] The Mad Hacker [

online
mad hacker

Collecting all the news about Cybersecurity, computer security, cracking, hacking, infosec, netsec, & security vunerabilities in one convenient place

Whitehat, greyhat, blackhat, tinker, tailor, solider, spy
We trawl the web so you don't have to
Since 2000

the mad hacker overlay

Multiple vulnerabilities found in V-SOL OLTs

(Tuesday July 14, 2020)
Home [/../index.html] • About [/about.html] • Feed [/feed.xml] MULTIPLE VULNERABILITIES FOUND IN V-SOL OLTS PRODUCT DESCRIPTION The V-SOL OLTs are FTTH OLTs allowing to provide FTTH connectivity to a large number of clients (using ONTs). Some of the devices support multiple 10-gigabit uplinks and provide Internet connectivity to up to 1024 ONTs (clients). We validated the vulnerabilities against V1600D4L OLT in our lab environment with the latest firmware versions (V1.01.49). Using...

Multiple vulnerabilities found in CDATA OLTs

(Tuesday July 14, 2020)
Home [/../index.html] • About [/about.html] • Feed [/feed.xml] MULTIPLE VULNERABILITIES FOUND IN CDATA OLTS PRODUCT DESCRIPTION The CDATA OLTs are OEM FTTH OLTs, sold under different brands (Cdata, OptiLink, BLIY), allowing to provide FTTH connectivity to a large number of clients (using ONTs). Some of the devices support multiple 10-gigabit uplinks and provide Internet connectivity to up to 1024 ONTs (clients). We validated the vulnerabilities against FD1104B and FD1108SN OLTs in our...

Criticizing United's flagrant disregard for information security best practices

(Tuesday July 14, 2020)
[Tyler Flynn] TYLER FLYNN Read more posts [/author/devtty1er/] by this author. [Tyler Flynn] [/author/devtty1er/] TYLER FLYNN [/author/devtty1er/] 13 Jul 2020 • 5 min read [Criticizing United's flagrant disregard for information security best practices] Never mind that getting help from United Airlines is nearly impossible, when I called customer service, United recently asked me for the first five characters of my password as verification! If this doesn't strike you as odd,...

Breached Data Indexer ‘Data Viper’ Hacked

(Monday July 13, 2020)
Data Viper, a security startup that provides access to some 15 billion usernames, passwords and other information exposed in more than 8,000 website breaches, has itself been hacked and its user database posted online. The hackers also claim they are selling on the dark web roughly 2 billion records Data Viper collated from numerous breaches and data leaks, including data from several companies that likely either do not know they have been hacked or have not yet publicly disclosed an intrusion. The apparent breach at St. Louis, Mo. based Data Viper offers a cautionary and twisted tale of what...

AA20-195A: Critical Vulnerability in SAP NetWeaver AS Java

(Monday July 13, 2020)
Original release date: July 13, 2020 SUMMARY On July 13, 2020 EST, SAP released a , affecting the SAP NetWeaver Application Server (AS) Java component LM Configuration Wizard. An unauthenticated attacker can exploit this vulnerability through the Hypertext Transfer Protocol (HTTP) to take control of trusted SAP applications. Due to the criticality of this vulnerability, the attack surface this vulnerability represents, and the importance of SAP’s business applications, the Cybersecurity and Infrastructure Security Agency (CISA) strongly recommends organizations immediately apply...

Zero-Trust Efforts Rise with the Tide of Remote Working

(Monday July 13, 2020)
With employees likely to continue to spend much, if not all, of their time working from home, companies are focusing more on technologies to boost the security of their now-distributed workplace.

A Paramedic's Lessons for Cybersecurity Pros

(Monday July 13, 2020)
A paramedic turned cybersecurity expert shares his experiences in both fields, highlights their similarities, and explains how they can learn from each other.

Lost in Translation: Serious Flaws Found in ICS Protocol Gateways

(Monday July 13, 2020)
These oft-forgotten devices contain serious vulnerabilities that allow attackers to hack OT systems remotely, researchers will reveal at Black Hat USA next month.

