Browsing category
Critical Vulnerability with NETGEAR WNR2000 was disclosed by security experts from Agile Information Security. SUMMARY NETGEAR WNR2000 permits a administrator to play out various sensitive functions in the web interface through an obvious CGI script named apply.cgi. This script is invoked while changing Internet settings, WLAN settings, re-establish to industrial facility settings, reboot the switch, and so […]
Security researchers from Contextis disclosed a bug in Samsung Galaxy phones that can be triggered remotely with SMS, which when combined give chances to ransomware peddlers. Samsung Mobile Security Team rushed to settle the issues, giving a good example of how coordinated disclosure should happen. OMA CP protocol WAP Push can be used to transport information […]
Programming blunders allow miscreants to snatch home gateways’ admin passwords. Researchers are warning of a serious security hole that can be exploited to hijack potentially hundreds of thousands of Netgear routers. The programming blunder allows an attacker with access to the router to harvest the administrator access password. A victim could visit a malicious webpage […]
I have previously recommended a course entitled Software Exploits by Open Security Training, and similarly, a book “called The Shellcoder’s Handbook: Discovering and Exploiting Security Holes”. Using some of the examples presented in the book, I thought it would be a good idea to explore how the theory on real code vulnerabilities stands true. Copying data One of the […]
A security expert discovered a flaw in a ransomware protection service that opened Uber service, and many others, to cyber attacks. The Russian penetration tester Vladimir Ivanov from the security firm Positive Technologies has discovered a vulnerability in anti-ransomware backup service Code42. The flaw could be exploited by attackers to steal data from the organizations using […]
WordPress 4.7.1 and earlier forms are influenced by various vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an infected site. WordPress 4.7.2 is currently accessible. This is a security update for every single past version and WordPress strongly urge you to upgrade your website quickly. WordPress versions 4.7.1 and […]
Developers with WordPress fixed three security issues this week, including a cross-site scripting and a SQL injection vulnerability, with the latest version of the CMS. The update, 4.7.2, was pushed Thursday, only two weeks after developers released the previous version. Aaron Campbell, a WordPress core contributor, announced the update – a security release – on WordPress’ […]
Summary Description: A vulnerability was identified in the Lenovo Transition program specific to some Lenovo Yoga, Flex and Miix systems running Windows where a user with local privileges could execute arbitrary code with administrative or system level privileges. Lenovo Transition is no longer supported, and Lenovo recommends that all users using Lenovo Transition update to […]
At the end of last year, Mozilla hurriedly patched a zero-day vulnerability for Firefox that had been used against targets in the wild. Shortly after, Motherboard found that the related exploit had been deployed against visitors of a dark web child pornography site called The Giftbox Exchange, and sources said that a law enforcement customer […]
Introduction The Google Forms WordPress Plugin fetches a published Google Form using a WordPress custom post or shortcode, removes the Google wrapper HTML and then renders it as an HTML form embedded in your blog post or page. A PHP Object injection vulnerability was found in the Google Forms WordPress Plugin, which can be used […]
Short Bytes: Pattern lock on Android smartphones is probably the quickest and easiest way to gain access to the device. A group of researchers has a created a computer vision algorithm which is capable of cracking complex pattern locks with an accuracy of 87.5% after analyzing a video recording. As a protective measure, you can […]
If it wants a password and doesn’t use HTTPS, Mozilla will breathe fire. Shoddy sites will have fewer places to hide with Firefox joining Chrome in badging cleartext sites that collect personal information as insecure. Mozilla’s labels won’t be as prominent as Google’s, introduced this year, which places the red letter label in the address […]
Over 200,000 messages were compromised due to a security flaw. One of the largest trading posts on the Dark Web, AlphaBay, has rewarded a researcher for disclosing the existence of a vulnerability which allowed him to steal over 200,000 private messages exchanged between users and sellers. Earlier this week, the hacker, known only as Cipher0007, […]
The censorship state wants to enforce government control over software which can circumvent China’s Great Firewall. The Chinese government has launched a fresh campaign to take down and control censorship-thwarting software including virtual private networks (VPNs) which can be used to break the country’s surveillance and blocking lists. The UK’s Snooper’s Charter, the US National […]
What’s interesting when I come across a new piece of software is how the initial impressions change after reading the code. If you’re looking to setup a new YouTube® style website, PHP Melody ranks highly for many search terms; it’s convincingly marketed and looks polished even to an expert eye. But what about their claim: […]
Security researcher Dan Melamed came across the vulnerability in June 2016. The bug is some ways similar to a vulnerability discovered by another researcher around the same time. There’s just one major exception. Dan Melamed said ,c Dan Melamed In addition, also had the ability to disable commenting on any video. This allows a bad […]
The Defense Digital Services (DDS) group is tasked with pioneering private sector solutions to solve some of the Department of Defense’s most complex problems. And pioneers they are. Back in November, the U.S. Army coordinated with the DDS to launch its first ever bug bounty challenge: https://hackerone.com/hackthearmy. The largest branch of the U.S. military welcomed […]
Whatsapp accounts are based on phone numbers. This means your phone number is your username and it’s also used for authentication. While this is not perfect from a privacy standpoint it saves the, often non-technical, user from having to remember yet another password that they could potentially reuse or, even worse, disclose through a phishing […]
Security researchers have discovered a new Android trojan named Skyfin that can infiltrate the local Play Store Android app and download or purchase other apps behind the user’s back. Until now, Skyfin has been found only as a second-stage download on phones infected by trojans of the Android.DownLoader family. Android.DownLoader is an Android trojan that’s […]
Docker has patched a privilege escalation vulnerability (CVE-2016-9962) that could lead to container escapes, allowing a hacker to affect operations of a host from inside a container. The vulnerability is rated high severity by some Linux distributions such as Arch Linux, which traces the problem to a bug found in the “opencontainers’ runc” code, used […]
In some cases, the hard-coded secrets could allow an attacker to steal or delete data. A security research firm has found hundreds of Android apps that are leaking sensitive secret keys and tokens, which could be used and abused by hackers. Fallible, a Delaware-based security firm, spent the past few months reverse engineering thousands of […]