Attackers have been using social engineering to avoid the increasing costs of exploitation due to the significant hardening and exploit mitigations investments in Windows. Tricking a user into running a malicious file or malware can be cheaper for an attacker than building an exploit which works on Windows 10. In our previous blog, Where’s the […]
LAS VEGAS–Microsoft’s Windows 10 includes many innovative security features that are intended to help minimize risk and improve user experience. One such feature is Credential Guard, which aims to protect users against attacks. However, according to security firm Bromium, many risks remain.In a video interview with eWEEK ahead of a session on Aug. 4 at […]
Short Bytes: A security researcher has claimed that the newly-introduced Linux subsystem in Windows 10 could prove to be a risky affair by acting as a new attack layer. As this port of Ubuntu doesn’t run inside a Hyper-V hypervisor, the researcher claims that any malicious code injection in Linux applications can affect all files and […]
Neutrino EK now features support for CVE-2016-0189. The crooks behind the Neutrino Exploit Kit (EK) didn’t wait long to update their automated malware infection technology with exploit code foolishly open-sourced by a security startup on GitHub. Back in May, Microsoft announced it patched a vulnerability (CVE-2016-0189) in the Internet Explorer scripting engine that was affecting Internet […]
Short Bytes: A combined research has been conducted by UC Berkeley and Georgetown University to demonstrate how distorted voice commands hidden in YouTube videos can be used to attack a smartphone. The research shows that certain harmful commands that can be understood by our voice assistants can be hidden inside a YouTube video. Speech recognition systems […]
Some attacks are hard to spot even by human subjects. A series of distorted voice commands surreptitiously hidden in YouTube videos can force unprotected Android or iOS smartphones to carry out malicious operations, researchers have discovered. Controlling smartphones with voice commands was already done last year when two security researchers from French agency ANSSI have used […]
Short Bytes: Thanks to Euro 2016 season, Facebook has rolled out a new easter egg in the form of Messenger Football. All you need to do is send a football emoji to your friend and tap on it in the chat to start playing. It’s time to waste some time again as there’s a new […]
An interesting DNS hijack that sets the victim’s computer to use specific DNS servers has emerged. Here are the key details of this intriguing threat.
Researchers say 70,000 servers belonging to others also at risk. Dozens of HTTPS-protected websites belonging to financial services giant Visa are vulnerable to attacks that allow hackers to inject malicious code and forged content into the browsers of visitors, an international team of researchers has found. In all, 184 servers—some belonging to German stock exchange Deutsche […]
In this article, we will be looking at the strategies to detect and analyze malware hidden inside an OPcache file. If you haven’t read our previous article about hiding a binary webshell inside a PHP7 OPcache file, we suggest reading it before moving on. Scenario With the exploitation technique used in our last article, it […]
Short Bytes: Using a hidden user administrator account on Windows 10, you can ensure the privacy of your personal data very easily. This anonymous account will also have administrator privileges and keep your personal life safe from others. A new net user administrator is created on Windows 10 using Command prompt. We can also create […]
Following WhatsApp’s move to add end-to-end encryption to its platform, another big messaging company is joining the wave of apps turning on expanded privacy features.Viber — a messaging app with 711 million+ users — today is introducing end-to-end encryption for all messages and calls on its platform, including group chats (you can chat with up to 200 people), and a […]
ShortBytes: In a recent find out, it has been revealed how NSA implants trojan firmware in the networking devices being delivered to the targeted customers. You can also read an interesting description from an NSA manager about how it works. Ahoarded document which was fetched from the National Security Agency files released with Glenn Greenwald’s […]
One of the most complex tasks for the cybercriminals is to ensure their malicious code goes undetected by antivirus and achieves its goal. For this, they have invested a lot on more complex infection processes, going beyond the traditional phishing and using techniques where the malicious payload is hidden in encrypted files – even using […]
Short Bytes: The stereotypes associated with programmers are countless. To study them, using Microsoft’s Face API, Trestle Technology has performed a survey that tells some interesting results like — C++ programmers are the oldest, Swift programmers are beardy hipsters, and Java programmers are the saddest. If we talk about the existing stereotypes in the programming world, you […]
What’s driving the surge in hidden services—is it government tampering? In recent weeks, the number of “hidden services”—usually Web servers and other Internet services accessible by a “.onion” address on the Tor anonymizing network—has risen dramatically. After experiencing an earlier spike in February, the number of hidden services tracked by Tor spiked to 114,000 onion addresses […]
Unprotected HP printer HDDs can be abused if not protected. Security researcher Chris Vickery has discovered that HP LaserJet printers may be abused as an anonymous data storage unit by malicious actors, thanks mainly to a default setting that sets up an FTP server via port 9100. The feature in question has its place in HP’s […]
Highly privileged account could be used to hack customers’ networks, researchers warn. A company that supplies audio-visual and building control equipment to the US Army, the White House, and other security-conscious organizations built a deliberately concealed backdoor into dozens of its products that could possibly be used to hack or spy on users, security researchers […]
Short Bytes: Call it a bug or an updated feature of the Google maps, now with the updated version of Google maps, without entering the destination, Google maps will suggest you things like nearby hotels, gas stations etc. This feature has not been released publicly but it is expected to come to your mobile soon. […]
Here’s a trick that’s been around for a while but may have passed you by: secret category codes added by Netflix engineers that can help you narrow down your on-demand video choices. From classic war movies to Brazilian dramas, here’s how to dig deeper into the Netflix library. Whenever you dive into a genre on […]
A lot of people think that TOR services are unhackable because they are on a “secure environment”, but the truth is that those services are exactly the same that run on any normal server, and can be hacked with the same tools (metasploit,hydra,sqlmap…), the only thing you have to do is launch a transparent proxy […]