Browsing category
Cloudflare is a service that acts as a middleman between a website and its end users, protecting it from various attacks. Unfortunately, those websites are often poorly configured, allowing an attacker to entirely bypass Cloudflare and run DDoS attacks or exploit web-based vulnerabilities that would otherwise be blocked. This post demonstrates the weakness and introduces CloudFlair, […]
Researchers find 53 apps distributing malware for stealing Facebook credentials – some of which have been active since April 2017 and have been downloaded over 100,000 times. Malware which aims to steal Facebook login credentials while also aggressively displaying pop-up adverts has been uncovered targeting Android users via the Google Play store – and may […]
AMD PCs can now install Microsoft’s Windows update with fixes for Meltdown and Spectre and the bug that caused boot problems. Microsoft has released new updates for Windows 10 that resolve an issue in its Meltdown and Spectre patches that caused some AMD systems to become unbootable. If you’ve got an AMD PC and couldn’t […]
A critical flaw discovered in BitTorrent Transmission client app that allows an attacker can remotely control the victims PC by using a method called DNS Rebinding which leads to Transmission control can remotely access by an attacker via a malicious website. Bit Torrent Transmission Client performing download an seeding operation using Client and server architecture […]
Security researchers have revealed details of a vulnerability in WhatsApp’s security that could be used to compromise the secrecy of encrypted group chats on the messaging platform. The risk associated with the flaw is limited on account of attackers needing to have access to WhatsApp servers to be able to insert themselves into a group […]
The vulnerability fiasco continues for Intel with new bug. As if the Meltdown and Spectre bugs weren’t enough trouble for Intel already, security researcher Harry Sintonen working for Finnish company F-Secure discovered another vulnerability that potentially affects millions of corporate laptops. This time, the security bug exists in Intel’s Active Management Technology (AMT) and can be […]
Backups of virtual machines on some hosts could be accessed or altered by an attacker. While everyone was screaming about Meltdown and Spectre, another urgent security fix was already in progress for many corporate data centers and cloud providers who use products from Dell’s EMC and VMware units. A trio of critical, newly reported vulnerabilities in […]
There’s a newly discovered security hole in the current version of macOS High Sierra that allows anyone with access to your Mac to unlock your App Store System Preferences without your system password. The impact of this vulnerability doesn’t appear to be severe, but the security feature clearly isn’t working as intended. The security hole […]
New bug discovered in macOS High Sierra allows unlocking the App Store System Preferences by any password. App Store System Preferences accept any password when system logged in with local admin Privilege. This could be very dangerous if anyone already has your system permission and they can able to download any apps, modifying the apps store […]
For almost two years, hackers could have easily stolen your prized stash of bitcoins if you were keeping them in the popular software wallet Electrum, thanks to a critical security vulnerability that went unpatched until now. The vulnerability allowed any website (and anyone controlling the site a victim browsed, like a hacker) to steal bitcoins […]
A comprehensive guide for choosing and setting up secure Wi-Fi. our router, that box sitting in a corner of your house giving you internet access, is in many ways more important than your laptop or mobile phone. It might not store any of your personal information directly, but sensitive data passes through it every time […]
Researchers have discovered severe vulnerabilities in the suite which can lead to full system takeover. Security researchers have discovered a set of zero-day vulnerabilities within the Dell EMC Data Protection Suite Family products which allow attackers to fully hijack systems. The Dell EMC Data Protection Suite (.PDF), a product set for enterprises to protect data and critical […]
The iPhone maker has confirmed all Mac systems and devices running iOS are affected by the vulnerabilities, but also said there are currently no known exploits. Apple has issued a statement regarding the Meltdown and Spectre vulnerabilities, confirming all Mac systems and iOS devices are affected, but saying there are no known exploits impacting customers at this time. […]
A slew of online services used to manage GPS- and GSM-based location tracking devices have been found vulnerable to flaws that could allow attackers to hijack these devices and reveal their owners’ past and current locations. In an online post on Tuesday, security researchers Vangelis Stykas and Michael Gruhn detailed the vulnerabilities, collectively named Trackmageddon, in 103 […]
No user interaction required – and the exploit could’ve been used to distribute any form of malware. A vulnerability in Google Apps Script could have allowed attackers to use Google Drive to discreetly deliver malware to unsuspecting victims. Google Apps Script is a JavaScript based language used for the creation of add-ons and extensions for […]
Earlier today, we reported on some shocking news — there is a serious vulnerability that affects Intel processors. To make matters worse, patching that vulnerability — now known as “Meltdown” — would cause an up-to 30 percent performance degradation. Yikes! If you have an AMD processor, you are safe, right? Yes, but not really. You see, […]
Security researchers discovered multiple vulnerabilities dubbed “Trackmageddon” which affects GPS services and online location tracking devices. The vulnerabilities with GPS location tracking devices allow an unauthorized access to the location data that collected by all of the location tracking devices. With the Trackmageddon vulnerability, attackers can get access to the location, model/type name, assigned phone […]
A new Critical CSRF Vulnerability discovered in widely used phpMyAdmin open source admin tool allows an attacker perform harmful database operation such as DROP TABLE With A Single Click, Deleting Records in Database. CSRF Vulnerability is one of the critical web application vulnerability that is listed in OWASP Top 10 vulnerability since 2013. phpMyAdmin is […]
Most of you are familiar about Cross Site Request Forgery (CSRF) vulnerability, it is one of the most common vulnerabilities; it was listed in OWASP Top 10 – 2013. Previously, I had found and reported CSRF in an Intel website, by exploiting that vulnerability an attacker could remove items from an authenticated user’s shopping cart. […]
Password Managers have been around for quite some time, and most of us rely on them for managing our passwords across several websites. Services like LastPass, 1Pass, and KeePass have been pretty popular with the users. Apart from saving your credentials, the Password managers also help users by generating strong passwords. The Password managers have […]
Recently security researcher’s from enSilo group presented new evasion technique called Process Doppelgänging at Blackhat Europe-2017. This technique bypasses most popular Antivirus, NGFW and EDR solutions present in the market. This technique works on all windows starting Vista till Windows Server 2016. Process Doppelgänging makes malware capable to execute malicious code under radar of genuine executable […]