Clik here to view.
Peeling the onion: Almost everyone involved in developing Tor was (or is)...
In early July, hacker Jacob Appelbaum and two other security experts published a blockbuster story in conjunction with the German press. They had obtained leaked top secret NSA documents and source...
View ArticleClik here to view.
Keeping the RATs out: **it happens - Part 2
As we learned in Part One of our exploration of Hazrat Supply's series of unfortunate events, our malicious miscreants favored multiple tools. We first discussed developing IOCs for...
View ArticleClik here to view.
Trixbox XSS / LFI / SQL Injection / Code Execution
Trixbox All Version - Multiple Vulnerabilties===================================================================####################################################################.:. Author :...
View ArticleClik here to view.
Ignore the amount customers confirm is no security vulnerability according to...
**********************Title:**********************Transfer any amount regardless of what customer confirmed**********************Short description:**********************In PayPal Express Checkout the...
View ArticleClik here to view.
Microsoft MSN HBE - Blind SQL Injection Vulnerability
Document Title:===============Microsoft MSN HBE - Blind SQL Injection VulnerabilityReferences (Source):====================http://www.vulnerability-lab.com/get_content.php?id=1183Video:...
View ArticleClik here to view.
Barracuda Networks Message Archiver 650 - Persistent Input Validation...
Document Title:===============Barracuda Networks Message Archiver 650 - Persistent Input Validation VulnerabilityReferences...
View ArticleClik here to view.
"Crypto Ransomware" CTB-Locker (Critroni.A) on the rise
Advertised since middle of june on Underground, CTB-Locker (Curve-Tor-Bitcoin Locker) is flagged Critroni.A by Microsoft. It seems at second half of june it was mainly used against russians, now it...
View ArticleClik here to view.
Dyreza on the hunt
This past week, we have observed a wave of spam e-mails being sent to random addresses and containing a short link to a compromised webserver, on which a malicious file is hosted.In case the victim is...
View ArticleClik here to view.
Real world exploitaiton of a misconfigured crossdomain.xml - Bing.com
In my previous two posts, I explain the overly permissive crossdomain.xml vulnerability, show you how to create malicious SWF files from scratch, and show you how to use the malicious SWFs to exploit...
View ArticleClik here to view.
Reverse engineering of contactless NFC-EMV payments
I wondered for a long time how a contactless NFC payment is designed and how hard would it be to mount an attack such as payment without card presence or replay attack.more...
View ArticleClik here to view.
AskMen.com compromised again
Last month, security firm Websense reported that popular website AskMen.com was compromised to serve malicious code.Today, our honeypot captured an attack coming from AskMen.com in what appears to have...
View ArticleClik here to view.
ACME micro_httpd - DoS
"""# Exploit Title: Buffer Overflow in micro_httpd by ACME# Date: 4/7/2014# Exploit Author: Yuval tisf Nativ# Vendor Homepage: http://www.acme.com/software/micro_httpd/# Software Link:...
View ArticleClik here to view.
KL-001-2014-002 : Microsoft XP SP3 BthPan.sys Arbitrary Write Privilege...
Title: Microsoft XP SP3 BthPan.sys Arbitrary Write Privilege EscalationAdvisory ID: KL-001-2014-002Publication Date: 2014-07-18Publication URL:...
View ArticleClik here to view.
KL-001-2014-003 : Microsoft XP SP3 MQAC.sys Arbitrary Write Privilege Escalation
Title: Microsoft XP SP3 MQAC.sys Arbitrary Write Privilege EscalationAdvisory ID: KL-001-2014-003Publication Date: 2014.07.18Publication URL:...
View ArticleClik here to view.
VMware Leaves Artifacts of Guest Applications on the Host
n the VMware environment, Unity Mode presents guest VM applications to the host desktop. This provides a convenient way for the user to access applications installed on the guest without switching...
View ArticleClik here to view.
#11 Dyre banker aka CdIL aka Win32/Win64 Battdil - Inside the Webpanel
What I have learned over the years as a hobby malware analyst is whenever you think you are the first who discovered a new malware family, you can be sure at least a dozen people are already working on...
View ArticleClik here to view.
Ars editor learns feds have his old IP addresses, full credit card numbers
In May 2014, I reported on my efforts to learn what the feds know about me whenever I enter and exit the country. In particular, I wanted my Passenger Name Records (PNR), data created by airlines,...
View ArticleClik here to view.
Foundry CMS Multiple Vulnerability
Description:[+] Title: Foundry CMS Multiple Vulnerability[+] Date: 2014/07/20[+] Author: Hekt0r[+] Vendor Homepage: www.design-foundry.co.uk[+] Tested on: Windows 7 & Kali Linux[+] Vulnerable...
View ArticleClik here to view.
miniLock
File encryption software that does more with lessmore here..............https://github.com/kaepora/miniLock
View ArticleClik here to view.
Keeping the RATs out: the trap is sprung - Part 3
As we bring out three part series on RAT tools suffered upon our friends at Hazrat Supply we must visit the centerpiece of it all. The big dog in this fight is indeed the bybtt.cc3 file (Jake suspected...
View Article