Russian Hacker Convicted for Social Network Hacks

(Monday July 13, 2020)
The Russian national was convicted of hacking into accounts at LinkedIn, Dropbox, and Formspring.

Python Malware On The Rise

(Monday July 13, 2020)
That’s all for now from the world of Python malware. It’s very interesting watching malware trends change as computer systems become faster and easier to operate. As a security industry we need to keep an eye on Python-based malware, or it might just sink its fangs into us when we’re least expecting. SHARE THIS: ABOUT THE AUTHOR Austin is a U.S. Navy veteran, and while enlisted worked with USCYBERCOM, NSA, and DISA he performed defensive and offensive cyber operations. Since leaving...

Red Hat Security Advisory 2020-2412-01

(Monday July 13, 2020)
Red Hat Security Advisory 2020-2412-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include code execution, cross site scripting, denial of service, and man-in-the-middle vulnerabilities.

Red Hat Security Advisory 2020-2413-01

(Monday July 13, 2020)
Red Hat Security Advisory 2020-2413-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include denial of service and use-after-free vulnerabilities.

Online Birth Certificate System 1.0 SQL Injection / Code Execution

(Monday July 13, 2020)
Online Birth Certificate System version 1.0 suffers from a remote SQL injection vulnerability that allows for remote code execution.

Red Hat Security Advisory 2020-2894-01

(Monday July 13, 2020)
Red Hat Security Advisory 2020-2894-01 - D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility. Issues addressed include a denial of service vulnerability.

Curfew e-Pass Management System 1.0 SQL Injection

(Monday July 13, 2020)
Curfew e-Pass Management System version 1.0 suffers from a remote SQL injection vulnerability.

Red Hat Security Advisory 2020-2897-01

(Monday July 13, 2020)
Red Hat Security Advisory 2020-2897-01 - jbig2dec is a decoder implementation of the JBIG2 image compression format. Issues addressed include a buffer overflow vulnerability.

Small CRM 2.0 SQL Injection

(Monday July 13, 2020)
Small CRM version 2.0 suffers from a remote SQL injection vulnerability. This version was first discovered to have a different SQL injection vulnerability in January of 2020 by FULLSHADE.

Sifter 8.2

(Monday July 13, 2020)
Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.

Red Hat Security Advisory 2020-2893-01

(Monday July 13, 2020)
Red Hat Security Advisory 2020-2893-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly.

Red Hat Security Advisory 2020-2895-01

(Monday July 13, 2020)
Red Hat Security Advisory 2020-2895-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include bypass, denial of service, and integer overflow vulnerabilities.

User Registration And Login And User Management System 2.1 SQL Injection

(Monday July 13, 2020)
User Registration and Login and User Management System with admin panel version 2.1 suffers from multiple remote SQL injection vulnerabilities. One allows for authentication bypass.

Online Polling System SQL Injection

(Monday July 13, 2020)
Online Polling System from sourcecodester.com suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Park Ticketing Management System 1.0 SQL Injection

(Monday July 13, 2020)
Park Ticketing Management System version 1.0 suffers from multiple remote SQL injection vulnerabilities. These can be used to bypass login and execute code.

Secret Service Creates Cyber Fraud Task Forces

(Monday July 13, 2020)

How To Protect Yourself From Identity Theft During COVID-19

(Monday July 13, 2020)

LinkedIn Sued For Snooping On iOS

(Monday July 13, 2020)

Israeli Court Dismisses Amnesty Bid To Block Spyware Firm NSO

(Monday July 13, 2020)

Experts Predict Rise of Data Theft in Ransomware Attacks

(Monday July 13, 2020)
The most attractive targets for data theft are businesses perceived as most likely to pay to prevent exposure of their information.

TrickBot Sample Accidentally Warns Victims They’re Infected

(Monday July 13, 2020)
A data-stealing module in a recent sandboxed sample triggers browser-based fraud alerts for Trickbot victims -- and shows something of the inner working of the malware's operators.

