19 March 2016

Incredible epic fails in IT security community of past week

Incredible epic fails in IT security community of past week

We all need security for a reason, but sometimes we completely forget about the true meaning of this reason and the intentions for enforcing security measures. In this article we will cover the funniest stories from IT security community, which happed last week.

Prison break (Russian version)

Russian carder Kamo Voskanyan escaped home arrest one day before the final hearing and his location is currently unknown. He was wearing an ankle bracelet, and supposedly caring his favorite cat. The alert about Mr. Voskanyan leaving his apartment was triggered at 2 A.M. Unfortunately, working day in Saint Petersburg police starts only at 9 A.M., and there was no one to react to the alert during the night (!).

But Mr. Voskanyan was not the original inventor of this incredible escape. In August 2015 Alexander Shapovalov managed to do the very same thing. His ankle bracelet was discovered in airport, and he was able to fly away.

Information leaks

In Kazakhstan lawmakers were forced to disable usage of smartphones connected to the Internet in governmental institutions. The main concern was that people are using mobile applications to make pictures of secret documents and then publish them. The memorandum about limitations of smartphone usage was also leaked using smartphone.

Presidential hack

First victim of Anonymous hacktivists was Donald Trump. Hackers published his personal information, including phone numbers, addresses and social security number. The second victim was Ukrainian acting president Peter Poroshenko. Hackers published personal information of Poroshenko’s family members and accused one politician of pro-presidential party in working for Russian Secret Services (FSB).

Wrong patching

In late 2013 Oracle issued a patch for critical vulnerability in Java (CVE-2013-5838). Unfortunately, that patch was not effective. Experts from Security Explorations published a PoC code, which triggers the vulnerability in latest Java SE 7 Update 97, Java SE 8 Update 74 and Java SE 9 Early Access Build 108.

Back to the list

Latest Posts

Microsoft patches for June 2018

Microsoft patches for June 2018

50 vulnerabilities patched, some of them are potentially wormable.
13 June 2018
VPNFilter, attacks on routers and why external scanning is essential for security

VPNFilter, attacks on routers and why external scanning is essential for security

How to protect your router from VPNFilter and other attacks.
8 June 2018
New zero-day in Adobe Flash Player heavily exploited in the Middle East

New zero-day in Adobe Flash Player heavily exploited in the Middle East

Users in Doha and Qatar suffered from a targeted attack.
7 June 2018
Featured vulnerabilities
Information disclosure in Splunk
Low Patched | 18 Jun, 2018
Denial of service in Node.js
Low Patched | 18 Jun, 2018
Denial of service in QEMU
Low Patched | 18 Jun, 2018
Denial of service in LibTIFF
Low Patched | 17 Jun, 2018
Denial of service in LibTIFF
Low Patched | 15 Jun, 2018