Varanoid.com

"Misfortune Cookie" Broadband Router Vulnerability 0

"Misfortune Cookie" Broadband Router Vulnerability

Original release date: December 20, 2014 Broadband routers employing the Allegro RomPager firmware prior to versions 4.34 contain a vulnerability in HTTP cookie processing code. Exploitation of this vulnerability could allow a remote attacker to take control of an affected device.

Which NTP Servers do You Need to Patch?, (Sat, Dec 20th) 0

Which NTP Servers do You Need to Patch?, (Sat, Dec 20th)

While people generally know where their real NTP servers are, all to often they dont know that theyve got a raft of accidental NTP servers – boxes that have NTP enabled without the system maintainers knowing about it. Common servers on the network like routers or switches (often when these are NTP clients, they are also NTP servers), PBXs and VOIP gateways, mail servers, certificate authorities and so on

Serious NTPd vulnerabilities Patched; XTM Not Affected 0

Serious NTPd vulnerabilities Patched; XTM Not Affected

Today, CERT and NTP.org warned the world about some serious vulnerabilities in a very popular network time server called ntpd. If you use Linux systems, or any number of network appliances, chances are you’re using ntpd somewhere in your organization, and should apply the 4.2.8 update (tarball) as soon as possible. Network Time Protocol (NTP) is a standard for updating and synchronizing your computer’s clock over a network.

Vulnerabilities Identified in Network Time Protocol Daemon 0

Vulnerabilities Identified in Network Time Protocol Daemon

Original release date: December 19, 2014 NTP has released an update that addresses multiple vulnerabilities in the Network Time Protocol daemon. Exploitation of these vulnerabilities may allow a remote attacker to execute malicious code. US-CERT encourages users and administrators to review Vulnerability Note VU#852879 and update to NTP 4.2.8 if necessary.

FTC Releases "Package Delivery" Themed Scam Alert 0

FTC Releases "Package Delivery" Themed Scam Alert

Original release date: December 19, 2014 The Federal Trade Commission (FTC) has released a Scam Alert addressing a “Package Delivery” themed phishing campaign regarding package delivery notifications from the U.S. Postal Service.  Scam operators often use false information linked to reputable organizations to imply the email is legitimate. Users are encouraged to review the FTC Scam Alert for details, and refer to the Recognizing and Avoiding Email Scams Publication for information on email scams.

VU#561444: Multiple broadband routers use vulnerable versions of Allegro RomPager 0

VU#561444: Multiple broadband routers use vulnerable versions of Allegro RomPager

Vulnerability Note VU#561444 Multiple broadband routers use vulnerable versions of Allegro RomPager Original Release date: 19 Dec 2014 | Last revised: 19 Dec 2014 Overview Multiple broadband routers use vulnerable versions of Allegro RomPager in current firmware releases. Description Many home and office/home office (SOHO) routers have been found to be using vulnerable versions of the Allegro RomPager embedded web server. Allegro RomPager versions prior to 4.34 contain a vulnerability in cookie processing code that can be leveraged to grant attackers administrative privileges on the device.