Announcement: Tony Morbin joins IT Security Guru as Editor in Chief

(Monday July 13, 2020)
Today Tony Morbin joined IT Security Guru as editor in chief, signalling a drive to further develop this vital news and information source for the cyber security industry. Last week Tony left SC Media UK, the world’s longest established cyber security title, where he oversaw the transition from print to digital, as well as more […] The post Announcement: Tony Morbin joins IT Security Guru as Editor in Chief [https://www.itsecurityguru.org/2020/07/13/announcement-tony-morbin-joins-it-security-guru-as-editor-in-chief/] appeared first on IT Security Guru [https://www.itsecurityguru.org].

Man who lived luxury lifestyle after hacking LinkedIn and Dropbox is found guilty

(Monday July 13, 2020)
Yevgeniy Nikulin lived the high life, funded by a life of cybercrime. Now he faces a significant prison sentence after stealing millions of user records from the likes of LinkedIn and Dropbox. Read more in my article on the Hot for Security blog.

Millions of LiveAuctioneers passwords offered for sale following data breach

(Monday July 13, 2020)
Researchers claim to have found evidence that cybercriminals are offering for sale a database containing the personal details of 3.4 million users of an online art and antiques auction website, as well as three million cracked passwords.

Zero-Day Vulnerability in Zoom Affected Windows 7 Users

(Monday July 13, 2020)
A zero-day vulnerability affecting the Zoom client for Windows has been discovered that would allow an attacker to execute arbitrary code on remote devices. Only Windows 7 and older OSes were affected, further complicating the situation. Zoom vulnerabilities pop up constantly, but that’s also likely due in part to the app’s sudden popularity. The COVID-19 […]

Digicert revokes a raft of web security certificates

(Monday July 13, 2020)
The good news is that this was a bureaucratic necessity rather than an actual cybersecurity attack.

Decoding the Verizon DBIR Report: An Insider's Look Beyond the Headlines

(Monday July 13, 2020)
To truly understand cybersecurity trends, we must look beyond the headlines and ask more of the data. What you learn might surprise you.

BrandPost: Virtual Security Analysts – Using AI to Bridge the Cybersecurity Skills Gap

(Monday July 13, 2020)
Perhaps the most resource-intensive task required of security teams is the correlation and analysis of the massive volumes of data being produced by security devices and network sensors. This challenge is probably most apparent in the fact that network breaches often remain undetected for months, allowing cybercriminals to plant time-bombs, establish elaborate botnets, and slowly exfiltrate millions of records containing customer information and intellectual property. This challenge is compounded with the growing skills shortage the cybersecurity industry is facing globally, further adding...

A ‘New Age’ of Sophisticated Business Email Compromise is Coming

(Monday July 13, 2020)
A new BEC threat group is heralding more sophisticated email scams that target organizations without DMARC and squeeze as much money out of victims as possible.

The Enemy Within: How Insider Threats Are Changing

(Monday July 13, 2020)
Insider-threat security experts unravel the new normal during this time of remote working, and explain how to protect sensitive data from this escalating risk.

How CARTA Strategies for Web Applications are Met with Indusface AppTrana Solution

(Monday July 13, 2020)
From an operational standpoint, the foundation of CARTA starts with an assessment and then building the zero-trust principles on top of that with an adaptive security model.

Learn About the Latest Election Security Threats and Defenses at Black Hat USA

(Monday July 13, 2020)
Christopher Krebs, director of the CISA, will explain how the organization is leading the federal effort to support state and local officials in their mission to secure US elections this year.

