Threat Alert: BIND DNS Server TKEY Vulnerability

 
Recent Bind9 Vulnerability could be used to shut down large parts of the Internet   The Check Point Incident Response Team (CPIRT) has received numerous reports of automated scans across the internet attempting to exploit the recently released BINDS DNS TKEY Vulnerability (CVE-2015-5477). This vulnerability allows a denial of service attack (DoS) against BIND DNS servers. BIND is open source software that supplies Domain Name System (DNS) protocols for the Internet. BIND is by far the most widely used DNS software on the Internet. DNS is the glue that holds the Internet, including web and e-mail together. A successful attack may severely impact the availability of an ...

Finding Vulnerabilities in Core WordPress: A Bug Hunter’s Trilogy, Part I

 
In this series of blog posts, Check Point vulnerability researcher Netanel Rubin tells a story in three acts – describing his long path of discovered flaws and vulnerabilities in core WordPress, leading him from a read-only ‘Subscriber’ user, through creating, editing and deleting posts, and all the way to performing SQL injection and persistent XSS attacks on 20% of the popular web.   Executive Summary A number of critical vulnerabilities exist in default WordPress installations, allowing potential compromise of millions of live web sites. MITRE has assigned CVE-2015-5623, CVE-2015-2213, CVE-2015-5714, CVE-2015-5715, CVE-2015-5716 as identifiers for these ...