Browsing category
Kernels can be exploited and iCloud account user information leaked due to the security flaws. Zimperium has released the public details of security vulnerabilities affecting both the Android and iOS mobile operating systems to the public. The three N-day security flaws, which are bugs that are already known — unlike zero-days — were both patched […]
Comparisons to the Windows flaw WCry exploited are exaggerated, but only a little. Maintainers of the Samba networking utility just patched a critical code-execution vulnerability that could pose a severe threat to users until the fix is widely installed. The seven-year-old flaw, indexed as CVE-2017-7494, can be reliably exploited with just one line of code […]
A Trend Micro product ServerProtect for Linux 3.0 Contain 6 Major and very critical vulnerabilities Discovered. ServerProtect Protecting against viruses, rootkits, and data-stealing malware while simplifying and automating security operations on servers and storage systems. This 6 vulnerabilities allowing remote code execution as root in the Victims Machine by via Man-in-the-Middle Attack and exploiting vulnerabilities […]
Ping, the administrator of the Hell hacking forum, is allegedly a young boy who supposedly tried to phish teachers. On the dark web, no one knows who you really are. At least that’s the idea, anyway. In 2015, a hacker called Ping ran an infamous dark web forum called Hell, where cybercriminals distributed large caches […]
Whenever I get a shell on a Windows system with VMware installed I feel a certain frustration at not being able to access the filesystem of the available virtual machines. Although it would be possible to download the .vmdk files to my host and mount them locally this solution is very noisy and heavy due […]
A photo of a person’s eye taken at a medium distance is more than enough to trick a Samsung Galaxy S8 smartphone, according to researchers from the Chaos Computer Club (CCC). Samsung added the iris scanner authentication feature with the release of the Galaxy Note 7 model, launched last year, but the feature was hardly […]
A new Cyber Attack Spreading through Vulnerable Subtitles which Downloaded by Victims Media Player and threatens more than 200 Millions of vulnerable Machine in worldwide which leads to complete take over to the infected machine . This cyber attack is delivered when movie subtitles are loaded by the user’s media player which is delivering by […]
A new firmware released for NightHawk R7000 Netgear routers includes a remote data collection feature, here’s how to turn off it. In December, a researcher who used the online moniker AceW0rm released a proof-of-concept code exploit working against some NetGear routers because the vendor did not reply to his ethical disclosure occurred in in August. Some versions of Netgear routers […]
The simple line of code made it possible for attackers to view private Yahoo Mail images. Yahoo has decided to retire the use of the ImageMagick library following a researcher’s disclosure of a simple way to break the system to cause email information leaks. Last week, security researcher Chris Evans demonstrated the exploit and released […]
NAND flash memory chips, the building blocks of solid-state drives (SSDs), include what could be called “programming vulnerabilities” that can be exploited to alter stored data or shorten the SSD’s lifespan. During the past few years, SSDs have slowly replaced classic disk-based HDDs as the prime storage medium for the world’s data, taking over not […]
Fedora, openSUSE and Ubuntu are now available in the Windows Store, making life easier for Windows-dominant organizations to run open source software. I’m a Linux user. And, as the old adage goes, “I don’t do Windows.” This is not an article about how Linux is superior to Windows. Truth be told, I don’t begrudge any […]
Hackers got access to usernames, email addresses, and plaintext passwords thanks to improper hashing. DaFont.com was hacked earlier this month, the company announced, exposing its entire database of almost 700,000 usernames, email addresses, and passwords in plaintext. If you have an account on the site providing freely downloadable fonts, it’s probably best you change your […]
A tool released on Friday decrypts PCs running a fuller suite of Windows versions. New hope glimmered on Friday for people hit by last week’s virulent ransomware worm after researchers showed that a broader range of PCs infected by WCry can be unlocked without owners making the $300 to $600 payment demand. A new publicly […]
Windows XP wasn’t vulnerable to the WannaCry worm but still could be infected with the ransomware. Now there’s a tool to decrypt Windows XP machines attacked by WannaCry. French security researcher Adrien Guinet has figured out a way to decrypt files locked by the infamous WannaCry ransomware. Guinet has published a free tool, dubbed Wannakey, […]
We have found evidence of much more sophisticated actors leveraging the NSA ETERNALBLUE exploit to infect, install backdoors and exfiltrate user credentials in networks around the world, including the US, three weeks prior to the WannaCry attack. These attacks might pose a much bigger risk than WannaCry. Even if companies were able to block WannaCry […]
Steven Frank, co-founder of Panic, a vendor of Mac and iOS apps, has admitted yesterday that a hacker stole some of his company’s source code. Frank says this happened after he updated a version of the HandBrake Mac client, an app for converting multimedia files between various audio formats. Frank apparently performed the update by […]
Yesterday, we released binsnitch.py – a tool you can use to detect unwanted changes to the file sytem. The tool and documentation is available here: https://github.com/NVISO-BE/binsnitch. Binsnitch can be used to detect silent (unwanted) changes to files on your system. It will scan a given directory recursively for files and keep track of any changes it detects, based […]
An Italian expert discovered a critical Improper Authentication vulnerability affecting the UBER platform that allowed password reset for any account. The Italian security expert Vincenzo C. Aka @Procode701 has discovered 7 months ago a critical vulnerability in UBER platform that allowed password reset for any Uber account. The researcher reported the ‘Improper Authentication’ vulnerability through the company […]
A critical SQL Injection Vulnerability( CVE-2017-8917) with Joomla! 3.7, if you are Joomla user it’s you need to update immediately. Joomla! is a content management system (CMS), that allows you to make websites and powerful on-line applications. A content management system software that keeps track of each piece of content on your internet site, very like […]
The Joomla CMS project released today Joomla 3.7.1 to fix an SQL injection flaw that allows attackers to execute custom SQL code on affected systems and take over vulnerable sites. Sucuri analyst Marc-Alexandre Montpas discovered this flaw while performing regular audits of popular CMS projects to improve the Sucuri Web Application Firewall. Only Joomla 3.7.0 […]
Security researchers from Sucuri have found hacked WordPress sites that were altered to secretly siphon off cookies for user and admin accounts to a rogue domain imitating the WordPress API. The attacker was sending stolen cookies to code.wordprssapi[.]com, a domain that was imitating a non-existent WordPress service. Sucuri’s Cesar Anjos says he found this malware […]