Clik here to view.
EXCLUSIVE: EMAILS REVEAL CLOSE GOOGLE RELATIONSHIP WITH NSA
Email exchanges between National Security Agency Director Gen. Keith Alexander and Google executives Sergey Brin and Eric Schmidt suggest a far cozier working relationship between some tech firms and...
View ArticleClik here to view.
Double-Dip: Using the latest IE 0-day to get RCE and an ASLR Bypass
The last couple of days there has been a big buzz regarding an IE 0-day being exploited in the wild. The exploit was caught by FireEye. The FireEye blog stated that a Flash bug has been used to bypass...
View ArticleClik here to view.
The security of BIND, and gonflationnage by marketing
On 29 April 2014, the Technion University published a ridiculous statement claiming that their researchers had found a way to subvert queries DNS . This is apparently being taken over by The Hacker...
View ArticleClik here to view.
DIY cybercrime-friendly (legitimate) APK injecting/decompiling app spotted in...
With millions of Android users continuing to acquire new apps through Google Play, cybercriminals continue looking for efficient and profitable ways to infiltrate Android’s marketplace using a variety...
View ArticleClik here to view.
Fishing for Hackers: Analysis of a Linux Server Attack
A few days ago I stumbled upon a classic blog post covering common recommendations for hardening a fresh new Linux server: install fail2ban, disable SSH password authentication, randomize SSH port,...
View ArticleClik here to view.
Encrypted Code Reverse Engineering: Bypassing Obfuscation
Obfuscation is a distinctive mechanism equivalent to hiding, often applied by security developers, to harden or protect the source code (which is deemed as intellectual property of the vendor) from...
View ArticleClik here to view.
Cyberduck 4.4.3 (14140 Windows) X.509 Validation Failure
Advisory ID: SYSS-2014-004Product: CyberduckAffected Version(s): 4.4.3 (14140) (Windows only)Not Affected Versions(s): 4.4.3 (14140) and 4.2.1 (9350) (both OS X10.9.2)Tested Version(s): 4.4.3 (Windows...
View ArticleClik here to view.
PHDays CTF Quals: Tasks Analysis
Positive Hack Days CTF is an international information protection contest based on the CTF (capture the flag) principles. Several teams are to defend their own networks and attack the networks of the...
View ArticleClik here to view.
Killing RC4: The Long Goodbye
At CloudFlare we spend a lot of time thinking about the best way to keep our customers’ data safe. Despite recent troubles, HTTPS is still the best way to deliver encrypted content for the web. As the...
View ArticleClik here to view.
Rovnix new "evolution"
Rovnix is an advanced VBR (Volume Boot Record) rootkit best known for being the bootkit component of Carberp. The kit operates in kernel mode, uses a custom TCP/IP stack to bypass firewalls, and stores...
View ArticleClik here to view.
mXSS
Mutation XSS was coined by me and Mario Heiderich to describe an XSS vector that is mutated from a safe state into an unsafe unfiltered state. The most common form of mXSS is from incorrect reads of...
View ArticleClik here to view.
Instagram Password Decryptor 1.0
Instagram Password Decryptor is a lightweight and fairly easy to understand piece of software that was developed to provide you with the means of regaining access to your Instagram account, should you...
View ArticleClik here to view.
72% of U.S. Financial Services and Energy Firms Say They Expect a Cyber...
ThreatTrack Security report addresses two industries on the cyber war frontlinesThreatTrack Security today published a study that looks at the security vulnerabilities of two industries most often...
View ArticleClik here to view.
Fujitsu Cuts Response Times to Cyber Attacks by 97% with Japan's First...
Fujitsu today announced the availability of Japan's first software to automate detection of cyber attacks and response. The software, FUJITSU Software Systemwalker Security Control, dramatically...
View ArticleClik here to view.
Video: 2 02 Powershell And You Using MicrosoftS Post Exploitation Language
Anyone can write useful security tools in PowerShell. With just a little bit of knowledge you can automate almost anything. From advanced post-exploitation tasks to incident response tools, you can do...
View ArticleClik here to view.
Multiple Vulnerabilities in the Cisco WebEx Recording Format and Advanced...
Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players. Exploitation of these vulnerabilities could allow a remote attacker...
View ArticleClik here to view.
Betabot Process Injection
IntroductionA few weeks ago I received a PE file (MD5: 34105EF38CEA1B4B2ABADD0CB3404E69) and was asked to figure out if it is related to the Betabot malware family. It didn’t take long to figure out...
View ArticleClik here to view.
Hackers target Orange in massive client data theft
French mobile phone giant Orange revealed this week that it had been hit by a massive new theft of personal data, that has affected 1.3 million customers. It comes just three months after info on...
View ArticleClik here to view.
Silk Road Anonymous Marketplace
You will find below information related to the Silk Road website and forums. Since the original work some of the hyperlinks are dead due to the original Silk Road forum shut down. However, the...
View ArticleClik here to view.
Offiria 2.1.0 XSS Vulnerability
Advisory ID: HTB23210Product: OffiriaVendor: Slashes & Dots Sdn Bhd.Vulnerable Version(s): 2.1.0 and probably priorTested Version: 2.1.0Advisory Publication: April 2, 2014 [without technical...
View Article