vulnerability assessment | Breaking Cybersecurity News | The Hacker News

Un-Patched PHP-CGI remote code execution bug can expose Source Codes A serious remote code execution vulnerability in PHP-CGI disclosed. PHP-CGI-based setups contain a vulnerability when parsing query string parameters from php files. The developers were still in the process of building the patch for the flaw when it was disclosed Wednesday, But the vulnerability can only be exploited if the HTTP server follows a fairly obscure part of the CGI spec. According to advisory (CVE-2012-1823) , PHP-CGI installations are vulnerable to remote code execution. You can pass command-line arguments like the " -s " switch " show source " to PHP via the query string. For example, You could see the source via " https://localhost/test.php?-s " . A remote unauthenticated attacker could obtain sensitive information, cause a denial of service condition or may be able to execute arbitrary code with the privileges of the web server. The team that found the bug, known as Eindbazen . They said that it had

Oracle Database new zero day exploit put users at risk Oracle has recommended workarounds for a zero-day Oracle Database flaw that was not fixed in the company's April critical patch update. Oracle issued a security alert for Oracle TNS Poison, the vulnerability, disclosed by researcher Joxean Koret after he mistakenly thought it had been fixed by Oracle, allows an attacker to hijack the information exchanged between clients and databases. Koret originally reported the vulnerability to Oracle in 2008, four years ago! and said he was surprised to see it had been fixed in Oracle's most recent Critical Patch Update without any acknowledgment of his work. " This vulnerability is remotely exploitable without authentication, and if successfully exploited, can result in a full compromise of the targeted Database ," the company warned.  " This security alert addresses the security issue CVE-2012-1675, a vulnerability in the TNS listener which has been recently disclosed as 'TNS

In today's digital world, where connectivity is rules all, endpoints serve as the gateway to a business's digital kingdom. And because of this, endpoints are one of hackers' favorite targets.  According to the IDC,  70% of successful breaches start at the endpoint . Unprotected endpoints provide vulnerable entry points to launch devastating cyberattacks. With IT teams needing to protect more endpoints—and more kinds of endpoints—than ever before, that perimeter has become more challenging to defend. You need to improve your endpoint security, but where do you start? That's where this guide comes in.  We've curated the top 10 must-know endpoint security tips that every IT and security professional should have in their arsenal. From identifying entry points to implementing EDR solutions, we'll dive into the insights you need to defend your endpoints with confidence.  1. Know Thy Endpoints: Identifying and Understanding Your Entry Points Understanding your network's

Skype Vulnerability Exposing User IP Addresses Skype is warning users following the launch of a site devoted to harvesting user IP addresses.The Skype IP-Finder site allowed third-parties to see a user's last known IP address by simply typing in a user name. A script has been uploaded to Github that offers these options. According to the page, it can be used to lookup IP addresses of online Skype accounts, and return both the remote and the local IP of that account on a website. The script is for instance available on this site . Just enter the user name of a Skype user, fill out the captcha, and click the search button to initiate the lookup. You will receive the user's remote IP and port, as well as the local IP and port. Adrian Asher, director of product Security, Skype " We are investigating reports of a new tool that captures a Skype user's last known IP address. This is an ongoing, industry-wide issue faced by all peer-to-peer software companies. We are committed to the