /></a></div> Popular web browser Mozilla Firefox had released its update version in which Mozilla team have fixed 11 security vulnerabilities. In this 11 vulnerabilities 3 of them are critical, including a use-after-free vulnerability and a handful of memory safety issues.<br /> <br /> Firefox have several use-after-free vulnerability but team have noted one critical on them. That bug lies in the DirectWrite font handling component of the browser.<br /> <div style="text-align: center;"> <script async="" src="//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"></script> <!-- Nick --> <br /> <ins class="adsbygoogle" data-ad-client="ca-pub-1618281995222563" data-ad-slot="2512029935" style="display: inline-block; height: 60px; width: 468px;"></ins><script> (adsbygoogle = window.adsbygoogle || []).push({}); </script></div> <a href="http://www.cyberkendra.com/search/label/Firefox" target="_blank">Mozilla Firefox</a> recommends its users to install the security update as soon as possible, warning that the three critical vulnerabilities <a href="https://www.mozilla.org/security/known-vulnerabilities/firefox.html" target="_blank">discovered</a> in its browser could be exploited by attackers and leverage them to "run attacker code and install software, requiring no user interaction beyond normal browsing".<br /> <div> <br /></div> <div> Mozilla team says-</div> <blockquote class="tr_bq"> “Mozilla community member James Kitchener reported a crash in DirectWrite when rendering MathML content with specific fonts due to an error in how font resources and tables are handled. This leads to use-after-free of a DirectWrite font-face object, resulting in a potentially exploitable crash,”</blockquote>  Below is the Full list of the security vulnerability that Mozilla team have fixed in its latest build of browser-<br /> <blockquote class="tr_bq"> <a href="https://www.mozilla.org/security/announce/2014/mfsa2014-66.html">MFSA 2014-66</a> IFRAME sandbox same-origin access through redirect<br /> <a href="https://www.mozilla.org/security/announce/2014/mfsa2014-65.html">MFSA 2014-65</a> Certificate parsing broken by non-standard character encoding<br /> <a href="https://www.mozilla.org/security/announce/2014/mfsa2014-64.html">MFSA 2014-64</a> Crash in Skia library when scaling high quality images<br /> <a href="https://www.mozilla.org/security/announce/2014/mfsa2014-63.html">MFSA 2014-63</a> Use-after-free while when manipulating certificates in the trusted cache<br /> <a href="https://www.mozilla.org/security/announce/2014/mfsa2014-62.html">MFSA 2014-62</a> Exploitable WebGL crash with Cesium JavaScript library<br /> <a href="https://www.mozilla.org/security/announce/2014/mfsa2014-61.html">MFSA 2014-61</a> Use-after-free with FireOnStateChange event<br /> <a href="https://www.mozilla.org/security/announce/2014/mfsa2014-60.html">MFSA 2014-60</a> Toolbar dialog customization event spoofing<br /> <a href="https://www.mozilla.org/security/announce/2014/mfsa2014-59.html">MFSA 2014-59</a> Use-after-free in DirectWrite font handling<br /> <a href="https://www.mozilla.org/security/announce/2014/mfsa2014-58.html">MFSA 2014-58</a> Use-after-free in Web Audio due to incorrect control message ordering<br /> <a href="https://www.mozilla.org/security/announce/2014/mfsa2014-57.html">MFSA 2014-57</a> Buffer overflow during Web Audio buffering for playback<br /> <a href="https://www.mozilla.org/security/announce/2014/mfsa2014-56.html">MFSA 2014-56</a> Miscellaneous memory safety hazards (rv:31.0 / rv:24.7)</blockquote>  Second critical vulnerability is an exploitable crash in the Cesium JavaScript library. The third critical bug is really a collection of various memory safety problems, some which could lead to memory corruption.<br /> <br /> “Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code,” Mozilla wrote.<br /> <div> <br /></div> <div> We also recommend our readers to <a href="http://bit.ly/dlFirefox" target="_blank">update your Firefox browser</a>. And for the security purpose always update your application.</div> </div>

Mozilla release 11 Security Updates in Firefox 31

Popular web browser Mozilla Firefox had released its update version in which Mozilla team have fi...

