Clik here to view.
The Best Of Both Worlds – Soraya
Arbor Networks’ ASERT has recently discovered a new malware family that combines several techniques to steal payment card information. Dubbed Soraya, meaning “rich,” this malware uses memory scraping...
View ArticleClik here to view.
The Finnish Sprayer virus
Virus writers have sometimes been compared to people whocreate graffiti. It is as difficult to find a rational motive forvandalizing other peoples property with sloppy spray-paintings as to understand...
View ArticleClik here to view.
cipherli.st
Ciplerli.st - strong ciphers for NGINX, Apache and Lighttpdmore here.........https://cipherli.st/
View ArticleClik here to view.
Slides: Reloading Java Exploits
At the end of this talk you will know about:– New techniques to harden Java exploit to bypass detection– Limitations of current defensive solutions– To fear the Enterprise world as a Java usermore...
View ArticleClik here to view.
Visor- authentication and authorization module for angular apps
Visor is an authentication and authorization framework for AngularJS.It provides a convenient way to authenticate on startup and define which routes are accessible to whom.Visor works with both ngRoute...
View ArticleClik here to view.
Energy Bill Spam Campaign Serves Up New Crypto Malware
Everyone hates getting bills, and with each new one it seems like the amount due just keeps getting higher and higher. However, Symantec recently discovered an energy bill currently being emailed to...
View ArticleClik here to view.
MozDef- The Mozilla Defense Platform
The inspiration for MozDef comes from the large arsenal of tools available to attackers. Suites like metasploit, armitage, lair, dradis and others are readily available to help attackers coordinate,...
View ArticleClik here to view.
Bluetooth Photo-File Share v2.1 iOS - Multiple Web Vulnerabilities
Document Title:===============Bluetooth Photo-File Share v2.1 iOS - Multiple Web VulnerabilitiesReferences (Source):====================http://www.vulnerability-lab.com/get_content.php?id=1270Release...
View ArticleClik here to view.
Reverse engineering a phishing operation targeted at Australians [Part 1]
So, I've been receiving an influx of phishing emails recently, where all of them have been carefully organised and targeted towards Australians. In this post, I break into some of the servers that the...
View ArticleClik here to view.
How the NSA Could Bug Your Powered-Off Phone, and How to Stop Them
Just because you turned off your phone doesn’t mean the NSA isn’t using it to spy on you.more here..........http://www.wired.com/2014/06/nsa-bug-iphone/
View ArticleClik here to view.
How much money did GameOver ZeuS steal?
Wanted by the FBI: Evgeniy Mikhailovich Bogachev a.k.a. "slavik".Finally… a face and a name to go with an infamous alias.more here...........http://www.f-secure.com/weblog/archives/00002709.html
View ArticleClik here to view.
DARPA crazytech crew want to create HUMAN-FREE cyber defence systems
No need to call an infosec specialist - the machines will sort it all outmore here...........http://www.theregister.co.uk/2014/06/03/darpa_wants_to_build_human_free_defence_systems/
View ArticleClik here to view.
CVE-2014-0907 - SetUID/SetGID Programs Allow Privilege Escalation Via...
Vulnerability title: SetUID/SetGID Programs Allow Privilege EscalationVia Insecure RPATH In IBM DB2CVE: CVE-2014-0907Vendor: IBMProduct: DB2Affected version: V9.1, V9.5, V9.7, V10.1 and V10.5Fixed...
View ArticleClik here to view.
TLSJack
A simple TLS forwarder that lets you intercept traffic and play with them.more here..........https://github.com/skepticfx/tlsjack
View ArticleClik here to view.
PHPBTTracker+ 2.2 - SQL Injection
# Exploit Title: PHPBTTracker+ 2.2 SQL Injection# Date: May 13th, 2014# Exploit Author: BackBox Team <info@backbox.org># Vendor Homepage: http://phpbttrkplus.sourceforge.net/# Software Link:...
View ArticleClik here to view.
An Introduction to Recognizing and Decoding RC4 Encryption in Malware
There is something that we come across almost daily when we analyze malware in the VRT: RC4. We recently came across CVE-2014-1776 and like many malware samples and exploits we analyze, RC4 is used to...
View ArticleClik here to view.
What We Learned from Sinkholing CryptoLocker – Ushering in an Era of Cyber...
The Department of Justice’s announcement on June 2 about the takedown of the notorious CryptoLocker Ransomware and Gameover Zeus botnet highlights the security community at its best – sharing...
View ArticleClik here to view.
Email encryption in transit
Many email providers don’t encrypt messages while they’re in transit. When you send or receive emails with one of these providers, these messages are as open to snoopers as a postcard in the mail.A...
View ArticleClik here to view.
Two years later...
By chance I just noticed that I wrote the Introducing Ponmocup Finder blog post exactly two years ago.So it's time to celebrate the second anniversary :-)Well, I was wondering if anyone else is...
View ArticleClik here to view.
Making end-to-end encryption easier to use from Google
Your security online has always been a top priority for us, and we’re constantly working to make sure your data is safe. For example, Gmail supported HTTPS when it first launched and now always uses an...
View Article