Deep Dive into Synthetic Identity Fraud

(Monday July 13, 2020)
The fraud landscape is evolving and, as the world becomes increasingly digital, so do the criminals. From petty schemes to high-class social engineering strategies, fraudsters cash out on billions each year. Creating a fake identity The FTC calls synthetic identity fraud “one of the fastest-growing financial crimes” in the United States. Unlike traditional forms of […]

Go Phish: Cybercriminals Stick to Coronavirus and Financial Content to Fuel Phishing Schemes

(Monday July 13, 2020)
We’ve reached the half-year mark and online scammers are still taking advantage of the uncertainties brought on by the pandemic. Cyber-attacks targeting both consumers and business surged worldwide, and the trend shows no sign of stopping any time soon. In recent months, coronavirus-related attacks spiked, and email has remained the prime vector of choice for […]

COVID-19: Latest Security News & Commentary

(Monday July 13, 2020)
Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic.

Monday review – the hot stories of the week

(Monday July 13, 2020)
Get yourself up to date with everything weve written in the last seven days - its weekly roundup time.

How to protect algorithms as intellectual property

(Monday July 13, 2020)
Ogilvy is in the midst of a project that converges and Microsoft Vision AI to solve a unique business problem for the advertising, marketing and PR firm. Yuri Aguiar is already thinking about how he will protect the resulting algorithms and processes from theft.(Insider Story)

Hacker “revenge hacks” security firm

(Monday July 13, 2020)
A hacker claims to have breached the backend servers belonging to a US cybersecurity firm and stolen information from the company’s “data leak detection” service. The hacker says the stolen data includes more than 8,200 databases containing the information of billions of users that have leaked from other companies in previous security breaches. The databases […] The post Hacker “revenge hacks” security firm [https://www.itsecurityguru.org/2020/07/13/hacker-revenge-hacks-security-firm/] appeared first on IT Security Guru [https://www.itsecurityguru.org].

A look at Evilnum, the APT Group Behind the Malware

(Monday July 13, 2020)
The group behind Evilnum malware, that targets financial institutions, appears to be testing new techniques. ESET researchers published an analysis of advanced persistent threat (APT) group Evilnum, known for developing malware of the same name. A detailed look at its activity reveals an evolved toolset and infrastructure that combine custom malware with tools bought from […] The post A look at Evilnum, the APT Group Behind the Malware [https://www.itsecurityguru.org/2020/07/13/a-look-at-evilnum-the-apt-group-behind-the-malware/] appeared first on IT Security Guru...

Malware evading analysis by adding Any.Run sandbox detection

(Monday July 13, 2020)
Any.Run is a malware analysis sandbox service that lets researchers and users safely analyse malware without risk to their computers. And now malware developers are checking if their malware is running in the Any.Run malware analysis service to prevent their malware from being easily analysed by researchers.   Source: Bleeping Computer The post Malware evading analysis by adding Any.Run sandbox detection [https://www.itsecurityguru.org/2020/07/13/malware-evading-analysis-by-adding-any-run-sandbox-detection/] appeared first on IT Security Guru [https://www.itsecurityguru.org].

Introducing Winbindex - the Windows Binaries Index

(Monday July 13, 2020)
I indexed all Windows files which appear in Windows update packages, and created a website which allows to quickly view information about the files and download some of them from Microsoft servers. The files that can be downloaded are executable files (currently exe, dll and sys files). Read on for further information.

That loyal MySQL is a rogue one: a tale of a (partially) failed idea

(Monday July 13, 2020)
Hooking mysqld to steal net-NTLM hashes from developers.

Reversing DexGuard, Part 3 – Code Virtualization

(Monday July 13, 2020)
_Reversing DexGuard: Part 1 Part 3_ The third part of this series on DexGuard is about bytecode virtualization. The analyses that follow were done statically using JEB 3.22. Bytecode virtualization is, in my opinion, the most interesting and technically challenging feature of DexGuard. According to GuardSquare’s website, it was introduced in version 8.3 (mid 2019) TL;DR: JEB PRO CAN “UNVIRTUALIZE” METHODS VIRTUALIZED BY DEXGUARD 8.3+. WHAT IS CODE VIRTUALIZATION Relatively novel,...

