Browsing tag
Investigate malicious logon by visualizing and analyzing Windows active directory event logs. Concept LogonTracer associates a host name (or an IP address) and account name found in logon-related events and displays it as a graph. This way, it is possible to see in which account login attempt occurs and which host is used. This tool […]
What this tool does is taking a file (any type of file), encrypt it, and embed it into an HTML file as ressource, along with an automatic download routine simulating a user clicking on the embedded ressource. Then, when the user browses the HTML file, the embedded file is decrypted on the fly, saved in […]
Security researchers have discovered a new, sophisticated form of malware based on the notorious Zeus banking Trojan that steals more than just bank account details. Dubbed Terdot, the banking Trojan has been around since mid-2016 and was initially designed to operate as a proxy to conduct man-in-the-middle (MitM) attacks, steal browsing information such as stored credit card […]
Throughout this blog post we will be detailing a newly discovered RTF document family that is being leveraged by the FIN7 group (also known as the Carbanak gang) which is a financially-motivated group targeting the financial, hospitality, and medical industries. This document is used in phishing campaigns to execute a series of scripting languages containing […]
Usually, a bug bounty program helps companies secure their software and products from zero day vulnerabilities that can cause massive damage if cyber criminals get their hands on them. But Zerodium, an American information security company, and premium zero-day acquisition platform have launched a Tor Browser Zero-Day Bounty; the purpose of which is to get hackers and security researchers to […]
Short Bytes: The ECMA International has released the eight edition of the ECMAScript Language Specification. Some of the new features supported by this specification are String padding, Object.entries, etc. You can find the complete ECMAScript 2017 specifications on ECMA International’s website. Followed by ECMAScript 2016, the ECMA International has approved ECMAScript 2017, which is the latest […]
Short Bytes: Makers of Cheerp, a C++-to-JavaScript compiler, are here with their second offering, CheerpJ. CheerpJ converts any Java application and library to a browser-based web application. Notably, CheerpJ doesn’t need a source code access to compile Java bytecode into JavaScript. While CheerpJ’s limited release will take place in July, its full and commercial version […]
Just yesterday we reported that fingerprint scanner on smartphones can be bypassed with the help of a new technique called MasterPrint. Now, hackers have developed a new way to figure out your smartphone’s passcode. You might be thinking that they can do this by using sophisticated methods or tools, but no! This is where you […]
Chromium engineers are discussing plans to change how JavaScript popups work inside Chrome and other similar browsers. In a proposal published on the Google Developers portal, the Chromium team acknowledged that JavaScript popups are consistently used to harm users. While JavaScript popups have been used to redirect users to malware downloads, these intrusive dialogs have […]
Short Bytes: Stack Overflow has released its much-anticipated Developer Survey 2017. This year, over 64,000 developers took part in the survey and shared their preferences. The survey revealed that for the fifth time in a row, JavaScript was the most commonly used programming language, followed by SQL and Java. Stack Overflow is the world’s largest […]
More than a third of the websites you visit online may include an outdated JavaScript library that’s vulnerable to one or more security flaws. This is the conclusion of recent research carried out by a team of six scientists from the College of Computer and Information Science at Northeastern University, who scanned over 133,000 domains […]
JavaScript Web Service Proxies are an alternative to WSDL (Web Services Description Language) files for interacting with WCF Web Services. The proxy files function as a description of the web service methods, exposing the available service methods as well as their parameters. JavaScript Service Proxies, or JSWS (JavaScript Web Services) as I will be calling […]
Amster-damn, that’s a hell of a vulnerability to make browser bug exploitation easier. Researchers in Europe have developed a way to exploit a common computer processor feature to bypass a crucial security defense provided by modern operating systems. By abusing the way today’s CPUs manage system memory, an attacker can discover where software components, such […]
Short Bytes: One should learn Javascript because it’s the most popular programming language in the world. Javascript works on an astonishingly varied number of platforms and devices including IoT. Javascript Jobs are in abundance and it’s easy to learn. You can design crazy visual effects, games, UI interactions, make your own custom blog and make money […]
Short Bytes: Using the open data sets made public by StackOverflow about the questions posted on it and the tags used in the questions, a StackOverflow Employee used the data to detect and visualize which programming languages are being used most over weekends. Surprisingly, programming language Haskell is most popular on weekends, accounting for 0.365% of […]
Short Bytes: Why does “JavaScript” contain “Java” word in it? Well, it has nothing to do with Java. The early web browser wars between Netscape (backed by Sun Microsystems) and Microsoft influenced how JavaScript was gradually named and shaped. Java name was included as a marketing strategy to gain acceptance. Java in Javascript has nothing to do […]
Short Bytes: A team of developers from University of Massachusetts, Amherst, has created a Unix-like operating system for your web browser. It uses a JavaScript-based kernel and extends the JS runtimes for C, C++, Go, and Node.js programs. It also comes with a POSIX-like shell. The modern web browsers are great for playing videos, reading blogs, […]
Benjamin Dumke-von der Ehe found an interesting way to steal data cross domain. Using JS proxies he was able to create a handler that could steal undefined JavaScript variables. This issue seems to be patched well in Firefox however I found a new way to enable the attack on Edge. Although Edge seems to prevent […]
Short Bytes: The Linux Foundation wants to bring the JavaScript community under one roof. It has launched the JS Foundation at the OSCON 2016. The JS Foundation is the rebranding of the Jquery Foundation and aims to develop its existing projects along with the new ones. At the OSCON 2016 in London, the Linux Foundation announced […]
I came across this nasty-looking script that hijacks your browser. It appears to have been around in some shape or form since 2014 but this latest version deploys an aggressive tactic I’ve not seen before. Here’s what this script looks like: The script is composed of variables and functions but finding the beginning and ending […]
Short Bytes: Microsoft calls TypeScript the “JavaScript that scales”. This open-source superset of JavaScript was launched in 2012. Now, Microsoft has released TypeScript 2.0 with a focus on increasing the support for JS libraries, tools, and major editors. This release also solves the issue of ‘notorious’ null values. TypeScript is a typed superset of widely […]