A critical vulnerability which has been reported in rsync, an open source utility that provides fast incremental file transfer, may have been used to compromise a server at the Gentoo Linux project.
An advisory from the rsync developers said this vulnerability was recently used in combination with a Linux kernel vulnerability to compromise the security of a public rsync server.
Pet supply retailer PetCo disclosed this week that its security and privacy practices are the target of an investigation by the U.S. Federal Trade Commission (FTC), which is following up on an e-commerce security gaffe that left as many as 500,000 credit card numbers accessible from the Web earlier this year.
Welcome back! The first article in this two-part series covered a few different methods of getting into the target router. This article will focus on what we can do once we've gotten in. For the remainder of this article, we'll assume that the only progress we've made is that we've gotten the below router config via the vulnerable HTTP server. At this point, Access Control Lists (ACLs) prevent us from logging in directly to the router.
The website of the .name registry was hacked over the weekend through an Apache exploit.
London-based Global Name Registry was updating its Apache and PHP system when hackers SUr00tIK & GroMx broke into the system and replaced the frontpage index file.
The hackers didn?t manage to access the system and no data was lost, GNR?s president Hakon Haugnes told us, but the hack did some cause some embarrassment. The site was taken offline and was back up by Sunday with added security.
The Debian Project warned on Monday that a flaw in the Linux kernel helped attackers compromise four of the open-source software project's development servers.
During several intrusions Nov. 19, the flaw enabled an attacker who already had access to a server to remove the limitations that protected the system from everyday users. The technique is known as a privilege escalation.