Clik here to view.
KMail/KIO POP3 SSL MITM Flaw
KDE Project Security Advisory=============================Title: KMail/KIO POP3 SSL MITM FlawRisk Rating: MediumCVE: CVE-2014-3494Platforms: AllVersions: kdelibs 4.10.95 to 4.13.2Author: Richard J....
View ArticleClik here to view.
“Your fault - core dumped”- Diving into the BSOD caused by Rovnix
Recently we have noticed some Win32/Rovnix samples (detected as TrojanDropper:Win32/Rovnix.K) causing the BSOD on Windows 7 machines. We spent some time investigating this situation and discovered an...
View ArticleClik here to view.
The Access Management Team [Shell Sherpas]
When I participate in an exercise, with multiple target networks and a large red team, I favor splitting the team up into cells. Each cell owns a target network and is responsible for any objectives...
View ArticleClik here to view.
What are you doing? – DSEncrypt Malware
Have you ever downloaded and installed a large Android application that had very few actual UI elements or functionality? Recently, FireEye Labs mobile security researchers have discovered a new kind...
View ArticleClik here to view.
Researchers find thousands of secret keys in Android apps
In a paper presented—and awarded the prestigious Ken Sevcik Outstanding Student Paper Award—at the ACM SIGMETRICS conference on June 18, Jason Nieh, professor of computer science at Columbia...
View ArticleClik here to view.
Paper: Tor vs the NSA
Governmental and powerful organizations’ digital spying is exactly whatprivacy advocates have been warning about for many years. However, thescale of the revealed program by the National Security...
View ArticleClik here to view.
PHP data encryption primer
A short guide to help to avoid the common mistakes and pitfalls with symmetric data encryption using PHP.This primer assumes a “client-server” situation, which is probably a typical case with PHP...
View ArticleClik here to view.
Metasploit: Ericom AccessNow Server Buffer Overflow
### This module requires Metasploit: http//metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##require 'msf/core'class Metasploit3 < Msf::Exploit::Remote Rank =...
View ArticleClik here to view.
web2Project 3.1 SQL Injection
Advisory ID: HTB23213Product: web2ProjectVendor: http://web2project.netVulnerable Version(s): 3.1 and probably priorTested Version: 3.1Advisory Publication: April 30, 2014 [without technical...
View ArticleClik here to view.
Dolphin 7.1.4 SQL Injection
Advisory ID: HTB23216Product: DolphinVendor: BoonExVulnerable Version(s): 7.1.4 and probably priorTested Version: 7.1.4Advisory Publication: May 21, 2014 [without technical details]Vendor...
View ArticleClik here to view.
heap overflows for humans - 102 - exercise solution
Heap Overflows For Humans is a series of articles by Steven Seeley that explore heap exploitation on Windows. In the second article of the series, Steven developed a practice exercise based on the...
View ArticleClik here to view.
HACKER PUTS HOSTING SERVICE CODE SPACES OUT OF BUSINESS
Code Spaces, a code-hosting and software collaboration platform, has been put out of business by an attacker who deleted the company’s data and backups.read...
View ArticleClik here to view.
Paper: Android Anti-forensics: Modifying CyanogenMod
Mobile devices implementing Android operatingsystems inherently create opportunities to presentenvironments that are conducive to anti-forensicactivities. Previous mobile forensics research focusedon...
View ArticleClik here to view.
LinkedIn 0day Vulnerability Puts Your Data at Risk
Today, corporate networks and websites face varying degrees of cyber-threats – ranging from widespread well-publicized threats like the recent Heartbleed bug, to those that are less well-known, but...
View ArticleClik here to view.
Hackers reverse-engineer NSA's leaked bugging devices
Using documents leaked by Edward Snowden, hackers have built bugs that can be attached to computers to steal information in a host of intrusive waysmore...
View ArticleClik here to view.
Basic Security for Apache and PHP on CentOS
So yet again I am back writing about Security, for some reason it appears to be my topic of the month! It constantly astounds me how little people take security seriously, and what their concept of...
View ArticleClik here to view.
Criminals launch mass phishing attacks against online dating sites
Criminals are running massive dedicated phishing campaigns against online dating sites, marking an interesting – but not unusual – shift in focus from the traditional phishing targets such as banks and...
View ArticleClik here to view.
[ TECHNICAL TEAR DOWN : SILVER (.NET KEYLOGGER) ]
This is a sample which i’ve found some time ago from VirusTotal but i totally forgotten to publish it until today. This is a very easy to analyse .NET Keylogger.One of the first things i usually do...
View ArticleClik here to view.
Second AWS Customer Breach in Two Days
As I reported just this morning, a hack into an AWS customer, Code Spaces, yesterday caused the company to have to shut its doors due to the breach. The attack was accompanied by an extortion attempt...
View ArticleClik here to view.
Preying on Assumptions: Symmetric Encryption in a CryptoLocker Variant
This trojan was found on a compromised web server that was used to send mass emails with a malicious attachment. Upon execution, the malware searches all logical drives for common media and document...
View Article