Clik here to view.
Breaking: GameOver Zeus Mutates, Launches Attacks
Today Malcovery’s analysts identified a new trojan based heavily on the GameOver Zeus binary. It was distributed as the attachment to three spam email templates, utilizing the simplest method of...
View ArticleClik here to view.
Brazilians in the Russian Underground
Monitoring the cybercriminal underground sometimes leads us down some interesting paths. We recently encountered a cybercriminal posting in a Russian underground forum which led to the discovery of...
View ArticleClik here to view.
osCommerce 2.3.4 - Multiple vulnerabilities
Description:Latest osCommerce software suffers on multiple cross site scripting and cross site request forgery vulnerabilities, which even may lead to remote code execution.#Title: osCommerce 2.3.4 -...
View ArticleClik here to view.
Zen Cart 1.5.3 - CSRF & Admin Panel XSS
#Title: Zen Cart 1.5.3 - CSRF & Admin Panel XSS#Date: 09.07.14#Vendor: zen-cart.com#Tested on: Apache 2.2 [at] Linux#Contact: smash[at]devilteam.pl#1 - CSRF- Delete adminGET profile stands for user...
View ArticleClik here to view.
Paper: Towards Memory Access Safety Analysis for Protected Environments
Abstract. Preventing memory access errors is an important securityconsideration for programs implemented in low-level languages such asC. Some types of memory access errors can protected against with...
View ArticleClik here to view.
Rage Against the Virtual Machine
Antivirus companies, mobile application marketplaces, and the security research community, employ techniques based on dynamic code analysis to detect and analyze mobile malware. In this research...
View ArticleClik here to view.
Weekly Metasploit Update: Another Meterpreter Evasion Option
Hopping Meterpreter Through PHPThis week, Metasploit landed and shipped the new Reverse HTTP hop stager for Meterpreter payloads, which opens up yet another avenue for pivoting about the Internet to...
View ArticleClik here to view.
PolarSSL Security Advisory 2014-02
A denial of service against PolarSSL servers that offer GCM ciphersuites has been found using the fuzzing techniques of the Codenomicon Defensics toolkit. Potentially clients are affected too if a...
View ArticleClik here to view.
New GameOver Zeus Variant uses FastFlux C&C
Over on the Malcovery Security Blog yesterday we covered a new version of GameOver Zeus (see: GameOver Zeus Mutates, Launches Attack ) that was distributed in three spam campaigns on July 10, 2014. At...
View ArticleClik here to view.
The Eye of the Tiger
Cyber espionage has been a hot topic through the last years. Computer attacks known as “APT” (Advanced Persistent Threat) have become widely reported and emphasized by the media, damages are now...
View ArticleClik here to view.
A cunning way to deliver malware
Potentially unwanted programs, also known as PUPs, continue to be a real nuisance. A recent blog post by Will Dormann on CERT.org shows the prevalence of such applications lurking on every corner of...
View ArticleClik here to view.
AFD.SYS DANGLING POINTER VULNERABILITY [PDF]
This paper provides an in-depth analysis of a vulnerability in the “Ancillary Function Driver”, AFD.sys, as well as a detailed description of the exploitation process.AFD.sys is responsible for...
View ArticleClik here to view.
Paper: Signature Limits: An Entire Map of Clone Features and their Discovery...
Abstract. We address the problem of creating entire and completemaps of software code clones (copy features in data) in a corpus of binaryartifacts of unknown provenance. We report on a practical...
View ArticleClik here to view.
Paper: The Emperor’s New Password Manager: Security Analysis of Web-based...
We conduct a security analysis of five popular web-basedpassword managers. Unlike “local” password managers,web-based password managers run in the browser. Weidentify four key security concerns for...
View ArticleClik here to view.
Introducing Windows Exploit Suggester
Privilege escalation is an art form that revolves around information gathering, and enumeration of the target host. The idea is to find the quickest, and easiest way to escalate from a local user...
View ArticleClik here to view.
Anatomy of !the Attack: Zombie Zero! [PDF]
Zombie Zero is a suspected nation;state sponsored attack on targeted logistics andshipping industries.more here............http://www.trapx.com/wp-content/uploads/2014/07/TrapX_ZOMBIE_Report_Final.pdf
View ArticleClik here to view.
Reversing a PHP Script Dynamically and Statically
A reader sent me two PHP scripts because the PHP Converter program I wrote wasn’t able to handle it. They are both similar so I’ll just work on one of them in this post.more...
View ArticleClik here to view.
Metasploit: D-Link HNAP Request Remote Buffer Overflow
### This module requires Metasploit: http//metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##require 'msf/core'class Metasploit3 < Msf::Exploit::Remote Rank =...
View ArticleClik here to view.
Metasploit: D-Link info.cgi POST Request Buffer Overflow
### This module requires Metasploit: http//metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##require 'msf/core'class Metasploit3 < Msf::Exploit::Remote Rank =...
View ArticleClik here to view.
Metasploit: D-Link Unauthenticated UPnP M-SEARCH Multicast Command Injection
### This module requires Metasploit: http//metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##require 'msf/core'class Metasploit3 < Msf::Exploit::Remote Rank =...
View Article