Think, Talk, Hack

Browsing tag

Vulnerabilities

New Microsoft Office Vulnerabilities Used to Distribute Zyklon Malware that Creating Backdoor

Recently patched critical Microsoft office vulnerabilities are used for distributing powerful Zyklon Malware that has some sophisticated functionalities such as creating a backdoor in victims machine. Zyklon Malware has widely spread across the world since 2016 and its mainly targeting Telecommunications, Insurance, Financial Services. A Backdoor that creates by Zyklon Malware has capable of keylogging, password harvesting, downloading […]

root

Web Application Penetration Testing Checklist Overview

Penetration testing is the process of testing a software by trained security experts (aka penetration testers or ethical hackers) in order to find out its security vulnerabilities. The objective of carrying out such a test is to strengthen the security vulnerabilities which the software may contain so that they don’t get easily exploited (or taken […]

root

Cyber Criminals to Exploit Vulnerabilities.

Cyber attacks continue to be the major nightmare for most of the business, and most of that is because of the vulnerabilities in the respective systems. Security experts believe that most of the attacks in the 2018 attackers are likely to make use of the vulnerabilities. This is inspite of the fact that patches are […]

root

Apple released patches to address vulnerabilities in the High Sierra.

Apple had to rush in to make a quick update on serious vulnerabilities in macOS. The vulnerability hole was so serious that it allowed anybody who has access to Mac can bypass the system login and be the root account. The macOS High Sierra vulnerability is so bad that it literally puts your personal data […]

root

NEWLY PUBLISHED EXPLOIT CODE USED TO SPREAD MARAI VARIANT

Qihoo 360 Netlab researchers reported on Friday that they are tracking an uptick in botnet activity associated with a variant of Mirai. Targeted are ports 23 and 2323 on internet-connected devices made by ZyXEL Communications that are using default admin/CentryL1nk and admin/QwestM0dem telnet credentials. “About 60 hours ago, since 2017-11-22 11:00, we noticed big upticks on […]

root

Keep Your Small Business Safe: What You Need to Know about Cyber Security

Small business make up more than 70% of the targets that cyber criminals go after. They are the most targeted for several reasons including the fact that they have less security to begin with and they use public forms of keeping connected to their employees. It has been found that small businesses have a really […]

root

Multiple Vulnerabilities with Pre-installed Packages open Dell systems to Hack

Security experts from Talos discovered a couple of vulnerabilities in Dell Precision software which allow attackers to disable security mechanisms, escalate privileges and execute arbitrary code within the context of the application user. CVE-2016-9038 This vulnerability exists with Invincea-X, Dell Protected Workspace 6.1.3-24058 and attacker can trigger this vulnerability by sending crafted data to the […]

root

Trend Micro ServerProtect Contains Multiple Critical Arbitrary Code Execution Vunerabilities including XSS and CSRF

A Trend Micro product ServerProtect for Linux 3.0 Contain 6 Major and very critical vulnerabilities Discovered. ServerProtect Protecting against viruses, rootkits, and data-stealing malware while simplifying and automating security operations on servers and storage systems. This 6 vulnerabilities allowing  remote code execution as root in the Victims Machine by via Man-in-the-Middle Attack and exploiting vulnerabilities […]

root

Hancitor Makes First Appearance in Top Five Most wanted malware – February 2017

Hancitor has grown into the main five of the ‘most wanted’ malware families worldwide for the first time, reported by Checkpoint Threat Intelligence Research Team. Hancitor also called as Chanitor is typically sent as a macro-enabled empowered Office document in phishing messages with “critical” messages, for example, phone messages, faxes or invoices. Mostly the main 10 malware families […]

root

CompTIA Cybersecurity Analyst+ overview – behavioral analytics

CompTIA Cybersecurity Analyst (CSA+) is a vendor-neutral cyber security certification that applies behavioral investigation to enhance the general condition of IT security. The CompTIA CSA+ certification will offer a wide range of information and abilities required to configure and utilize cyber-threat observation tools, perform data analysis and decipher the outcomes to recognize vulnerabilities, threats, and […]

root

How a Single SMS with WAP Crap can Break your Samsung Galaxy phone

Security researchers from Contextis disclosed a bug in Samsung Galaxy phones that can be triggered remotely with SMS, which when combined give chances to ransomware peddlers. Samsung Mobile Security Team rushed to settle the issues, giving a good example of how coordinated disclosure should happen. OMA CP protocol WAP Push can be used to transport information […]

root

xsscrapy – XSS/SQLi Spider

xsscrapy, a tool, that examines given URL to find cross-site scripting and some SQL injection vulnerabilities.   Python xsscrapy Linux operating system May need additional libraries depending on OS (libxml2 libxslt zlib libffi openssl and sometimes libssl-dev)   Step 1: Download and install xsscrapy from GitHub or type the following command given below: wget -O https://bootstrap.pypa.io/get-pip.py […]

root