WebView - Android's most convenient footgun

(Monday July 13, 2020)
RETRO IFRAME SECURITY ISSUES MAKING A COMEBACK   included in __Security __2020-07-12  __about 2475 words  __12 min  Share on:____ [Exploring iframe security through an Android WebView lens] Contents __ Imagine you’re a web developer who’s got a little bit of Android experience. You’ve built a progressive web app—it’s beautiful, functional, responsive. Everything the user sees was meticulously placed and crafted with purpose. You’re proud of what you’ve done. Why...

Exploring the tradecraft and TTPs of the ACSC's copy-paste adversary.

(Sunday July 12, 2020)
A few weeks ago the Australian Prime Minister Scott Morrison announced that Australian organisations had been the victims of a targeted attack by a ‘sophisticated, state-based actor’. Being close to…

Gynvael Web Challenges #6 Write-Up

(Sunday July 12, 2020)
Gynvael NodeJS Challenge #6 Write-Up

Understanding the root cause of F5 Networks K52145254: TMUI RCE vulnerability CVE-2020-5902

(Sunday July 12, 2020)
CVE-2020-5902 was disclosed on July 1st, 2020 by F5 Networks in K52145254 as a CVSS 10.0 remote code execution vulnerability in the Big-IP administrative interface. This blog looks at the root causes of both the exploit paths discovered which boil down to subtle configuration issues and differences in behavior between Apache httpd and Apache Tomcat…

nfstream 5.1.6

(Sunday July 12, 2020)
nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.

Online DJ Booking Management System Project Report 1.0 SQL Injection / Code Execution

(Sunday July 12, 2020)
Online DJ Booking Management System Project Report version 1.0 remote SQL injection exploit that achieves code execution.

Liferay Portal Remote Code Execution

(Sunday July 12, 2020)
Liferay Portal versions prior to 7.2.1 CE GA2 exploit that gains code execution due to deserialization of untrusted data sent to the JSON web services interface.

Responsive Online Blog 1.0 SQL Injection

(Sunday July 12, 2020)
Responsive Online Blog version 1.0 remote SQL injection proof of concept exploit. Original discovery of the vulnerability is attributed to Eren Simsek.

Multiple Browser - Address Bar Spoofing

(Sunday July 12, 2020)
Web Browsers, Address Bar Spoofing

How to secure a multitenant application architecture

(Sunday July 12, 2020)
Multitenancy is the concept that your application serves distinct non-overlapping accounts, with resources assigned to and belonging to each account. Very quickly this gets very complex with...

[Release] h8mail v2.5.3

(Sunday July 12, 2020)
Notice: scylla.sh, h8mail’s default free api, is currently under heavy traffic. Help and support the scylla project if you can. Cheers 💜 Table of content Table of content Abstract Updating New API: intelx.io ⭐ Getting a free trial API key Using the API key Using a config file Using command line Bug fixes & QoL Abstract h8mail 2.5.3 has been released. Integration of the powerful intelx.io API 🆕 IntelX offers a free 7 days API key to give them a try. 🔧 Important bug fix for local searching and some quality of life.

A SQL injection tool for effortlessly saving time on escaping quote marks

(Sunday July 12, 2020)
This is a tool first I made for my self and then made public to craft sql injection commands without any problems of unescaped quote marks. Just type your text and it will be converted to a concat'ed expression adjusted to your db engine. Select a Database ProductMySQLPostgreSQL Select concat typewith ||with concat() TYPE DOWN YOUR TEXT: Put text which you don't want to be escaped in double dollar sign, like $$users.password$$, an example: ~$$users.password$$~ equals...

HackTheBox: Book - Writeup by rizemon

(Sunday July 12, 2020)
logrotten has successfully created a symbolic link of our payload to /etc/bash_completion.d, so now we just need to run /bin/bash to force the execution of our payload and voila, we caught the shell as root! connect to [10.10.XX.XX] from (UNKNOWN) [10.10.10.176] 49512 # id uid=0(root) gid=0(root) groups=0(root) # cat /root/root.txt 84daXXXXXXXXXXXXXXXXXXXXXXXXXXXX Rooted ! Thank you for reading and look forward for more writeups and articles !

