Clik here to view.
27 million South Koreans affected by data breach
South Korean authorities have revealed details surrounding massive data breach that impacts 27 million people aged 15-65. The compromised data comes from website registrations for various games and...
View ArticleClik here to view.
Paper: A DPLL(T) Theory Solver for a Theory of Strings and Regular Expressions
An increasing number of applications in verification and security rely on or could benefit from automatic solvers that can check the satisfiability of constraints over a rich set of data types that...
View ArticleClik here to view.
A Bird's-eye View of a Malware Campaign
The chough (pronounced like "chuff") is a member of the crow family, consisting of two species, one with a red bill and one with a yellow bill, that is found mostly in the mountains of southern Eurasia...
View ArticleClik here to view.
Leaked Documents Reveal How the Chinese Communist Party Channels Public Opinion
A central government coordination body called Central Internet Security and Informatization Leading Group was established on February 27, 2014 led by the Chinese President Xi Jinping, Premier Li...
View ArticleClik here to view.
IETF Action on Secure Email
Early last week I emailed a group of IETF Area Directors, for the Security and Applications areas, asking them to start the process of creating a new Working Group to address the issues around email...
View ArticleClik here to view.
A Study in Bots: Backoff
Point of Sales (POS) malware has become something of a hot topic over the past 12 months, the most notable being the Target breach that disclosed up to 110 Million records. And it doesn't stop there....
View ArticleClik here to view.
RCE in dragonfly gem
RCE in the Dragonfly gem for image uploading & processing inrails/sinatra, in version 1.0.5. (https://github.com/markevans/dragonfly)The underlaying vulnerability is that you can pass arbitrary...
View ArticleClik here to view.
CVE-2014-2081 - VTLS Virtua InfoStation.cgi SQLi
=====[Alligator Security Team - SecurityAdvisory]============================ - VTLS Virtua InfoStation.cgi SQLi - CVE-2014-2081 - Author: José Tozo < juniorbsd () gmail com >=====[Table...
View ArticleClik here to view.
ntopng 1.2.0 XSS injection using monitored network traffic
ntopng 1.2.0 XSS injection using monitored network trafficntopng is the next generation version of the original ntop, a network traffic probe and monitor that shows the network usage, similar to what...
View ArticleClik here to view.
ERNW’s Top 9 Burp Plugins
In the context of an internal evaluation, we recently had a look at most of the burp plugins available from the BApp store. The following overview represents our personal top 9 plugins, categorized in...
View ArticleClik here to view.
The poisoned NUL byte, 2014 edition
Back in this 1998 post to the Bugtraq mailing list, Olaf Kirch outlined an attack he called “The poisoned NUL byte”. It was an off-by-one error leading to writing a NUL byte outside the bounds of the...
View ArticleClik here to view.
Low hanging Web Application bugs in Digital Cable :Hacking Cable TV Networks...
We did two presentations on the security issues in Digital Cable TV network back in February at Nullcon[Goa] and another at HITB [Amsterdam ] . We disclosed few of the many security issues we reported...
View ArticleClik here to view.
Sub-domain on SourceForge redirects to Flash Pack Exploit Kit
We have talked about SourceForge before on this blog, in particular when they were associated with bundled software.This time around, we are going to take a look at an infected sub-domain hosted on...
View ArticleClik here to view.
LSE Leading Security Experts GmbH - LSE-2014-07-13 - Granding Grand MA 300 -...
=== LSE Leading Security Experts GmbH - Security Advisory 2014-07-13 ===Grand MA 300 Fingerprint Reader - Weak Pin...
View ArticleClik here to view.
Announcing Scumblr and Sketchy - Search, Screenshot, and Reclaim the Internet
Netflix is pleased to announce the open source release of two security-related web applications: Scumblr and Sketchy!more...
View ArticleClik here to view.
Beeswarm - active deceptions made easy
Finally we can announce with great pleasure the first public beta of the Beeswarm project.Beeswarm is an active IDS project that provides easy configuration, deployment and management of honeypots and...
View ArticleClik here to view.
(U//FOUO) DHS-FBI-NCTC Bulletin: Malicious Cyber Actors Use Advanced Search...
(U) Malicious cyber actors are using advanced search techniques, referred to as “Google dorking,” to locate information that organizations may not have intended to be discoverable by the public or to...
View ArticleClik here to view.
VMware vm-support multiple vulnerabilities
Author: dolevfDate: 18.6.2014Version: vm-support latest version 0.88Tested on: Red Hat Enterprise Linux 6Relevant CVEs: 2014-4199, 2014-42001. About the application------------------------VMware...
View ArticleClik here to view.
STIX and TAXII: On the road to becoming the de facto standard
The road to blissful cyber threat intelligence sharing often feels like a bumpy dirt track in a Wild West ghost town, but there's hope on the horizon: A new language, designed to define and describe a...
View ArticleClik here to view.
Keyboard Walk Generators
Methods to Generate Keyboard Walks for Password Crackingmore here...........https://github.com/Rich5/Keyboard-Walk-Generators
View Article