Browsing category
Despite being marketed as a safe app, numerous flaws were discovered in its code, exposing user data. Secure messaging app Confide is, apparently, not as secure as it claims to be, with several security holes making it easy to hack. According to a blog post by security company IOActive, several vulnerabilities were found in Confide, […]
More than a third of the websites you visit online may include an outdated JavaScript library that’s vulnerable to one or more security flaws. This is the conclusion of recent research carried out by a team of six scientists from the College of Computer and Information Science at Northeastern University, who scanned over 133,000 domains […]
One of the Anonymous hackers who exposed the Steubenville High School rape case in 2012, was sentenced yesterday to two years in prison by a judge in Lexington, Kentucky. Deric Lostutter, 29, of Winchester, Kentucky used the nickname of KYAnonymous, and together with Noah McHugh, a.k.a. JustBatCat, formed the KnightSec hacking crew that in 2012, […]
Over the last few years we have received a number of emails with attached Word files that spread malware. Now it seems that it is becoming more and more popular to spread malware using malicious Excel files. Lately, Fortinet has collected a number of email samples with Excel files attached (.xls, .xlsm) that spread malware […]
Struts is an open source project of the Apache Foundation Jakarta project team, which uses MVC mode to help Java developers use J2EE to develop Web applications. At present, Struts is widely used in large-scale Internet companies, government, financial institutions and other sites, and as the development of the underlying template to use. A PoC […]
Breach Affected About 24 U.S. Gas Station Stores, Payment-Terminal Maker Says. Major payment-terminal maker VeriFone Systems says that attackers managed to access its corporate network in January. But the San Jose, Calif.-based manufacturer says that the intrusion and related data breach was limited, has been contained and that any fallout appears to be minimal. News of […]
Nothing to fear, citizens. Keep consuming. Keep smiling. WikiLeaks has dumped online what appears to be a trove of CIA documents outlining the American murder-snoops’ ability to spy on people. The leaked files describe security exploits used to compromise vulnerable Android handhelds, Apple iPhones, Samsung TVs, Windows PCs, Macs, and other devices, and remote-control them […]
Most expected WordPress 4.7.3 is now available for update. This security update covers six security issues that exists with WordPress version 4.7.2. Security issues: Cross-site scripting (XSS) via media file metadata. Reported by Chris Andrè Dale, Yorick Koster, and Simon P. Briggs. Control characters can trick redirect URL validation. Reported by Daniel Chatfield. Unintended files can be […]
Another day, another important security update for WordPress. Oh boy. If you administer your own self-hosted WordPress website then your must update the software as soon as possible, following the disclosure of six security holes that could be exploited by malicious attackers. Version 4.7.3 of the immensely popular web-publishing software has been released, alongside a […]
A flaw in Twitter allowed attackers to access locked accounts bypassing the locking mechanism implemented by the company. A flaw in the Twitter application allowed, until a few months ago, to access locked accounts bypassing the locking mechanism implemented by the IT giant. Twitter can lock user accounts every time it believes the users are […]
DOJ: “Disclosure is not currently an option.” Rather than share the now-classified technological means that investigators used to locate a child porn suspect, federal prosecutors in Washington state have dropped all charges against a man accused of accessing Playpen, a notorious and now-shuttered website. The case, United States v. Jay Michaud, is one of nearly 200 cases […]
A vulnerability discovered by Google Project Zero security researchers and left without a patch by Microsoft received a temporary fix from third-party security vendor ACROS Security. The vulnerability, tracked as CVE-2017-0038, is a bug in Windows GDI (Graphics Device Interface), a library that Windows uses to process graphics and formatted text, for both the video […]
Millions of IT professionals all over the world want to get into the hot field of security, and Metasploit is a great place to start. Metasploit Framework is free, used by more penetration testers than any other tool, and helps you understand security from the attackers perspective. There’s one problem: it’s hard to use Metasploit […]
HackerOne, a platform that is offering hosting for bug bounty programs, announced today that open-source projects can now sign up for a free bug bounty program if they meet a few simple conditions. The new offering, named HackerOne Community Edition, is identical with HackerOne Professional Edition, the commercial service the company is offering to some […]
Samsung’s Secure Bootloader (S-Boot) for Android lies at the heart of Samsung’s chain of trust concept. An attacker who compromises S-Boot could potentially load an untrusted kernel and system image, therefore bypassing most of the phone’s security mechanisms. This is a well-known attack vector: It’s often used by the Android rooting and modding community, but […]
Researcher Discover “A logic vulnerability” dubbed ReBreakCaptcha to bypassing Google’s reCAPTCHA fields which is using for prevent from robots and abusive scripts to access sites by using google’s Speech Recognition API. According to the Security Researcher , a bypass Technique called ReBreakCaptcha which is used for bypass Google’s ReCaptcha v2 anywhere on the web. The proof-of-concept […]
Short Bytes: The developers of BlackArch ethical hacking distro have released the new ISO images of their operating system. BlackArch Linux 2017-03-01 is now available with 50 new hacking tools, Linux kernel 4.9.11, and updated packages. The users can visit the BlackArch website and download the latest ISO images. There are many categories of Linux distributions. Just […]
Nation-sponsored attackers targeted 26 specific accounts. Yahoo CEO Marissa Mayer said she’ll forgo her 2016 bonus and any stock award for this year after the company admitted it failed to properly investigate hack attacks that compromised more than a billion user accounts. “When I learned in September 2016 that a large number of our user […]
On Valentine’s Day, Mac users got a special “treat” in the form of new malware. Then, later that same week, there were signs of yet another piece of malware looming. These threats were overshadowed a bit by the discovery of the second ransomware app to ever appear on the Mac this week, but they’re still worthy of […]
Bored hacker looking for fun? We couldn’t possibly suggest you attack the latest vulnerability in ESET’s antivirus software, because it’s too basic to offer any challenge at all. As outlined in this advisory today, all you need to get root-level remote code execution on a Mac is to intercept the ESET antivirus package’s connection to […]
The vulnerability can lead to attackers grabbing data from website database or user sensitive information. A new SQL Injection vulnerability was discovered in the NextGen Gallery plugin for WordPress, allowing users to grab data from the victim’s website database, which may very well include sensitive user information. The discovery was made by researchers from Sucuri […]