Breaking News »

Latest Hacking News

PHP has fixed several vulnerabilities allowing remote code execution


The PHP development team has released new versions in order to fix three security vulnerabilities -one of them is said to be a critical one and leads to remote code execution.

The vulnerability identified as "CVE-2014-3669" can cause an integer overflow when parsing specially crafted serialized data with the unserialize ().The vulnerability is only a 32-bit system, but the danger is caused by the breach and that the serialized data often come from user-controlled channels.

In addition, the updates have been corrected errors associated with the introduction of a null byte in the library cURL, calling the damage dynamic memory during processing of the modified data as a function of exif_thumbnail () in image processing (CVE-2014-3670), as well as buffer overflow in the function mkgmtime () from the module XMLRPC (CVE-2014-3668).

These vulnerabilities were discovered by the Research lab of IT security company High-Tech Bridge.

The new versions 5.6.2,5.5.18 and 5.4.34 address these three vulnerabilities.

Critical SQL Injection vulnerability in Drupal 7.x

Security researchers from SektionEins have discovered a critical SQL Injection vulnerability in Drupal CMS that leaves a large number of websites that uses Drupal at risk.

Drupal introduced a database abstraction API in version 7.  The purpose of this API is to prevent SQL Injection attacks by sanitizing SQL Queries.

But, this API itself introduced a new and critical SQL Injection vulnerability.  The vulnerability enables attackers to run malicious SQL queries, PHP code on vulnerable websites.  A successful exploitation allows hackers to take complete control of the site.

This vulnerability can be exploited by a non-authenticated user and has been classified as "Highly Critical" one.

SektionEins didn't release the POC but released an advisory with technical details.

The vulnerability exists in the expandArguments function which is used for expanding arrays to handle SQL queries with "IN" Operator. 

The vulnerability affects Drupal core 7.x versions prior.  Users of 7.x versions are advised to update their CMS immediately.

You can also directly modify the "includes/database.inc" file to patch this vulnerability; Change the "foreach ($data as $i => $value) {"  with "foreach (array_values($data) as $i => $value) {"  in 739 line.

A proof of Concept has been released online that allows anyone to change the password of admin account.  So, better Hurry UP! Update your Drupal CMS.

One of the reddit user "fyukyuk" posted a HTTP post request that exploits this vulnerability.

The following python Code changes the admin password of vulnerable Drupal to 'admin' (Tested with Drupal versions 7.21,7.31).


Russian Hackers use Windows 0-Day exploit to hack NATO, Ukraine

Russian Hackers, dubbed the "sandworm team", have been found exploiting a previously unknown vulnerability in Microsoft's Windows Operating systems, reports iSight.

The group has used this zero-day exploit to hack computers used by NATO, Ukraine Government, European Telecommunications firms, Energy sectors and US academic organization.

The attack starts with a spear-phishing email containing a malicious power point document that exploits the vulnerability and infects victims machine with a malware.

"The vulnerability exists because Windows allows the OLE packager (packager .dll) to download and execute INF files."the report reads.

".. When handling Microsoft PowerPoint files, the packagers allows a Package OLE object to reference arbitrary external files, such as INF files, from untrusted sources... This will cause the referenced files to be downloaded in the case of INF files, to be executed with specific commands"

The vulnerability is reportedly affecting all versions of the windows operating systems from Vista SP1 to Windows 8.1.  It also affects Windows servers 2008 and 2012.

Kmart is the latest security breach victim

Kmart is the latest largest U.S. retailer to experience a data breach, confirmed that hackers had accessed certain debit and credit card numbers.

IT Security firm hired by the Kmart found the store payment data systems "were infected with a malware that was undetectable by current antivirus systems".

The company says no personal information, no debit card PIN numbers, no email addresses and no social security numbers were accessed in the security beach.

According to the investigation, the cyber criminals got into their systems in early September.  The company said it immediately removed the malware. 


Vulnerability »

Malware Report »

Defacements »

Spam Report »