Clik here to view.
Local root vulnerability in Android 4.4.2
Google has just released Android 4.4.3 version in AOSP (Android Open Source Project). The Funky Android website has published the whole changelog between versions 4.4.2 and 4.4.3.This time, it seems...
View ArticleClik here to view.
HR a Hot Target for Cybercriminals
Hackers are always looking for a weak link into an organization's systems, ideally one that leads to lots of valuable data. Because of their access to highly sensitive employee information, human...
View ArticleClik here to view.
CVE-2013-6876 s3dvt Root shell
CVE-2013-6876 s3dvt Root shellAbout s3dvt:s3dvt is part of the 3d network display server which can be used as3d desktop environment.Vulnerability:A vulnerability in s3dvt for versions prior to 0.2.2...
View ArticleClik here to view.
CVE-2013-6825 DCMTK Root Privilege escalation
CVE-2013-6825 DCMTK Root Privilege escalationAbout DCMTK:DCMTK is a collection of libraries and applications implementing large partsthe DICOM standard. It includes software for examining, constructing...
View ArticleClik here to view.
CVE-2014-1226 s3dvt Root shell (still)
CVE-2014-1226 s3dvt Root shell (still)About s3dvt:s3dvt is part of the 3d network display server which can be used as3d desktop environment.Vulnerability:The s3dvt developers forgot to review all the...
View ArticleClik here to view.
World Cup Brazil 2014: ATMs and credit cards
Part 2. Tips for using ATMs and avoiding credit card cloningAre you planning to visit Brazil during the World Cup? Welcome! Hope you enjoy your stay! How are you planning to pay your bills while you’re...
View ArticleClik here to view.
GoAgent vulnerabilities: CA cert with known private key, TLS MITM
There is an HTML version of this document with screenshots athttps://www.bamsoftware.com/sec/goagent-advisory.html. * GoAgent installs a root CA certificate with a known private key * Test page...
View ArticleClik here to view.
Bug in bash
Recently we discovered a bug in bash. After some time after reportingit to bash developers, it has not been fixed.We think that this is a security issue because in some circumstancesthe bash security...
View ArticleClik here to view.
iScan Online Mobile 2.0.1 iOS - Command Inject Vulnerability
Document Title:===============iScan Online Mobile 2.0.1 iOS - Command Inject VulnerabilityReferences (Source):====================http://www.vulnerability-lab.com/get_content.php?id=1271Release...
View ArticleClik here to view.
[CVE-2014-2577] XSS on Transform Foundation Server 4.3.1 and 5.2 from...
I. VULNERABILITY-------------------------Reflected XSS Attacks vulnerabilities in Transform Foundation server 4.3.1and 5.2 from Bottomline TechnologiesII. BACKGROUND-------------------------Bottomline...
View ArticleClik here to view.
Debugging Android Applications
Using a debugger to manipulate application variables at runtime can be a powerful technique to employ while penetration testing Android applications. Android applications can be unpacked, modified,...
View ArticleClik here to view.
Introducing Antak - A webshell which utilizes powershell
During penetration tests, I always wanted to have a simple yet powerful webshell. For that, I wrote Antak last year, demonstrated it at Defcon 21 but never released for I was busy in other things...
View ArticleClik here to view.
TR-24 Analysis - Destory RAT family
CIRCL analyzed a malware sample which was only sporadically detected by just a handful antivirus engines, based on heuristic detection. CIRCL analyzed the entire command structure of the malware and...
View ArticleClik here to view.
Exploiting CVE-2014-0196 a walk-through of the Linux pty race condition PoC
Recently a severe vulnerability in the Linux kernel was publicly disclosed and patched. In this post we'll analyze what this particular security vulnerability looks like in the Linux kernel code and...
View ArticleClik here to view.
Our Brains Will Be Hacked, Tracked and Data-Mined
In the near future, companies, hell even the NSA could be mining our brainwaves for data. It’s bad enough that private details about our lives revealed in hoovered up in emails and phone calls; imagine...
View ArticleClik here to view.
Credentials storage in Jenkins
While using Jenkins, I came across the following quirk when modifying a stored credentialmore here.........http://xn--thibaud-dya.fr/jenkins_credentials.html
View ArticleClik here to view.
ESET Analyzes First Android File-Encrypting, TOR-enabled Ransomware
Last weekend saw the (somewhat anticipated) discovery of an interesting mobile trojan – the first spotting of a file-encrypting ransomware for Android by our detection engineers.Let’s put this all into...
View ArticleClik here to view.
Peek Inside a Professional Carding Shop
Over the past year, I’ve spent a great deal of time trolling a variety of underground stores that sell “dumps” — street slang for stolen credit card data that buyers can use to counterfeit new cards...
View ArticleClik here to view.
Security and the Rise of Snakeoil
The original of this essay was written by stf in Hungarian. I decided to go ahead and translate it into English because I liked it.There are more and more people who are starting to realise what sort...
View ArticleClik here to view.
Use of NGINX web server appears to be on the rise
Nginx touts new numbers showing the use of its web server is on the rise, especially by the biggest websites.more here.......http://gigaom.com/2014/06/04/use-of-nginx-web-server-on-the-rise-report-says/
View Article