Clik here to view.
Killing the Rootkit
To know if your system is compromised, you need to find everything that could run or otherwise change state on your system and verify its integrity (that is, check that the state is what you expect it...
View ArticleClik here to view.
[SECURITY] CVE-2013-4444 Remote Code Execution in Apache Tomcat
CVE-2013-4444 Remote Code ExecutionSeverity: ImportantVendor: The Apache Software FoundationVersions Affected:- - Apache Tomcat 7.0.0 to 7.0.39Description:In very limited circumstances, it was possible...
View ArticleClik here to view.
OS X IOKit kernel multiple exploitable memory safety issues in token parsing...
IGAccelVideoContextMedia is the userclient responsible for gpu accelerated video decoding - it's userclient type 0x101 of the IntelAccelerator IOService.Clients of IGAccelVideoContextMedia call...
View ArticleClik here to view.
Probable Cache Poisoning of Mail Handling Domains
Hi, this is Jonathan Spring with my colleague Leigh Metcalf. For some time now, we’ve been working through a problem we found, but it’s time to discuss it more broadly. Using our passive DNS data...
View ArticleClik here to view.
WordPress Plugin Vulnerability Dump – Part 2
And we’re back. Check out Part 1 if you haven’t yet. Much like before, developers of these plugins have not been contacted in advance.more...
View ArticleClik here to view.
Security Advisory – VirtueMart Extension for Joomla!
Advisory for: VirtueMart for Joomla!Security Risk: HighExploitation level: Easy/RemoteVulnerability: Access control bypass / Increase of PrivilegeUpdated Version: 2.6.10cPatched Version: 2.6.8cIf...
View ArticleClik here to view.
Security Audit of Safeplug “Tor in a Box”
Last month at the FOCI workshop, we presented a security analysis of the Safeplug, a $49 box which promised users “complete security and anonymity” online by sending all of their web traffic through...
View ArticleClik here to view.
CSRF vulnerabilities in CacheGuard-OS v5.7.7 (CVE-2014-4865)
I. VULNERABILITY-------------------------CSRF vulnerabilities in CacheGuard-OS v5.7.7II. BACKGROUND-------------------------CacheGuard is an All-in-One Web Security Gateway providing firewall,web...
View ArticleClik here to view.
Exploiting Ammyy Admin – developing an 0day
For the past few years, a number of groups of scammers have been cold-calling thousands if not millions of people in what’s been referred to as the “Ammyy Scam” or the “Microsoft Tech Support Scam”...
View ArticleClik here to view.
TorrentLocker Ransomware Cracked and Decrypter has been made
On Aug. 12th 2014, a new sample was sent to me with the victim claiming it to be CryptoLocker. Upon running and quickly analyzing the exe, I found that it was a new Encrypting Ransomware (Whats new?)....
View ArticleClik here to view.
Photorange v1.0 iOS - File Include Web Vulnerability
Document Title:===============Photorange v1.0 iOS - File Include Web VulnerabilityReferences (Source):====================http://www.vulnerability-lab.com/get_content.php?id=1318Release...
View ArticleClik here to view.
ChatSecure IM v2.2.4 iOS - Persistent Web Vulnerability
Document Title:===============ChatSecure IM v2.2.4 iOS - Persistent Web VulnerabilityReferences (Source):====================http://www.vulnerability-lab.com/get_content.php?id=1317Release...
View ArticleClik here to view.
OS X IOKit kernel code execution due to lack of bounds checking in...
IGAccelVideoContextMain is the userclient used for GPU accelerated video encoding on the Intel HD integrated GPUs. It's userclient 0x100 of the IntelAccelerator IOService. IOConnectMapMemory type=0 of...
View ArticleClik here to view.
Threat Spotlight: “Kyle and Stan” Malvertising Network Threatens Windows and...
Have you visited amazon.com, ads.yahoo.com, www.winrar.com, youtube.com, or any of the 74 domains listed below lately? If the answer is yes, then you may have been a victim to the “Kyle and Stan”...
View ArticleClik here to view.
Website Security – Compromised Website Used To Hack Home Routers
What if we told you that a compromised website has the ability to hack your home router?Yesterday we were notified that a popular newspaper in Brazil (politica.estadao.com.br) was hacked and loading...
View ArticleClik here to view.
Malicious WordPress injection sending to 178.62.254.78 and 176.58.100.98
There is currently some sort of injection attack against WordPress sites that is injected code into the site's .js files. Not so unusual.. except that the payload site in the file changes every half...
View ArticleClik here to view.
Some interesting XSS Vector
XSS Vector # 11< script src = / 〱20.rs> </ script >The second slash in the URL in Internet Explorer (tested in IE11) can be U + 3031, U + 3033, U + 3035, U + 309D, U + 30FC, U + 30FD, U +...
View ArticleClik here to view.
Popular Japanese blog platform affected by malicious redirections
Our honeypots caught drive-by downloads that appeared to stem from Ameba, a popular Japanese blogging and social networking site.Upon further review we found out that they came from a particular user...
View ArticleClik here to view.
Trying to hack Redis via HTTP requests
Imagine than you can access a Redis server via HTTP requests. It could be because of a SSRF vulnerability or a misconfigured proxy. In both situations, all you need is to fully control at least one...
View ArticleClik here to view.
FLARE IDA Pro Script Series: MSDN Annotations IDA Pro for Malware Analysis
The FireEye Labs Advanced Reverse Engineering (FLARE) Team continues to share knowledge and tools with the community. We started this blog series with a script for Automatic Recovery of Constructed...
View Article