LiveAuctioneers security breach puts users at risk

(Saturday July 11, 2020)
LiveAuctioneers, the online website which broadcasts live auctions selling antiques, art, and collectibles, has warned that user details have fallen into unauthorised hands following a security breach.

Not So Smart: TP-Link TL-SG105E V3.0 5-Port Gigabit Easy Smart Switch has archaic security vulnerabilities. (2018)

(Saturday July 11, 2020)
Posted on November 3, 2018 I’ve made a few mentions about VLANs in the recent past as it’s something that I find quite useful along with virtual APs with managing an ever-increasingly-complex home network. But as some more “basic” edge equipment may not be able to tag/untag packets to participate in VLANs, while others can’t really be trusted to maintain a fixed VLAN tag setting and avoid VLAN hopping , it actually makes sense to enforce the VLAN tagging as a function of the...

Exclusive: Any Chingari App (Indian TikTok Clone) Account Can Be Hacked Easily

(Saturday July 11, 2020)
Following vulnerability disclosure in the Mitron app, another viral TikTok clone in India has now been found vulnerable to a critical but easy-to-exploit authentication bypass vulnerability, allowing anyone to hijack any user account and tamper with their information, content, and even upload unauthorized videos. The Indian video sharing app, called Chingari, is available for Android and iOS

HackTheBox: Book - writeup by t3chnocat

(Saturday July 11, 2020)
[HackTheBox Writeup: Book] Book was a very interesting medium rated Linux machine that introduced me to some new techniques. SQL Truncation was used to takeover the admin account in a web application. XSS was then used to read local files, including a SSH private key which yielded a stable shell. Finally a vulnerable version of logrotate was exploited to escalate privileges to root. I added book.htb to my /etc/hosts file and got to work. ENUMERATION nmap scan: Let's see what HTTP has: I...

Pandora FMS 7.0 NG 7XX Remote Command Execution

(Saturday July 11, 2020)
This Metasploit module exploits a vulnerability (CVE-2020-13851) in Pandora FMS versions 7.0 NG 742, 7.0 NG 743, and 7.0 NG 744 (and perhaps older versions) in order to execute arbitrary commands. This module takes advantage of a command injection vulnerability in th e Events feature of Pandora FMS. This flaw allows users to execute arbitrary commands via the target parameter in HTTP POST requests to the Events function. After authenticating to the target, the module attempts to exploit this flaw by issuing such an HTTP POST request, with the target parameter set to contain the payload. If a...

Pandora FMS 7.0 NG 746 Script Insertion / Code Execution

(Saturday July 11, 2020)
Pandora FMS 7.0 NG versions 746 and below remote code execution exploit that leverages cross site scripting. Requires administrator to perform an snmp scan with a cross site scripting payload.

Impress CMS 1.4.0 Cross Site Scripting

(Saturday July 11, 2020)
Impress CMS version 1.4.0 suffers from a cross site scripting vulnerability.

Webtareas 2.1 / 2.1p Cross Site Scripting

(Saturday July 11, 2020)
Webtareas versions 2.1 and 2.1p suffer from multiple cross site scripting vulnerabilities.

Signal's New PIN Feature Worries Cybersecurity Experts

(Saturday July 11, 2020)

The Secret Service Tried To Catch A Hacker With A Malware Booby Trap

(Saturday July 11, 2020)

EMV / Contactless Cards Mimicked With Magstripe Versions

(Saturday July 11, 2020)

Russian Hacker Found Guilty For Dropbox, LinkedIn, Formspring Breaches

(Saturday July 11, 2020)

RIFT: Citrix ADC Vulnerabilities CVE-2020-8193, CVE-2020-8195 and CVE-2020-8196 Intelligence

(Saturday July 11, 2020)
Citrix disclosed on July 7th, 2020 a number of vulnerabilities in the Application Delivery Controller. This blog is a summary of what we know as the situation develops.

