Clik here to view.
WordPress Photo-Gallery CSRF Vulnerability
[+] Wordpress Cross Site Request Forgery in Plugin photo-gallery[+] Date: 07/05/2014[+] Risk: HIGH[+] Author: Felipe Andrian Peixoto[+] Vendor Homepage: https://wordpress.org/plugins/photo-gallery/[+]...
View ArticleClik here to view.
Hacking the Samsung NX300 'Smart' Camera
The Samsung NX300 smart camera is a middle-class mirrorless camera with NFC and WiFi connectivity. You can connect it with your local WiFi network to upload directly to cloud services, share pictures...
View ArticleClik here to view.
Email-borne exploits: the not-so innocuous killers targeting small business
Email remains a widely used infection vector that mostly relies on social engineering a victim to click on a link or execute an attachment.As far as malicious attachments go, the majority are zipped...
View ArticleClik here to view.
Moar F5 fun in iControl API
Linked below is an advisory regarding remote command execution (as root,possibly) vulnerabilities within the iControl API:http://support.f5.com/kb/en-us/solutions/public/15000/200/sol15220.htmlAn...
View ArticleClik here to view.
The Open Sourced Vulnerability Database Organization (OSVDB) Has Some...
Every day we get requests for an account on OSVDB, and every day we have to turn more and more people away. In many cases the intended use is clearly commercial, so we tell them they can license our...
View ArticleClik here to view.
Analysis of ELF shared .so (DYN) library malware via LD_PRELOAD
This is the analysis story based on the incident handling on the server side incident, caused by a hack to perform some malicious attack to a compromised server, so it is the server side malware...
View ArticleClik here to view.
Macro Viruses - A blast from the past
Over the past two months there seems to be an increase in Macro Viruses. Microsoft Office Programs have always been among the most vulnerable targets since the very first Macro Virus WordMacro/DMV...
View ArticleClik here to view.
SIRv16: Cybercriminal tactics trend toward deceptive measures
Microsoft’s Security Intelligence Report volume 16 (SIRv16) was released today, providing threat trends on malware encounter rates, infection rates, vulnerabilities, exploits, and more for 110...
View ArticleClik here to view.
APT Kill chain - Part 2 : Global view
Last week we defined what an APT is. As we have seen, there are different definitions, and I bet nearly all companies working on APT incident handling do have their own definition.What every...
View ArticleClik here to view.
Dissecting a Memory Corruption Vulnerability in Python Interpreter Just For Fun
Recentl a new fix has been pushed to official python source code repository which fixes (http://hg.python.org/cpython/rev/5dabc2d2f776) a memory corruption vulnerability in python interpreter's strop...
View ArticleClik here to view.
[Hacking-Contest] Rootkit
Basic operation of rootkitShell script version of rootkitC version of rootkitUsing the rootkit to hide stuffFile hiding below the proc filesystemNetcat remote shellUsing tcpdump as a covert...
View ArticleClik here to view.
[Hacking-Contest] Invisible configuration file backdooring with Unicode...
magine that you want to check a small configuration file for malicious manipulations. Let’s further assume that the file is very small (only 5 non-comment lines) and that you know the expected contents...
View ArticleClik here to view.
Operation Backdoor Cut Targeted Basketball Community with IE Zero-Day
Back in March, Symantec blogged about a possible watering hole campaign exploiting a zero-day vulnerability for Internet Explorer 8, the Microsoft Internet Explorer Memory Corruption Vulnerability...
View ArticleClik here to view.
Spam in Q1 2014: US Once Again the Prime Target for Malicious Emails
In the first quarter of 2014 spammers started imitating messages from mobile applications. They especially like the popular mobile messengers - WhatsApp, Viber and Google Hangouts. Notifications...
View ArticleClik here to view.
Oxford Biochronometrics Blocks Spam Bots, Makes the Internet Easier for Humans
New technology uses behavior to stop spam bots, eliminates the need for those illegible Captcha codes no one likes.more here....http://www.prweb.com/releases/2014/05/prweb11833166.htm
View ArticleClik here to view.
Paper: ANALYSIS OF EVASION TECHNIQUES IN WEB-BASED MALWARE
ABSTRACTWeb-based mechanisms, often mediated by malicious JavaScript code, play animportant role in malware delivery today, making defenses against web-based malwarecrucial for system security. To make...
View ArticleClik here to view.
(CVE-2014-3246) Collabtive 1.2 - SQLi Vulnerability
Vulnerability title: SQL Injection / SQL Error message in Collabtiveapplication (CVE-2014-3246)CVE: CVE-2014-3246 (cordinated withVendor: CollabtiveProduct: Collabtive (Open Source Project Management...
View ArticleClik here to view.
F Me! Someone has compromised my identity Suss!
Over the last several years identity theft has soared, which is probably no revelation to most people however few do anything about it or know what to do. Therefore I wanted to describe to you what...
View ArticleClik here to view.
Visionary Check Point Research Reveals Massive Increase in New and Unknown...
Check Point 2014 Security Report Details Threat Trends Pulled From Over 9,000 Security Gateways Deployed Across Enterprise Organizations Globallymore...
View ArticleClik here to view.
Glass Reflections in Pictures + OSINT = More Accurate Location
Disclaimer: The aim of this article is to help people to be more careful when taking pictures through windows because they might reveal their location inadvertently. The technique presented here might...
View Article