Browsing category
Just days before its annual information security training summit starts in Cancun, Mexico, Kaspersky Lab announced an extension to its bug bounty program and plan to pay rewards of up to $100,000 for severe vulnerabilities in some of its products. Launched in 2016, the HackerOne-powered bug bounty program initially promised a total of $50,000 in […]
Widely used message transfer agent patched buffer overflow last month. A bug in an obscure but widely used email program may be putting as many as 400,000 servers around the world at risk of serious attack until they install an update. The flaw—which is in all releases of the Exim message transfer agent except for version 4.90.1—opens […]
Vulnerability in Pivotal’s Spring Data REST allows remote hackers to execute arbitrary commands on any machine that runs an application built using its components. The vulnerability was tracked as CVE-2017-8046 that was discovered by information security training experts at Semmie/lgtm. Pivotal’s Spring Framework a platform is widely used by development teams for building web applications. Spring Data […]
This week, GitHub’s code hosting website hit with the largest-ever distributed denial of service (DDoS) attack that peaked at record 1.35 Tbps. According to data security researchers, attackers did not use any botnet network, instead weaponized misconfigured Memcached servers to amplify the DDoS attack. The attackers abuse of Memcached, popular open-source and easily deployable distributed caching system, […]
As we approach Pwn2Own 2018, I’m reminded of some of the exploits we saw at last year’s contest. Of course, the most interesting bugs we saw involved guest-to-host escalation in VMware. Recently, we presented “l’art de l’évasion: Modern VMware Exploitation techniques” at OffensiveCon in Berlin (Hats off for the great conference!). The talk focused on exploitation techniques […]
Hi Guys, I hope all of you are doing great and in a well state. Today i will show you a ClickJacking bug i found in Instagram that allowed me to iframe ajax responses and leads attackers to steal your instagram connected applications tokens hence hijack your account! Long story short: I have found that […]
A new facebook vulnerability discovered by the Security researcher that allows revealing the Facebook page admin identity in plain text. Facebook introduced new future for Page Admins that allows to getting page followers by targeting the specific audience who is liked the page post but not the page. So if you liked the specific post from […]
Recently Facebook patched an information disclosure vulnerability that exposed page administrators, cyber security researcher Mohamed Baset reported this week. Baset claimed he discovered the issue, which he described as a “logical error,” within a few minutes of receiving an invitation to like a Facebook page on which he had liked a post. Looking at the email’s source […]
A Critical Remote Code Execution vulnerability discovered in Adobe Acrobat Reader DC that will perform a stack-based buffer overflow and execute the orbitary code when users opening the vulnerable Adobe document. This Critical RCE vulnerability affected the version of Adobe Acrobat Reader DC 2018.009.20044 and Below. Adobe Acrobat Reader is the most popular and most feature-rich […]
Drupal developers patched two critical vulnerabilities this week in versions 7 and 8 of its content management system platform. Overall, Drupal patched seven vulnerabilities including four rated moderately critical and two flaws rated less critical. The first of the critical flaws is a comment reply form bug in Drupal version 8. This vulnerability gives unauthorized users access […]
Developers are in the process of releasing updates to fix the critical flaws. Two versions of uTorrent, one of the Internet’s most widely used BitTorrent apps, have easy-to-exploit vulnerabilities that allow attackers to execute code, access downloaded files, and snoop on download histories, a Google Project Zero researcher said. uTorrent developers are in the process […]
Microsoft has worked hard to create and implement new security measures, from anti-exploit shields that prevent the exploitation of vulnerabilities, to the new Microsoft anti-malware engine capable of protecting from computer threats that can put our system at risk without needing another additional antivirus, with Windows Defender. However, this antivirus engine like many others has […]
Google Revealed a Microsoft Edge Zero-day Bug in public since Microsoft misses the 90-day deadline as well as an additional 14-day grace period. Google built a full-time dedicated Security team, known as Project Zero, that aims to prevent targeted attacks by reporting bugs to software vendors and filing them in an external database. A disclosed bug was […]
IoT Backdoor exploits called Doubledoor have been discovered which allows bypassing an IoT layered security that leads to taking complete control of the targeting network systems. IoT based cyber Attacks are blooming since the number IoT devices are increasing rapidly and attackers always find the many ways to bypass it. In this case, Doubledoor Botnet […]
Hackers have been taking advantage of the Word macro, the small pieces of code are injected into documents to automate certain tasks, to hide malware within the documents that, when opened, infect users; according to information security professionals. It is increasingly difficult to infect with malware through the Office macro, however, hackers have found a […]
A security flaw in the Skype update process can allow an attacker to gain system-level privileges on a vulnerable computer. “…the error, if exploited, can derive a local user who does not have privileges to the full-level rights of the system, granting access to every corner of the operating system”, told an information security expert. As explained […]
A Newly discovered Android Remote Access Trojan called AndroRAT targeting unpatched Android Devices that exploit the publicly disclosed critical privilege escalation vulnerability and gain some high-level access from targeted Andriod devices. This Android based RAT have an ability to gain some advance level privileges on any android devices that unpatched Remote code execution vulnerability CVE-2015-1805 and inject […]
If you haven’t updated your Windows app lately, now would be a good time. Makers of the Telegram instant messenger have fixed a critical vulnerability that hackers were actively exploiting to install malware on users’ computers, researchers said Tuesday. The flaw, which resided in the Windows version of the messaging app, allowed attackers to disguise […]
The private exploit seller is expanding its reach to acquire bugs in popular Linux builds. Zerodium is offering $45,000 to hackers willing to privately report zero-day vulnerabilities in the Linux operating system. On Thursday, the private exploit acquisition program announced the new addition to its bounties on Twitter. Until 31 March, Zerodium is willing to offer […]
A Patched remote code execution Microsoft Office Vulnerability ( CVE-2017-11882) abusing again and using it for spreading a variety of Malware such as FAREIT, Ursnif and a Keylogger Loki info stealer that is used for stealing Crypto wallet password. In this case, some of the uncommon methods has been reused by helping of Windows Installer service Windows. Previous […]
Cisco has released new patches for a critical vulnerability in its Adaptive Security Appliance software after further investigation revealed additional attack vectors. The company first announced the vulnerability, CVE-2018-0101, on Jan. 29. It received a Common Vulnerability Scoring System base score of 10.0, the highest possible, and was initially discovered by Cedric Halbronn from NCC Group. “After broadening […]