Browsing category
Luca Bongiorni was working on a cheap and dedicated hardware that he could remotely control (i.e. over WiFi or BLE), that is how WHID was born. Since the first public appearance of HID Attacks (i.e. PHUKD, Kautilya, Rubberducky), many awesome researches and results have been published [i.e. Iron HID, Mousejack and the coolest USaBUSe]. Due […]
One of the more interesting classes of security vulnerabilities are those affecting interoperability technology. This is because these vulnerabilities typically affect any application using the technology, regardless of what the application actually does. Also in many cases they’re difficult for a developer to mitigate outside of not using that technology, something which isn’t always possible. […]
WikiLeaks released details on what it said is a Central Intelligence Agency document tracking program called Scribbles, part of the agency’s effort to keep tabs on documents leaked to whistleblowers and journalists. Scribbles allegedly embeds a web beacon-style tag into watermarks located on Microsoft Word documents that can report document analytics back to the CIA. WikiLeaks […]
Security expert Chris Vickery reported a data breach at online trading firm AMP that exposed customer credit reports, and Social Security numbers. The popular security expert Chris Vickery has discovered a new data breach that affected the AMP online trading firm that exposed thousands of files, including credit reports, passport scans, and customer chat logs. This specific […]
A hacker (or hacker group) known as The Dark Overlord (TDO) has leaked the first ten episodes of season 5 of the “Orange Is The New Black” show after two failed blackmail attempts, against Larson Studios and Netflix. TDO is one of the most well-known figures in today’s dwindling hacker landscape. He first appeared on […]
I was recently invited to take part in some research by BBC Click, alongside Professor Alan Woodward, to analyse a device that had quite a lot of people all excited. With slick marketing, catchy tag lines and some pretty bold claims about their security, nomx claim to have cracked email security once and for all. […]
Lawsuit: After a sexual harassment claim, Fox News planted spyware on ex-host’s computer. Comparing their actions to the plot this season on the Showtime series Homeland, an attorney for former Fox News host Andrea Tantaros has filed a complaint in federal court against Fox News, current and former Fox executives, Peter Snyder and his financial […]
Security experts from security firm Redsocks published an interesting report on how to crack APT28 traffic in a few seconds. Introduction APT28 is a hacking group involved in many recent cyber incidents. The most recent attack allegedly attributed to this group is the one to French presidential candidate Emmanuel Macron’s campaign. Incident response to this Advanced […]
There are over 85,000 RDP servers available for sale or rent via xDedic, a marketplace for selling or renting hacked servers that was exposed in June 2016. Many believed xDedic would die off, as crooks would stay away from the service after being publicly ousted by Kaspersky last year. In reality, the service shut down […]
Security vulnerabilities in the Hyundai Blue Link mobile apps allowed hackers to steal vehicles, the car maker fixed them. Security vulnerabilities in the Hyundai Blue Link mobile apps could be exploited by hackers to locate, unlock and start vehicles of the carmaker. The Blue Link application is available for both iOS and Android mobile OSs, it was […]
If you’re on a red team or have been on the receiving end of a pen-test report from one, then you’ve almost certainly encountered reports of Windows servers vulnerable to Conficker (MS08-067), which has been in the wild now for nearly 10 years since the bug was patched. A little more than two weeks after […]
Internet-connected devices in your home or office will be vulnerable to botnets and other attacks, if you don’t change the original login credentials. The number of internet-connected devices has risen as the IoT has become a greater presence in homes and workplaces. However, in the rush to get involved in the trend, some device manufacturers […]
Group chat service HipChat made an announcement on its blog that their Security Intelligence Team detected a “vulnerability” in a third-party library used by the app. In simpler terms, some of the information in the server of their cloud web tier may have been hacked. To try and keep whoever breached the system from accessing […]
A vulnerability in the Microsoft Edge browser can be exploited and allow an attacker to obtain a user’s password and cookie files for various online accounts. The vulnerability came to light following research by Manuel Caballero, a security expert who has a long history of unearthing Edge [1, 2] and Internet Explorer flaws [1]. Caballero’s […]
[jpshare]Critical Microsoft Edge Vulnerability Allows to steal the cookies and password revealed by Recent Research by PoC (Proof-of-Concepts) .This Vulnerability Discovered under bypass the Same Origin Policy (SOP). This Vulnerability Allows to Bypass the victims cookies by force them to access the Malicious URL in Microsoft Edge browser. This Vulnerability has been tested in Twitter […]
One of the vulnerabilities used to spread the Stuxnet virus was 2016’s most popular exploit, according to telemetry data gathered by Russia cyber-security firm Kaspersky Labs. Identified as CVE-2010-2568, this is a security bug found in older versions of the Windows Shell (CplLnk) that affects Microsoft’s Windows 7, Vista, XP, Server 2008 and Server 2003 […]
A group of Israeli researchers has devised a new technique to exfiltrate data from a PC in an air-gapped network through malware controlled via scanners. The team was composed of Ben Nassi, a graduate student at the Cyber Security Research Center at Ben-Gurion University, and his advisor Yuval Elovici, based on an idea of the prominent cryptographer Adi Shamir. […]
Microsoft recently fixed a vulnerability in its video chat and messaging app Skype that could have allowed an attacker to execute code on the system it was running on, phish Skype credentials and crash the application. Zacharis Alexandros, an independent researcher who’s also with the European Union Agency for Network and Information Security a/k/a ENISA discovered […]
Did script kiddies use DoublePulsar code released by NSA-leaking Shadow Brokers? Security experts believe that tens of thousands of Windows computers may have been infected by a highly advanced National Security Agency backdoor. The NSA backdoor was included in last week’s leak by the mysterious group known as Shadow Brokers. DoublePulsar, as the NSA implant […]
The developer of the AES-NI ransomware claims that the recent “success” he’s been enjoying is due to the NSA exploits leaked last week by the Shadow Brokers group. In a series of tweets he posted online, the AES-NI author alleges he successfully used ETERNALBLUE, an exploit targeting the SMBv2 protocol, to infect Windows servers across […]
Cyber security experts disclosed the existence of 10 unpatched security flaws in dozens of Linksys routers widely used today. The IOActive senior security consultant Tao Sauvage and the independent security researcher Antide Petit have reported more than a dozen of unpatched security vulnerabilities affecting 25 different Linksys Smart Wi-Fi Routers models. The security duo published […]