Clik here to view.
Operation Poisoned Hurricane
Our worldwide sensor network provides researchers at FireEye Labs with unique opportunities to detect innovative tactics employed by malicious actors and protects our clients from these tactics. We...
View ArticleClik here to view.
Gamma FinFisher hacked: 40 GB of internal documents and source code of...
A hacker claims to have hacked a network of the surveillance technology company Gamma International and has published 40 gigabytes of internal data. A Twitter account has published release notes, price...
View ArticleClik here to view.
Android Backdoor disguised as a Kaspersky mobile security app
This week, our virus lab handled a case where a customer received a phishing email with an Android Backdoor archive masquerading as a Kaspersky mobile security app (we are aware that those who created...
View ArticleClik here to view.
Introducing Morning Catch – A Phishing Paradise
Morning Catch is a VMware virtual machine, similar to Metasploitable, to demonstrate and teach about targeted client-side attacks and post-exploitation.On this virtual machine, you will find: a website...
View ArticleClik here to view.
iOS Assessments with Burp + iFunBox + SQLite
In January, I wrote a post on performing Android Assessments with GenyMotion + Burp so I thought it was about time I wrote a similar post on performing iOS assessments.Aside from a company by the name...
View ArticleClik here to view.
logKext
logKext v2.4Release Date: 2014-03-01Summary: LogKext is an open source keylogger for Mac OS X, a product of FSB software.more here...............https://github.com/SlEePlEs5/logKext
View ArticleClik here to view.
Website Security Analysis: A “simple” piece of malware
For regular readers of this blog, there is one constant that pops up over and over: malware gets more complex. When malware researchers, like myself, unlock new obfuscated code, it’s a signal to the...
View ArticleClik here to view.
Cisco IOS Software and Cisco IOS XE Software EnergyWise Crafted Packet Denial...
A vulnerability in the EnergyWise module of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of the affected device.The vulnerability is due to...
View ArticleClik here to view.
OpenSSL Security Advisory
OpenSSL Security Advisory [6 Aug 2014]========================================Information leak in pretty printing functions (CVE-2014-3508)=============================================================A...
View ArticleClik here to view.
Magnitude Exploit Kit Backend Infrastructure Insight - Part I
In our recently released Trustwave Global Security Report Online and previous Magnitude blog post, A Peek Into the Lion's Den – The Magnitude [aka PopAds] Exploit Kit, we detailed our discovery of one...
View ArticleClik here to view.
HTTPS as a ranking signal
Google starting to use HTTPS as a ranking signal.more here.............http://googleonlinesecurity.blogspot.co.uk/2014/08/https-as-ranking-signal_6.html?m=1
View ArticleClik here to view.
bh2014
Blackhat 2014Built binaries for BH2014 Digging for Sandbox Escapes workshop here..........https://github.com/tyranid/bh2014
View ArticleClik here to view.
Testing the Xiaomi RedMi 1S
Xiaomi phones have made the news off and on in the last few months for their cheap, value for money phones and corporate moves. More recently, there were also reports that these popular devices also...
View ArticleClik here to view.
Social attack against Subscriber Identity Module (SIM cards)
A number of attacks on high profile individuals that have made the news recently are of a social nature more so than a vulnerability in a certain software’s code. Mat Honan perhaps being one of the...
View ArticleClik here to view.
Internet Explorer begins blocking out-of-date ActiveX controls
As part of our ongoing commitment to delivering a more secure browser, starting August 12th Internet Explorer will block out-of-date ActiveX controls. ActiveX controls are small apps that let Web sites...
View ArticleClik here to view.
Recommended Reading: Cybersecurity as Realpolitik
Notable computer security analyst and risk management specialistDan Geer's BlackHat keynote here...........http://geer.tinho.net/geer.blackhat.6viii14.txt
View ArticleClik here to view.
Sulo
Sulo is a publicly available tool for dynamic Flash analysis. This was recentlyreleased as open source by F-Secure here.............https://github.com/F-Secure/Sulo
View ArticleClik here to view.
Security Notice-Statement About the Vulnerability in Huawei HiLink E3236 and...
Huawei has been aware that Andreas Lindh, a security researcher in Sweden, disclosed a vulnerability in Huawei HiLink E3236 and E3276 on the 2014 Black Hat USA Conference. Huawei has started analysis...
View ArticleClik here to view.
The Epic Turla Operation. Solving some of the mysteries of Snake/Uroburos
Over the last 10 months, Kaspersky Lab researchers have analyzed a massive cyber-espionage operation which we call "Epic Turla". The attackers behind Epic Turla have infected several hundred computers...
View ArticleClik here to view.
Easy FTP Pro v4.2 iOS - Command Inject Vulnerabilities
Document Title:===============Easy FTP Pro v4.2 iOS - Command Inject VulnerabilitiesReferences (Source):====================http://www.vulnerability-lab.com/get_content.php?id=1291Release...
View Article