Clik here to view.
The Other Side of Masque Attacks: Data Encryption Not Found in iOS Apps
Based on our research into the iOS threat Masque Attacks announced last week, Trend Micro researchers have found a new way that malicious apps installed through successful Masque Attacks can pose a...
View ArticleClik here to view.
PUPs and Java Removal Tools, Oh My
When it comes to online threats, these days website ads could be considered a grey area. For the majority of site owners providing free services or content, they’re good to have because they generate...
View ArticleClik here to view.
IE11 ImmutableApplicationSettings EPM Privilege Escalation
IE11 exposes a shared memory section to all tab process which contains configuration settings, named Immutable Application Settings. This contains settings such as whether protected mode is currently...
View ArticleClik here to view.
DoubleDirect – Zimperium Discovers Full-Duplex ICMP Redirect Attacks in the...
Zimperium Mobile Security Labs have investigated during the last year a new type of attack technique in the wild being exploited by attackers. Aptly named “DoubleDirect,” this attack technique is a...
View ArticleClik here to view.
PayPal takes 18 months to patch critical remote code execution hole
Paypal has closed a remote code execution vulnerability in its service some 18 months after it was reported.more here........http://www.theregister.co.uk/2014/11/21/paypal_vuln/?mt=1416565446664
View ArticleClik here to view.
CVE-2014-6332 (Internet Explorer) and Exploits Kits
For this CVE referer to :http://technet.microsoft.com/security/bulletin/MS14-064The first encounter I had with this CVE in exploit kit, was in the Sweet Orange from the actor pushing DarkShell via KR...
View ArticleClik here to view.
Santa
A binary whitelisting/blacklisting system for Mac OS Xmore here..........https://github.com/google/santa
View ArticleClik here to view.
Attack Vector Linux
For anonymized penetration testing & security auditing. 2 distributions combinedmore here........http://turing.slu.edu/~hastint/AttackVector.htm
View ArticleClik here to view.
Detekt
Detekt is a free tool that scans your Windows computer for traces of FinFisher and Hacking Team RCS, commercial surveillance spyware that has been identified to be also used to target and monitor human...
View ArticleClik here to view.
Privacyware Privatefirewall 7.0 - Unquoted Service Path Privilege Escalation
Privacyware Privatefirewall 7.0 Unquoted Service Path Privilege EscalationVendor: PWI, Inc.Product web page: http://www.privacyware.comAffected version: 7.0.30.3Summary: Privatefirewall multi-layered...
View ArticleClik here to view.
Netgear Wireless Router WNR500 - Parameter Traversal Arbitrary File Access...
Netgear Wireless Router WNR500 Parameter Traversal Arbitrary File Access ExploitVendor: NETGEARProduct web page: http://www.netgear.comAffected version: WNR500 (firmware: 1.0.7.2)Summary: The NETGEAR...
View ArticleClik here to view.
Hacking RFID Payment Cards Made Possible with Android App
We recently encountered a high-risk Android app detected as ANDROIDOS_STIP.A in Chile. This app, found distributed through forums and blogs, can be used to hack into the user’s RFID bus transit card to...
View ArticleClik here to view.
The Regin Espionage Toolkit
Regin is the latest in the line of sophisticated espionage toolkits used to target a range of organizations around the world. As already reported, it's one of the more complex pieces of malware around,...
View ArticleClik here to view.
linux-native-backdoors
Repository holding all alternatives of *nix backdoors.more here.........https://github.com/ulissescastro/linux-native-backdoors
View ArticleClik here to view.
Regin: Top-tier espionage tool enables stealthy surveillance
An advanced spying tool, Regin displays a degree of technical competence rarely seen and has been used in spying operations against governments, infrastructure operators, businesses, researchers, and...
View ArticleClik here to view.
Magnitude Exploit Kit Backend Infrastructure Insight - Part II
Welcome back to another edition of “exposing Magnitude exploit-kit internals”! As already mentioned in our previous posts (1st and 2nd), the back-end infrastructure of this highly prevalent Exploit Kit...
View ArticleClik here to view.
Sony Pictures hacked, entire computer system reportedly unusable
Reports that Sony Pictures has been hacked have been trickling in this morning, after a thread appeared on Reddit claiming all computers at the company were offline due to a hack.more...
View ArticleClik here to view.
Regin: Nation-state ownage of GSM networks
"Beware of Regin, the master! His heart is poisoned. He would be thy bane..."more here.......http://securelist.com/blog/research/67741/regin-nation-state-ownage-of-gsm-networks/
View ArticleClik here to view.
Real HSM Breaches
Hardware Security Modules (HSMs) are temper-resistant special-purpose computers that protect the most sensitive cryptographic key material in an organisation. They are used for security-critical...
View ArticleClik here to view.
Craigslist's Netsol account was compromised, name servers changed
The craigslist account at one of our registrars was compromised and the NSrecords migrated away from their rightful home. That issue has since beencorrected, but the various caches around the Internet...
View Article