Security researcher Rasmus Sten published a proof of concept (PoC) code to exploit a critical vulnerability in macOS Gatekeeper updated a few months ago by Apple. Tracked as CVE-2021-1810, the flaw would allow the evasion of three security mechanisms implemented by the company in order to prevent the download of malicious files. The vulnerability resides […]
Speculative optimizations execute code in a non-secure manner leaving data traces in microarchitecture such as cache. Refer to the paper by Lipp et. al 2017 for details: https://meltdownattack.com/meltdown.pdf. Can only dump linux_proc_banner at the moment, since requires accessed memory to be in cache and linux_proc_banner is cached on every read from /proc/version. Might work with […]
Fileless malware are types of malicious code used in cyber attacks that don’t use files to launch the attack and carry on the infection on the affected device or network. The infection is run in the RAM memory of the device, so traditional antivirus and antimalware solutions can’t detect it at all. Malicious hackers use […]
Security researchers have discovered several key management vulnerabilities in the core of Wi-Fi Protected Access II (WPA2) protocol that could allow an attacker to hack into your Wi-Fi network and eavesdrop on the Internet communications. WPA2 is a 13-year-old WiFi authentication scheme widely used to secure WiFi connections, but the standard has been compromised, impacting […]
Welcome back in the last article (WebRTC can leak your IP address even if your behind a VPN). we talked a little about WebRTC and STUN servers and how they can effect your privacy online. Today we are going to set up a Web Server and implement a WebRTC Grabber to show proof of concept. our […]
Technical specifics and a proof-of-concept (PoC) exploit have been made available for a recently disclosed critical security flaw in Progress Software OpenEdge Authentication Gateway and AdminServer, which could be potentially exploited to bypass authentication protections. Tracked as CVE-2024-1403, the vulnerability has a maximum severity rating of 10.0 on the CVSS scoring system. It impacts OpenEdge […]
The Windows Common Log File System (CLFS) Driver has an elevation of privilege vulnerability identified as CVE-2022-37969 (CVSS score: 7.8). For reporting this vulnerability, Microsoft gave credit to Quan Jin of DBAPPSecurity, Genwei Jiang with Mandiant, FLARE OTF, CrowdStrike, and Zscaler ThreatLabz. Software clients can make advantage of the general-purpose logging service known as the […]
Recorded Future’s real-time threat intelligence product allows analysts access to hundreds of thousands of sources that are normalized, organized, and searchable for analysis rather than simple keyword search. In this product, we searched for where POCs are developed, discussed, and shared. Within a dataset of this much breadth and depth, there are some interesting takeaways. […]
WhatsApp’s privacy settings are “broken” and can be bypassed by downloading a simple bit of software, claims the Dutch developer behind proof-of-concept tool WhatsSpy Public.
A Dutch university has reportedly made great steps towards making the dream of a ‘fraud-proof’ credit card a reality by utilizing quantum physics.