19 March 2016

Incredible epic fails in IT security community of past week

Incredible epic fails in IT security community of past week

We all need security for a reason, but sometimes we completely forget about the true meaning of this reason and the intentions for enforcing security measures. In this article we will cover the funniest stories from IT security community, which happed last week.

Prison break (Russian version)

Russian carder Kamo Voskanyan escaped home arrest one day before the final hearing and his location is currently unknown. He was wearing an ankle bracelet, and supposedly caring his favorite cat. The alert about Mr. Voskanyan leaving his apartment was triggered at 2 A.M. Unfortunately, working day in Saint Petersburg police starts only at 9 A.M., and there was no one to react to the alert during the night (!).

But Mr. Voskanyan was not the original inventor of this incredible escape. In August 2015 Alexander Shapovalov managed to do the very same thing. His ankle bracelet was discovered in airport, and he was able to fly away.

Information leaks

In Kazakhstan lawmakers were forced to disable usage of smartphones connected to the Internet in governmental institutions. The main concern was that people are using mobile applications to make pictures of secret documents and then publish them. The memorandum about limitations of smartphone usage was also leaked using smartphone.

Presidential hack

First victim of Anonymous hacktivists was Donald Trump. Hackers published his personal information, including phone numbers, addresses and social security number. The second victim was Ukrainian acting president Peter Poroshenko. Hackers published personal information of Poroshenko’s family members and accused one politician of pro-presidential party in working for Russian Secret Services (FSB).

Wrong patching

In late 2013 Oracle issued a patch for critical vulnerability in Java (CVE-2013-5838). Unfortunately, that patch was not effective. Experts from Security Explorations published a PoC code, which triggers the vulnerability in latest Java SE 7 Update 97, Java SE 8 Update 74 and Java SE 9 Early Access Build 108.

Back to the list

Latest Posts

Patch Tuesday: 60 vulnerabilities, 2 zero-days and good old LNK bugs

Patch Tuesday: 60 vulnerabilities, 2 zero-days and good old LNK bugs

Today Microsoft has released security fixes for 60 vulnerabilities in total. Among them 2 zero-days in Windows Shell and Internet Explorer.
15 August 2018
Microsoft patches for June 2018

Microsoft patches for June 2018

50 vulnerabilities patched, some of them are potentially wormable.
13 June 2018
VPNFilter, attacks on routers and why external scanning is essential for security

VPNFilter, attacks on routers and why external scanning is essential for security

How to protect your router from VPNFilter and other attacks.
8 June 2018
Featured vulnerabilities
Denial of service in Asterisk
Medium Patched | 24 Sep, 2018
Multiple vulnerabilities in MediaWiki
Low Patched | 21 Sep, 2018
Remote code execution in Microsoft Jet Database
High Not Patched | 21 Sep, 2018
Remote code execution in Mozilla Firefox
Medium Patched | 21 Sep, 2018
Multiple vulnerabiltiies in Mozilla Firefox ESR
Medium Patched | 21 Sep, 2018