Clik here to view.
CVE-2014-8557 - JExperts Tecnologia - Channel Software Cross Site Scripting...
CVE-2014-8557 - JExperts Tecnologia / Channel Software Cross Site ScriptingIssuesVendor Notified: 2014-10-27INTRODUCTION:The Channel Platform is an enterprise software project management (orproject...
View ArticleClik here to view.
CVE-2014-8558 - JExperts Tecnologia - Channel Software Escalation Access Issues
CVE-2014-8558 - JExperts Tecnologia / Channel Software Escalation AccessIssuesVendor Notified: 2014-10-27INTRODUCTION:The Channel Platform is an enterprise software project management (orproject...
View ArticleClik here to view.
Drupageddon vs. Suhosin
Automated attacks began compromising Drupal 7 websites that were not patched or updated to Drupal 7.32 within hours of the announcement of SA-CORE-2014-005 - Drupal core - SQL injection. You should...
View ArticleClik here to view.
Tech Support website infects your computer before you even dial in
If you ever need help with your computer you may be interested in remote tech support.As we have written many times on this blog before, the road to finding a legitimate company is very...
View ArticleClik here to view.
System Calls Make the World Go Round
I hate to break it to you, but a user application is a helpless brain in a vatEvery interaction with the outside world is mediated by the kernel through system calls. If an app saves a file, writes to...
View ArticleClik here to view.
WireLurker for Windows
Yesterday we published a whitepaper introducing WireLurker, the first malware attacking both non-jailbroken and jailbroken iOS devices from a Mac OS X system. Shortly after we released the paper, Jaime...
View ArticleClik here to view.
SeasonApps iTransfer 1.1 - Persistent UI Vulnerability
Document Title:===============SeasonApps iTransfer 1.1 - Persistent UI VulnerabilityReferences (Source):====================http://www.vulnerability-lab.com/get_content.php?id=1347Release...
View ArticleClik here to view.
BookFresh - Persistent Clients Invite Vulnerability
Document Title:===============BookFresh - Persistent Clients Invite VulnerabilityReferences (Source):====================http://www.vulnerability-lab.com/get_content.php?id=1351Release...
View ArticleClik here to view.
PayPal Inc BugBounty #107 MultiOrder Shipping (API) - Persistent History...
Document Title:===============PayPal Inc BugBounty #107 MultiOrder Shipping (API) - Persistent History VulnerabilityReferences...
View ArticleClik here to view.
73,000 SECURITY CAMERAS VIEWABLE ONLINE DUE TO USE OF DEFAULT PASSWORDS
A website has made 73,011 security cameras from 256 different countries available for viewing online, all by hacking the cameras’ default usernames and passwords.more...
View ArticleClik here to view.
We analyze Cryptobot, aka Paycrypt
Recently during some research on encrypting ransomware we came across a new variant that brings some new features to the table. It will encrypt by utilizing the following javascript from being opened...
View ArticleClik here to view.
Nearly 140k emails, u/p leaked from San Deigo Zoo
The following leak is brought to you by Paw Security(@PawSecReturns) && #Op4Pawz..more here.........http://siph0n.in/exploits.php?id=3585
View ArticleClik here to view.
Guest Diary: Didier Stevens - Shellcode Detection with XORSearch
Frank Boldewin (http://www.reconstructer.org/) developed a shellcode detection method to find shellcode in Microsoft Office files, like .doc and .xls files. He released this as a feature of his...
View ArticleClik here to view.
Global Web Crackdown Arrests 17, Seizes Hundreds Of Dark Net Domains
When “Operation Onymous” first came to light yesterday, it looked like a targeted strike against a few high value targets in the Dark Web drug trade. Now the full scope of that international law...
View ArticleClik here to view.
Warrant for Your Arrest phone scams
Yesterday the scammers tried to hit the wrong victim! Neera Desai works for us at Malcovery Security as a Threat Intelligence Analyst on the malware team. She had received a voicemail on her phone...
View ArticleClik here to view.
Passive UAC Elevation
I had a cool idea for a way to get the user to passively elevate your application without socially engineering them to do so or requiring exploits. Obviously you could just go ahead and start mass...
View ArticleClik here to view.
Exposing Malware In Hidden Desktops Using CmdDesktopSwitcher
Have you ever come across malware that has opened a window that you just can’t see? You suspect it is a case of the malware setting the window as hidden. You fire up WinLister to enumerate the windows...
View ArticleClik here to view.
How I REVERSE ENGINEERED GOOGLE DOCS To Play Back Any Document’s Keystrokes
If you’ve ever typed anything into a Google Doc, you can now play it back as if it were a movie — like traveling through time to look over your own shoulder as you write.This is possible because every...
View ArticleClik here to view.
Tinfoil Chat
(TFC-CEV) is a high assurance encryption plugin for Pidgin IM client that combines free and open source hardware and software. Secure by design implementation provides a no-compromise layer over the...
View ArticleClik here to view.
Paper: SIGPATH: A Memory Graph Based Approach for Program Data Introspection...
Abstract. Examining and modifying data of interest in the memory of a tar-get program is an important capability for security applications such as memoryforensics, rootkit detection, game hacking, and...
View Article