Read more »

Apple denies of Installing backdoors on iOS device

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <a href="http://3.bp.blogspot.com/-kQd31A-EExg/U8-I1WpuuTI/AAAAAAAADTY/6LzA8bLF9f8/s1600/iPhone-5s-lock.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Apple Denies Security Researcher's Claims of iOS 'Backdoor', Apple denies installing iOS 'backdoor' services, Every iPhone Has A Security Backdoor, Apple denies including privacy backdoors in iOS, Apple denies having included a backdoor in iOS , Apple Denies Working With NSA On iPhone Backdoor" border="0" src="http://3.bp.blogspot.com/-kQd31A-EExg/U8-I1WpuuTI/AAAAAAAADTY/6LzA8bLF9f8/s1600/iPhone-5s-lock.png" title="Apple denies of Installing backdoors on iOS device" /></a></div> Yesterday we have noted that a Forensic Security researcher Jonathan Zdziarski, who claim to identifies that Apple had <a href="http://www.cyberkendra.com/2014/07/researcher-identifies-suspicious.html">installed several backdoors in iOS</a> and there are many hidden service in Apple iOS device that are being used to bypass the backup encryption on iOS device. It was suggested that this could be because Apple wanted to make it easy for law enforcement agencies to gain access in the event that they needed one, with the proper requests and paperwork of course.<br /> <div style="text-align: center;"> <script async="" src="//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"></script> <!-- Nick --> <br /> <ins class="adsbygoogle" data-ad-client="ca-pub-1618281995222563" data-ad-slot="2512029935" style="display: inline-block; height: 60px; width: 468px;"></ins><script> (adsbygoogle = window.adsbygoogle || []).push({}); </script> </div> Well it seems that Apple is simply denies of the researcher claims and issue a statement that which denying that the existence of the backdoors. Along with that Apple have once again remined that Apple has never worked with any government agency and they have not create any backdoors in any of its products.<br /> <div> <br /></div> <div> <b><span style="font-size: large;">Apple Response</span></b></div> <div> Apple have release a statement to <a href="https://twitter.com/tim/status/491370587554471936/photo/1">Tim Bradshaw</a>, a tech reporter at the Financial Times, denying those allegations and wrote:</div> <blockquote class="tr_bq"> “We have designed iOS so that its diagnostic functions do not compromise user privacy and security, but still provides needed information to enterprise IT departments, developers and Apple for troubleshooting technical issues. A user must have unlocked their device and agreed to trust another computer before that computer is able to access this limited diagnostic data. The user must agree to share this information, and data is never transferred without their consent.”</blockquote> <div> <blockquote class="twitter-tweet" lang="en"> Apple statement denies working with "any government agency ... to create a backdoor in any of our products" <a href="http://t.co/5psXWtOXW2">pic.twitter.com/5psXWtOXW2</a><br /> — Tim Bradshaw (@tim) <a href="https://twitter.com/tim/statuses/491370587554471936">July 21, 2014</a></blockquote> <div style="text-align: left;"> <script async="" charset="utf-8" src="//platform.twitter.com/widgets.js"></script><span style="font-size: large;"><b> Apple Published Support Page</b></span></div> Apple has described several diagnostic capabilities offered in iOS in response to the backdoor access claims. The company has published a <a href="http://support.apple.com/kb/HT6331">support document</a> on its website outlining the three iOS diagnostic capabilities pointed out by the researcher.</div> <div> <br /></div> <div> <span style="font-size: x-small;"><b>Header Image - redmondpie.com</b></span></div> <div> <span style="font-size: x-small;"><b><br /></b></span></div> </div>

Apple denies of Installing backdoors on iOS device

Yesterday we have noted that a Forensic Security researcher Jonathan Zdziarski, who claim to ide...

Read more »