Analysis of Remcos RAT Dropper

(Saturday July 11, 2020)
Contribute to 1d8/analyses development by creating an account on GitHub.

Popular TP-Link Family of Kasa Security Cams Vulnerable to Attack

(Friday July 10, 2020)
Researcher warns the highly-rated Kasa family of security cameras have bugs that gives hackers access to private video feeds and settings.

Mobile App Fraud Jumped in Q1 as Attackers Pivot from Browsers

(Friday July 10, 2020)
RSA data reveals a continued shift away from browser-based fraud as attackers target mobile apps.

Advanced Windows Malware Analysis - Acquiring Memory Artifacts

(Friday July 10, 2020)
On Windows platform, malware analysis has become more challenging. Living-off-the-land attacks are very common and there are many different and arbitrary tec...

HelloWeb 2.0 Arbitrary File Download

(Friday July 10, 2020)
HelloWeb version 2.0 suffers from an arbitrary file download vulnerability.

Barangay Management System 1.0 SQL Injection

(Friday July 10, 2020)
Barangay Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Introducing Citadel, a small collection of useful pentesting scripts

(Friday July 10, 2020)
My small collection of pentesting scripts. Contribute to wintrmvte/Citadel development by creating an account on GitHub.

Biden Campaign Hires 2 Top Cybersecurity Executives

(Friday July 10, 2020)
The campaign has filled the positions of CISO and CTO in the runup to the 2020 presidential election.

Google Bans Stalkerware Ads – With a Loophole

(Friday July 10, 2020)
Starting in August Google is banning ads of products or services promoting stalkerware.

Smartwatch Hack Could Trick Dementia Patients into Overdosing

(Friday July 10, 2020)
Attackers could hack the smartwatch and send dementia patients alerts for taking their medication.

Unpatched Critical Flaw Disclosed in Zoom Software for Windows 7 or Earlier

(Friday July 10, 2020)
A zero-day vulnerability has been discovered in Zoom video conferencing software for Windows that could allow an attacker to execute arbitrary code on a victim's computer running Microsoft Windows 7 or older. To successfully exploit the zoom vulnerability, all an attacker needs to do is tricking a Zoom user into performing some typical action like opening a received document file. No security

Zoom Patches Zero-Day Vulnerability in Windows 7

(Friday July 10, 2020)
The flaw also affects older versions of the operating system, even if they're fully patched.

As Offices Reopen, Hardware from Home Threatens Security

(Friday July 10, 2020)
Devices out of sight for the past several months could spell trouble when employees bring them back to work.

Sifter 8

(Friday July 10, 2020)
Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.

Keep your eyes open: How to avoid exposing your internal proxy

(Friday July 10, 2020)
How to keep all your IP addresses private to prevent DDoS attacks and other security vulnerabilities in your network infrastructure. Our real case and general recommendations.

Rittal Products Bypass / Command Injection / Privilege Escalation

(Friday July 10, 2020)
Multiple Rittal Products based on the same software suffer from CLI menu bypass, insecure configuration, hard-coded backdoor account, outdated component, command injection, and privilege escalation vulnerabilities. Products include but are not limited to CMC III PU Compact, CMC III PU 7030.000 PDU (whole portfolio), LCP-CW, and IoT Interface 3124.300.

Zoom Zero-Day Allows RCE, Patch On The Way

(Friday July 10, 2020)

TikTok Halts Hong Kong Access After Security Law

(Friday July 10, 2020)

KingComposer Patches XSS Flaw Impacting 100,000 WordPress Sites

(Friday July 10, 2020)

Backdoor Accounts Discovered In 29 C-Data FTTH Devices

(Friday July 10, 2020)

Google’s ad ban won’t stop stalkerware apps from promoting themselves

(Friday July 10, 2020)
Google has announced that from August 2020 it will be prohibiting ads for stalkerware products and services. But a loophole means that the companies behind creepy stalkerware apps will still be able to advertise themselves.