KeePass is a piece of software that is both open-source and free to use. It is a trusted companion for users of Windows, Linux, and Mac OS X, as well as users of mobile devices. However, a newly found security hole has brought attention to the program, demonstrating that not even the most secure of […]
The latest version of the OpenSSL library has been discovered as susceptible to a remote memory-corruption vulnerability on select systems. The issue has been identified in OpenSSL version 3.0.4, which was released on June 21, 2022, and impacts x64 systems with the AVX-512 instruction set. OpenSSL 1.1.1 as well as OpenSSL forks BoringSSL and LibreSSL […]
Information security specialists reported the detection of two security flaws affecting several firewall models developed by technology firm F5 Networks. According to the report, successful exploitation would allow malicious hackers to deploy severe attack scenarios. Below are brief descriptions of the reported flaws, in addition to their assigned tracking keys and scores according to the […]
Information security specialists report the detection of two vulnerabilities in Bareos open-source software to back up, archive and restore files on the main operating systems. According to the report, the successful exploitation of these flaws would allow the deployment of dangerous hacking tasks. Below are brief descriptions of the reported flaws, as well as their […]
The cybersecurity community understands as cyber forensics the procedures and methodological techniques to identify, collect, preserve, extract, interpret, document and present the evidence of an investigation on a computer system, so that these reports can demonstrate or rule out malicious activity on the affected systems. Specialists say that this research plays a fundamental role in […]
Mozilla security teams announced the detection of a critical memory corruption flaw residing in its Network Security Services (NSS) cryptography libraries. This is a tool for server and client application development with security enabled for SSL v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #2, S/MIME, X.509 v3 certificates and other security standards. This […]
Cybersecurity researchers on Wednesday took the wraps off a “simple yet remarkable” malware loader for malicious Windows binaries targeting Central Europe, North America and the Middle East. Codenamed “Wslink” by ESET, this previously undocumented malware stands apart from the rest in that it runs as a server and executes received modules in memory. There are […]
Researchers dubbed it a “straightforward Linux kernel locking bug” that they exploited against Debian Buster’s 4.19.0.13-amd64 kernel. In 2017, MacAfee researchers disclosed a memory corruption bug inside the Linux kernel’s UDP fragmentation offload (UFO) that allowed unauthorized individuals to gain local privilege escalation. The bug affected both IPv4 and IPv6 code paths running kernel version 4.8.0 […]
Cybersecurity specialists reported the finding of two severe vulnerabilities in Linux-based operating systems that could allow threat actors to bypass the mitigations implemented to prevent Spectre and Meltdown attacks, leading to a kernel memory leak. Tracked as CVE-2020-27170 and CVE-2020-27171, the two flaws received a score of 5.5/10 according to the Common Vulnerability Scoring System […]
The information stored on a computer does not always end up on permanent storage drives (hard drives, solid-state drives, removable storage, among others), but is also stored in RAM, as mentioned by secure data destruction experts from the International Institute of Cyber Security (IICS). However, it should be noted that the information available in RAM […]
Donut generates x86 or x64 shellcode from VBScript, JScript, EXE, DLL (including .NET Assemblies) files. This shellcode can be injected into an arbitrary Windows processes for in-memory execution. Given a supported file type, parameters and an entry point where applicable (such as Program.Main), it produces position-independent shellcode that loads and runs entirely from memory. A […]
Roman Gushchin, who is part of Facebook’s Linux kernel engineering team, has discovered a “serious flaw” in the way that the current slab memory controller in Linux kernel works. He says (Via The New Stack)that existing kernel design causes low slab utilization and the reason behind it is that the slab pages are used only […]
The Memory Process File System is an easy and convenient way of accessing physical memory as files a virtual file system. Easy trivial point and click memory analysis without the need for complicated commandline arguments! Access memory content and artifacts via files in a mounted virtual file system or via a feature rich application […]
Facebook has patched two high-severity vulnerabilities in its server application that could have allowed remote attackers to unauthorisedly obtain sensitive information or cause a denial of service just by uploading a maliciously constructed JPEG image file. The vulnerabilities reside in HHVM (HipHop Virtual Machine)—a high-performance, open source virtual machine developed by Facebook for executing programs […]
Researchers have developed and patented a new type of computer memory that holds the key to solving the energy crisis that is rising with the progress of digital technology. The new electronic memory device, dubbed as “Universal Memory,” is the perfect storage device that overcomes the limitations of current storage methods with its ultra-low energy […]
“RAMBleed Reading Bits in Memory Without Accessing Them.” A team of security researchers has published a report on a relatively advanced and previously undetected variant of the Rowhammer attack called RAMBleed. Researchers claim that the new variant can be used for reading the contents of the physical memory instead of merely modifying it as it […]
Security researcher Tavis Ormandy, who is a part of the Google Project Zero team, has already unearthed some serious bugs and threats in the past. This time, he found a new zero-day vulnerability in the Notepad app which affects users of the Windows operating system. The zero-day exploit can be used to open a Windows […]
mXtract is an opensource linux based tool that analyzes and dumps memory. It is developed as an offensive pentration testing tool, its primary purpose is to scan memory for private keys, ips, and passwords using regexes. Remember, your results are only as good as your regexes. Why dump directly from memory? In most linux environments […]
There are numerous differences when it comes to traditional RAM and flash storage. While both might be using solid state technologies, RAM is known to be much faster, costly, and speedy. With new solutions like Intel Optane DC Persistent Memory, things are going looking a bit different as it continues to bridge the gaps between non-volatile storage and RAM. […]
As 5G smartphones are becoming a thing (we have seen a couple of 5G phones at MWC 2019), memory cards with mammoth-sized 1TB of storage are also becoming popular, as SanDisk and Micron have introduced their respective cards at MWC 2019. SanDisk Extreme UHS-I microSDXC Touted as the world’s first 1TB UHS-I microSD, the flash […]
If you are using passwords in multiple Web services etc., if that one-and-only password gets leaked, your entire Internet identity and access goes out. Even if all the users dealt with passwords strictly, there are many incidents that passwords are leaked due to attacks of services using passwords. In that case too, if you use […]