Latest Posts

Dropbox Launches Bug Bounty Program With HackerOne

To better protect user's information, Dropbox has launched its bug bounty program in partnership with HackerOne. Hackers reporting small vulnerabilities will receive $216.

"For now, the Dropbox, Carousel, and Mailbox iOS and Android applications; the Dropbox and Carousel web applications; the Dropbox desktop client as well as the Dropbox Core SDK are eligible for the bounty program. We may also reward for novel or particularly interesting bugs in other Dropbox applications."

There are a series of rules which security researchers will have to follow to be eligible for the rewards.
"You are responsible for complying with any applicable laws, and you should only use your own accounts or test accounts for reporting vulnerabilities.

To promote the discovery and reporting of vulnerabilities and increase user safety, we ask that you:
  •     Share the security issue with us in detail
  •     Give us a reasonable time to respond to the issue before making any information about it public.
  •     Not access or modify user data without permission of the account owner.
  •     Act in good faith not to degrade the performance of our services (including denial of service)."

More can be read from HackerOne Post concerning the program and the rules [Click Here!]
Source:[Dropbox Blog]

45 Security Issues Fixed In Chrome 42

Chrome 42 is available since Tuesday for Windows, Mac and Linux. A total of 45 security flaws were addressed in this version. The security researcher who identified most serious vulnerability, a cross-origin bypass flaw in HTML parser (CVE-2015-1235) was paid $7,500.

List of all vulnerabilities fixed goes as follows,
  • High CVE-2015-1235: Cross-origin-bypass in HTML parser. Credit to anonymous.
  • Medium CVE-2015-1236: Cross-origin-bypass in Blink. Credit to Amitay Dobo.
  • High CVE-2015-1237: Use-after-free in IPC. Credit to Khalil Zhani.
  • High CVE-2015-1238: Out-of-bounds write in Skia. Credit to cloudfuzzer.
  • Medium CVE-2015-1240: Out-of-bounds read in WebGL. Credit to w3bd3vil.
  • Medium CVE-2015-1241: Tap-Jacking. Credit to Phillip Moon and Matt Weston of Sandfield Information Systems.
  • High CVE-2015-1242: Type confusion in V8. Credit to fcole@onshape.com.
  • Medium CVE-2015-1244: HSTS bypass in WebSockets. Credit to Mike Ruddy.
  • Medium CVE-2015-1245: Use-after-free in PDFium. Credit to Khalil Zhani.
  • Medium CVE-2015-1246: Out-of-bounds read in Blink. Credit to Atte Kettunen of OUSPG.
  • Medium CVE-2015-1247: Scheme issues in OpenSearch. Credit to Jann Horn.
  • Medium CVE-2015-1248: SafeBrowsing bypass. Credit to Vittorio Gambaletta (VittGam).

We advise our readers to update their Chrome to the latest version.

Source:[Google Blog]

22 Vulnerabilities Fixed in Flash Player 17.0.0.169

The new version of Flash Player released fixes 22 vulnerabilities, among which, a memory corruption flaw which is being leveraged in the wild. Mostly all the bugs repaired had memory corruption problems. These bugs, if successfully exploited, could allow attacker to execute codes on affected machines.
The new version of Flash Player released fixes 22 vulnerabilities, among which, a memory corruption flaw. Mostly all the bugs repaired had memory corruption problems. These bugs, if successfully exploited, could allow attacker to execute codes on affected machines.

  • These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, CVE-2015-3043).
  • These updates resolve a type confusion vulnerability that could lead to code execution (CVE-2015-0356).
  • These updates resolve a buffer overflow vulnerability that could lead to code execution (CVE-2015-0348).
  • These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2015-0349, CVE-2015-0351, CVE-2015-0358, CVE-2015-3039).
  • These updates resolve double-free vulnerabilities that could lead to code execution (CVE-2015-0346, CVE-2015-0359).
  • These updates resolve memory leak vulnerabilities that could be used to bypass ASLR (CVE-2015-0357, CVE-2015-3040). 
  • These updates resolve a security bypass vulnerability that could lead to information disclosure (CVE-2015-3044).


We advise our readers to update their Flash Player. The new release is available for all platforms.

Source:[Adobe Security Bulletin]

Hacker Leaks Nude Photos of Kelly Brook

After being victim of the iCloud hacks last year, Kelly Brook has once again been targeted by hackers. 24 private images of the American actress have been leaked online.
Responding to the leaked images last year, the actress tweeted, "The only nude photos you’ll ever see of me are the ones that I "Leak" and the ones that my head are superimposed on!"
She hasn't yet responded to the new leaks.

Source:[Click Here!]

GDKJordie of Lizard Squad Arrested in UK

GDKJordie, another member of the Lizard Squad has been arrested on Friday in the UK. GDKJordie is said to be 18 years old and participated in the DDOS attack against PlayStation and Xbox gaming networks during the Christmas period in 2014.The South East Regional Organised Crime Unit (SEROCU) seized several electronic devices for forensic analysis. Brian Krebs, the Security Blogger received information from different sources and in his article, he stated that the real name of GDKJordie is Jordan Cameron. Two other member of Lizard Squad were arrested in December 2014, Vincent “Vinnie” Omari, 22 years old and Julius Kivimäki.

According to the SEROCU article, GDKJordie was also arrested for swatting and threats to kill. More can be read from the SEROCU statement [Here!]

Twitter Accounts of UPI and NY Post Hacked

On Friday, Twitter account of UPI (United Press International) and of The New York Post were hijacked by hackers. The hackers tweeted about fake news relating to Federal Reserve, Bank of America and U.S. military engagement with China. UPI published a statement to clarify that these tweets were done by the hackers. At the time of publishing, both Twitter accounts were recovered and The New York Post stated in a Tweet that they were investigating.

Registered Law Firm In Mauritius

Visitors

Free counters!

Receive all updates via Facebook. Just Click the Like Button Below...

Powered By MauriHackerS

Translate

MauriHackerS - Providing Latest IT Security and Hacking News !

Work For Mozilla

ICT Security Services