Browsing category
Vulnerability defined as the weakness that allows attacker to enter in and harm, it may be a flaw in design or misconfiguration. In order to exploit the vulnerability attacker should have applicable tool or technique that connect to the system weakness. National Vulnerability Database NVD is the U.S. government repository of standards based vulnerability management […]
In April, a group known as the “Shadow Brokers” released a cache of stolen information that included multiple tools to exploit vulnerabilities in various versions of Microsoft Windows. The most famous of these is an exploit tool called “EternalBlue” which was repurposed to spread the WanaCrypt0r ransomware/worm earlier this month. Another tool released in this […]
I’ve previously written about fuzz testing, which feeds intelligently crafted input to a target program to exercise corner cases and find bugs, highlighting how Fastly uses American Fuzzy Lop to proactively find and mitigate bugs in some of the servers we rely on. OSS-Fuzz is an effort led by Google to help make open source […]
A hacker that goes by the nickname of Cipher0007 has hacked the Sanctuary Dark Web marketplace. The hacker announced the breach a few hours ago and also posted proof of his intrusion. According to Cipher0007, the hack took place after he found an SQL injection flaw in the market’s database. Hacker uses SQLi to upload […]
The FBI has arrested members of a motorcycle gang accused to have hacked and stolen over 150 Jeep Wranglers from Southern California, which they later crossed the border into Mexico to have stripped down for parts. Authorities unsealed an indictment yesterday in a press conference held in San Diego. According to details included in the […]
IBM Informix Dynamic Server and Informix Open Admin Tool contains 6 Critical Vulnerabilities including RCE and a Buffer overflow in HEAP. IBM Informix Dynamic Server for high-volume online Data server for transaction processing (OLTP), integrated applications, and now breathtakingly fast data warehouse/analytical workloads. IDS is well known for its hands-free administration. To make server administration even […]
The security researcher Stefan Winter has discovered a TLS resumption authentication bypass in FreeRADIUS, the world’s most popular RADIUS Server. The security researcher Stefan Winter from the Luxembourg’s high-speed academic network RESTENA has discovered a FreeRADIUS TLS resumption authentication bypass. FreeRADIUS is the world’s most popular RADIUS Server, “it is the basis for multiple commercial offerings. It supplies the […]
In a message posted online early this morning, the Shadow Brokers — the cyber-espionage group believed to have stolen hacking tools from the NSA — announced new details about their upcoming “monthly dump service.” The group previously teased the new monthly dump service in mid-May, four days after the WannaCry ransomware wreaked havoc across the […]
There is a way to inject malicious content into email servers running email encryption appliances, a technique that allows attackers to go around email security products. Email encryption appliances (EEAs) are hardware or virtualized devices that work together with email servers to encrypt and decrypt messages. EEAs are usually found in enterprise networks and are […]
A bug in Microsoft’s NTFS file system technology allows pranksters to hang or crash computers running Windows Vista, Windows 7, and Windows 8.1 just by tricking the user to access a malformed path for a non-existent file. The bug was discovered by a Russian system programmer going by the name of Anatolymik, working for information […]
This question shows up from time to time in open source encryption libraries’ bug trackers. This was one of the “weird problems” covered in my talk at B-Sides Orlando (titled Building Defensible Solutions to Weird Problems), and we’ve previously dedicated a small section to it in one of our white papers. The question is, How […]
Researchers at Georgia Institute of Technology have discovered a new attack against Android OS, dubbed ‘Cloak and Dagger,’ millions of devices at risk. Security researchers at Georgia Institute of Technology have discovered a new attack, dubbed ‘Cloak and Dagger’, that allows taking full control of Android devices. The ‘Cloak and Dagger’ attack works against all versions […]
Cyber-security firm enSilo has released a patch for Windows XP and Windows Server 2003 that will protect against attacks via ESTEEMAUDIT, a hacking tool dumped online by the Shadow Brokers last month, and allegedly developed by the NSA. At the technical level, ESTEEMAUDIT is a zero-day in the RDP protocol used by Windows to open […]
Kernels can be exploited and iCloud account user information leaked due to the security flaws. Zimperium has released the public details of security vulnerabilities affecting both the Android and iOS mobile operating systems to the public. The three N-day security flaws, which are bugs that are already known — unlike zero-days — were both patched […]
Comparisons to the Windows flaw WCry exploited are exaggerated, but only a little. Maintainers of the Samba networking utility just patched a critical code-execution vulnerability that could pose a severe threat to users until the fix is widely installed. The seven-year-old flaw, indexed as CVE-2017-7494, can be reliably exploited with just one line of code […]
A Trend Micro product ServerProtect for Linux 3.0 Contain 6 Major and very critical vulnerabilities Discovered. ServerProtect Protecting against viruses, rootkits, and data-stealing malware while simplifying and automating security operations on servers and storage systems. This 6 vulnerabilities allowing remote code execution as root in the Victims Machine by via Man-in-the-Middle Attack and exploiting vulnerabilities […]
Ping, the administrator of the Hell hacking forum, is allegedly a young boy who supposedly tried to phish teachers. On the dark web, no one knows who you really are. At least that’s the idea, anyway. In 2015, a hacker called Ping ran an infamous dark web forum called Hell, where cybercriminals distributed large caches […]
Whenever I get a shell on a Windows system with VMware installed I feel a certain frustration at not being able to access the filesystem of the available virtual machines. Although it would be possible to download the .vmdk files to my host and mount them locally this solution is very noisy and heavy due […]
A photo of a person’s eye taken at a medium distance is more than enough to trick a Samsung Galaxy S8 smartphone, according to researchers from the Chaos Computer Club (CCC). Samsung added the iris scanner authentication feature with the release of the Galaxy Note 7 model, launched last year, but the feature was hardly […]
A new Cyber Attack Spreading through Vulnerable Subtitles which Downloaded by Victims Media Player and threatens more than 200 Millions of vulnerable Machine in worldwide which leads to complete take over to the infected machine . This cyber attack is delivered when movie subtitles are loaded by the user’s media player which is delivering by […]
A new firmware released for NightHawk R7000 Netgear routers includes a remote data collection feature, here’s how to turn off it. In December, a researcher who used the online moniker AceW0rm released a proof-of-concept code exploit working against some NetGear routers because the vendor did not reply to his ethical disclosure occurred in in August. Some versions of Netgear routers […]