Clik here to view.
Fynloski dropper and .NET PWS (pass stealer) Analysis
Again the malware sample came to me via spam camp, and caught in corporate network’s honeypot.more here...........http://www.133tsec.com/2014/09/29/fynloski-dropper-and-net-pws-pass-stealer-analysis/
View ArticleClik here to view.
Epicor Enterprise vulnerabilities
"Epicor Enterprise vulnerabilities"- Affected vendor: Epicor Software Corporation- Affected system: Epicor Enterprise - Version 7.4- Vendor disclosure date: May 13th, 2014- Public disclosure date:...
View ArticleClik here to view.
Google’s DoubleClick ad network abused once again in malvertising attacks
Last week we uncovered a large-scale malvertising attack involving Google’s DoubleClick and Zedo that affected many high-profile sites.Unfortunately, another incident where DoubleClick is part of the...
View ArticleClik here to view.
FreePBX (All Versions) RCE
We would like to announce that a significant security vulnerability hasbeen discovered in all current versions of FreePBX.A CVE has been requested from Mitre, but has yet to be provided.Further details...
View ArticleClik here to view.
CVE-2014-2717 SCADA Privilege Escalation in Honeywell Falcon XLWEB
After giving the market two extra months for patching and alsocontacting some of the affected national CERTs Outpost24 today releasedthe vulnerability details for CVE-2014-2717.This vulnerability...
View ArticleClik here to view.
Multiple product vulnerabilities: all TP-Link "2-series" switches, all...
Vendor affected: TP-Link (http://tp-link.com)Products affected: * All TP-Link VxWorks-based devices (confirmed by vendor) * All "2-series" switches (confirmed by vendor) * TL-SG2008 semi-managed...
View ArticleClik here to view.
Lacoon Discovers Xsser mRAT, the First Advanced iOS Trojan
The Lacoon Mobile Security research team has discovered a new mRAT it calls “Xsser mRAT.” The Xsser mRAT specifically targets iOS devices, and is related to Android spyware already distributed broadly...
View ArticleClik here to view.
OpenVPN ShellShock PoC
# OpenVPN ShellShock PoC# Based on Fredrik Strömberg's HN post: https://news.ycombinator.com/item?id=8385332# Verified by @fj33r, posted at: http://sprunge.us/BGjPPoC...
View ArticleClik here to view.
Digging deep into Angler Fileless Exploit delivery
We look in detail about Angler Exploit pack’s fileless infection. Thanks to friends at malware-traffic-analysis.net who provided captures of two different instances of Angler exploit pack delivery. You...
View ArticleClik here to view.
Quick and dirty configuration of Viper to add "cloud" support
Viper is an open source framework designed to assist malware analysis. You can find more information here. I really like this framework and use it every day. However, it is not possible to natively use...
View ArticleClik here to view.
Blind SQLi vulnerability in Content Audit could allow a privileged attacker...
Details================Software: Content AuditVersion: 1.6Homepage: http://wordpress.org/plugins/content-audit/Advisory report:...
View ArticleClik here to view.
CVE-2014-6389 - Remote Command Execution in PHPCompta/NOALYSS
Vulnerability title: Remote Command Execution in PHPCompta/NOALYSSCVE: CVE-2014-6389Vendor: PHPComptaProduct: PHPCompta/NOALYSSAffected version: 6.7.1 5638Fixed version: 6.7.2Reported by: Jerzy...
View ArticleClik here to view.
The other bash RCEs (CVE-2014-6277 and CVE-2014-6278)
== Background ==If you are not familiar with the original bash function exportvulnerability (CVE-2014-6271), you may want to have a look at...
View ArticleClik here to view.
Memory leak in Xen hypervisor via RDMSR emulation bug (XSA 108)
Memory leak in Xen hypervisor via RDMSR emulation bug (XSA 108) Problem description --------------------- This is a bug in the upstream Xen. Below is the description provided by the Xen Security Team:...
View ArticleClik here to view.
Same-Origin Policy Potential Issue of iOS UIWebView
I found same-origin policy potential issue on stringByEvaluatingJavaScriptFromString method of UIWebView. When you use this method at shouldStartLoadWithRequest with http redirect, javascript will be...
View ArticleClik here to view.
Thumb Drives.. Can you tell the difference?
During a physical penetration test, it is not uncommon for the tester (attacker) to drop usb thumb drives out in the parking lot or someplace within the building. The hope is that an employee will...
View ArticleClik here to view.
Apple Releases Patch for Shellshock, May Still Be Vulnerable
Yesterday, Apple released security updates that address two of the "Shellshock" bash vulnerabilities: CVE-2014-6271 and CVE-2014-7169. At the time of writing, the updates are not available using...
View ArticleClik here to view.
ComputerCOP: The Dubious 'Internet Safety Software' That Hundreds of Police...
For years, local law enforcement agencies around the country have told parents that installing ComputerCOP software is the “first step” in protecting their children online.Police chiefs, sheriffs, and...
View ArticleClik here to view.
CVE-2014-5308 - Multiple SQL Injection Vulnerabilities in TestLink
Vulnerability title: Multiple SQL Injection Vulnerabilities in TestLinkCVE: CVE-2014-5308Vendor: TestlinkProduct: TestLinkAffected version: 1.9.11Fixed version: Fixed in SVN commit number...
View ArticleClik here to view.
User-driven Attacks
A user-driven attack is an attack that relies on a feature to get code execution. Most penetration testers I know rely on user-driven attacks over public memory corruption exploits. User-driven attacks...
View Article