Researchers at Trustwave have uncovered a backdoor in IoT devices from a Chinese manufacturer that could leave them open to exploitation. The backdoor is present in almost all devices produced by VoIP specialist DBLTek, and appears to have been purposely built in for use by the vendor. It uses a simple challenge and response mechanism […]
On Valentine’s Day, Mac users got a special “treat” in the form of new malware. Then, later that same week, there were signs of yet another piece of malware looming. These threats were overshadowed a bit by the discovery of the second ransomware app to ever appear on the Mac this week, but they’re still worthy of […]
Transferring Backdoor Payloads by DNS AAAA records and IPv6 Address. in this article i want to explain how can use IPv6 Address (AAAA) records in DNStraffic for Transferring Payloads. In my previous Article I explained how can use DNS and PTR Records , now We should talk about AAAA records . This article has 2 Parts […]
Simple script that allow users to add a ms-word icon to one existing executable.exe (using resource-hacker as backend appl) and a ruby one-liner command that will hidde the .exe extension and add the word doc .ppt extension to the end of the file name. Version release: v1.5-Stable Distros Supported: Linux Kali, Ubuntu, Mint Author: pedro […]
Top law enforcement officers, FBI director James Comey and Trump’s nominee for attorney general, Sen. Jeff Sessions, are supportive of giving law enforcement means to sidestep encryption. It seems likely that the Trump administration will push for policies forcing tech companies to create cryptographic backdoors in the name of helping law enforcement, a highly controversial […]
The Guardian, a well known UK-based newspaper, is being heavily criticized by security researchers for publishing an unverified story on WhatsApp vulnerability. Reportedly, the news service published a report citing that it was possible to intercept encrypted messages on WhatsApp because the application contained a Backdoor. The Guardian’s report claiming a security flaw may be […]
The first Mac malware of 2017 was brought to my attention by an IT admin, who spotted some strange outgoing network traffic from a particular Mac. This led to the discovery of a piece of malware unlike anything I’ve seen before, which appears to have actually been in existence, undetected, for some time, and which seems to […]
Dutch developer used built-in backdoors in websites to steal personal information of customers. A 35-year-old unnamed web developer from Leeuwarden, Netherlands has used personal information stolen from customers to open gambling accounts, convince friends and relatives to transfer money, and make online purchases on his behalf, according to The Register. Some of the identity abuses […]
Update (13:30 IST): Open Whisper Systems, whose Signal protocol is used in WhatsApp, has claimed that the “secret backdoor” story is not true. The ability to change the security keys for undelivered messages reduces users’ burden in case the recipient’s keys change during the course of message transfer, i.e., if he reinstalls WhatsApp on his […]
Exclusive: Privacy campaigners criticise WhatsApp vulnerability as a ‘huge threat to freedom of speech’ and warn it could be exploited by government agencies A security backdoor that can be used to allow Facebook and others to intercept and read encrypted messages has been found within its WhatsApp messaging service. Facebook claims that no one can […]
Chromebackdoor is a pentest tool, this tool use a MITB technique for generate a windows executable “.exe” after launch run a malicious extension or script on most popular browsers, and send all DOM datas on command and control. System Requirements pip install crxmake wine32 ChromeBackdoor : Install Text (V 3.0) ChromeBackdoor :1 Install Video […]
Chromebackdoor is a pentest tool, this tool uses a MITB technique to generate a windows executable “.exe”, after launch, it runs a malicious extension or script on most popular browsers, and send all DOM datas on command and control. VIDEO Install Text (V 3.0) Install Video (OLD) Binder guide Module guide Form grabber plugins Facebook […]
we will detail our discovery of the next two versions of MM Core, namely “BigBoss” (2.2-LNK) and “SillyGoose” (2.3-LNK). Attacks using “BigBoss” appear likely to have occurred since mid-2015, whereas “SillyGoose” appears to have been distributed since September 2016. Both versions still appear to be active. Targeted Regions And Industries In 2013 MM Core was reported to target Middle […]
The election of Donald Trump has alarmed privacy advocates who worry that the self-described “law-and-order” president will take a more heavy-handed approach towards issues of security and privacy. Of particular concern are fears that there will be attempts to weaken or otherwise disable the encryption that is widely used to protect sensitive data and maintain […]
Last week, a report published by the House of Representatives Judiciary Committee and the House of Representatives Energy and Commerce Committee has made it crystal clear that the US government considers encryption backdoors as a threat to its “national interests.” The report, compiled by a special assembly of experts known as the Encryption Working Group, […]
Barnes & Noble has joined the list of Android device vendors who sold smartphones and tablets affected by the Adups backdoor. According to the findings of Linux Journal reporter Charles Fisher, the company’s latest tablet, the NOOK 7 (Barnes & Noble BNTV450), includes a component manufactured by the Shanghai Adups Technology Co. Ltd. Chinese company. […]
Trustwave recently reported a locally exploitable issue in the Skype Desktop API Mac OS-X which provides an API to local programs/plugins executing on the local machine. The API is formally known as the Desktop API (previously known as the Skype Public API – Application Programming Interface) and it enables third-party applications to communicate with Skype. […]
A Python open source toolkit that helps you find malicious, hidden and suspicious PHP scripts and shells in a chosen destination, it automates the process of detecting the above. Purpose The main purpose of BackdoorMan is to help web-masters and developers to discover malicious scripts in their site files, because it is quite common for […]
A soon-to-be-deprecated API included with Skype for Mac contains a vulnerability that allows an attacker to bypass authentication procedures and query for user data or interact with a local Skype installation. According to researchers from Trustwave, the bug affects the Desktop API, previously known as the Skype Public API. The role of this API is […]
SEC Consult, renowned IT security services and consultation firm, has identified that there is a critical flaw in Sony’s 80 SNC series IP cameras. This series features the IPELA ENGINE signal processing system of Sony. It is discovered that the security cameras have backdoor accounts that can be exploited to gain control of the device. […]
The Canadian government is asking citizens for their feedback on several privacy and cyber-security topics, as part of a public consultation period for upcoming changes to Canada’s national security framework. The online feedback page touches on a series of hot topics such as encryption backdoors, ISP data retention, basic subscriber information, and law enforcement interception […]