Clik here to view.
Android Ransomware 'Koler' Learns to Propagate via SMS
Android Koler is a family of ransomware that targets Android users by locking up their mobile devices and demanding a ransom. It is believed to be the mobile extension of the Reveton ransomware family....
View ArticleClik here to view.
Source code to the OLE exploit. CVE-2014-4114
Title: Windows NT 6.X OLE package manager remote code execution through MS Office Powerpoint XYZ slideshow (ppts, pptxs). EID: 00000217:2013/06/10 Description:...
View ArticleClik here to view.
Creative Contact Form (Wordpress 0.9.7 and Joomla 2.0.0) - Shell Upload...
#!/usr/bin/python## Exploit Name: Wordpress and Joomla Creative Contact Form Shell Upload Vulnerability# Wordpress plugin version: <= 0.9.7# Joomla extension version:...
View ArticleClik here to view.
Dell EqualLogic Storage - Remote File Inclusion
# Exploit Title: Remote Directory Traversal exploit for Dell EqualLogic 6.0Storage# Date: 09/2013# Exploit Author: Mauricio Pampim Corr�a# Vendor Homepage: www.dell.com# Version: 6.0# Tested on:...
View ArticleClik here to view.
Two new attacks on Tor
Two new attacks on Tor were recently announced.The first involves using an exit node to automatically modify software patches to include malware. This one is being seen in the wild already.more...
View ArticleClik here to view.
Popular Brazilian Site “Porta dos Fundos” Hacked
A very well known Brazilian comedy site, “Porta dos Fundos,” was recently hacked and is pushing malware (drive-by-download) via a malicious Flash executablemore...
View ArticleClik here to view.
OPEN CURTAINS IN SWISH PAYMENTS SERVICE
While doing some research for Bankdroid during the hot summer days I decided to take a look at the increasingly popular payment app Swish. Swish, developed by HiQ for Sweden's six major banks (Danske...
View ArticleClik here to view.
Webkit exploit confirmed to run on PS4 Firmware 1.76!
Developers nas and proxima have extended the recently released Vita Webkit exploit, and made it compatible with the latest PS4 firmware, firwmare 1.76. (Update: Proxima actually clarified that although...
View ArticleClik here to view.
Zero Day Hole found in Samsung FindMyMobile (CVE-2014-8346)
Samsung FindMyMobile is a mobile web-service that provides samsung users different features to locate lost device, lock a device remotely so that no one else can use the device, or to play an alert on...
View ArticleClik here to view.
Nikka – Digital Strongbox (Crypto as Service)
Imagine, somewhere in the internet that no-one trusts, there is a piece of hardware, a small computer, that works just for you. You can trust it. You can depend on it. Things may get rough but it will...
View ArticleClik here to view.
Interesting Paper: Bayesian regression and Bitcoin
In this paper, we discuss the method of Bayesian regression and its efficacy for predicting price variation of Bitcoin, a recently popularized virtual, cryptographic currency. Bayesian regression...
View ArticleClik here to view.
THE INSECURITY OF THINGS: PART TWO
When we last left off, we were setting the stage for sharing what the Interns found in a handful of "IOT" or internet connected devices they purchased. So we'll be starting with a simple one. One that...
View ArticleClik here to view.
Yourls XSS Stored
version).The attacker can steal the admin's cookies and login in the admin panel.Note: Only the admin can see this.Steps to perform the vulnerability:1. Create a new url to shorten --> In the inputs...
View ArticleClik here to view.
Authenticated Key Exchange with SPEKE or DH-EKE
I’ve been researching PAKE algorithms recently and there doesn’t seem to be a good explanation of Encrypted Key Exchange with Diffie Hellman (DH-EKE) out there. The best way to learn something is to...
View ArticleClik here to view.
‘Replay’ Attacks Spoof Chip Card Charges
An odd new pattern of credit card fraud emanating from Brazil and targeting U.S. financial institutions could spell costly trouble for banks that are just beginning to issue customers more secure...
View ArticleClik here to view.
Full Disclosure of Havex Trojans
I did a presentation at the 4SICS conference earlier this week, where I disclosed the results from my analysis of the Havex RAT/backdoor.The Havex backdoor is developed and used by a hacker group...
View ArticleClik here to view.
Apple iOS v8.0.2 - Silent Contact Denial of Service Vulnerability
Document Title:===============Apple iOS v8.0.2 - Silent Contact Denial of Service VulnerabilityReferences (Source):====================http://www.vulnerability-lab.com/get_content.php?id=1324Video:...
View ArticleClik here to view.
WebDisk+ v2.1 iOS - Code Execution Vulnerability
Document Title:===============WebDisk+ v2.1 iOS - Code Execution VulnerabilityReferences (Source):====================http://www.vulnerability-lab.com/get_content.php?id=1349Release...
View ArticleClik here to view.
iFileExplorer v6.51 iOS - File Include Web Vulnerability
Document Title:===============iFileExplorer v6.51 iOS - File Include Web VulnerabilityReferences (Source):====================http://www.vulnerability-lab.com/get_content.php?id=1345Release...
View ArticleClik here to view.
Folder Plus v2.5.1 iOS - Persistent Item Vulnerability
Document Title:===============Folder Plus v2.5.1 iOS - Persistent Item VulnerabilityReferences (Source):====================http://www.vulnerability-lab.com/get_content.php?id=1348Release...
View Article