Archive | Exploits/Vulnerabilities




Serious ImageMagick Zero-Day Vulnerabilities – ImageTragick?

So another vulnerability with a name and a logo – ImageTragick? At least this time it’s pretty dangerous, a bunch of ImageMagick Zero-Day vulnerabilities have been announced including one that can leave you susceptible to remote code execution. It’s pretty widely used software too and very public, if you use an app online that lets […]

Tags: , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Web Hacking | Add a Comment

BeautifulPeople.com Leak Exposes 1.1M Extremely Private Records

So another data breach, and no surprise here, but another dating site. This time the BeautifulPeople.com Leak has exposed 1.1 million customer records, including 15 million private messages sent between users. Not so private now is it. And no surprise either the entry point for this leak, was the not-so excellent NoSQL database MongoDB which […]

Tags: , , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Privacy, Web Hacking | Add a Comment

Apple Will Not Patch Windows QuickTime Vulnerabilities

Much like Adobe Flash, QuickTime from Apple is a bit of a relic some pretty serious, remote code execution type Windows QuickTime Vulnerabilities were recently discovered by Trend Micro. Apple has officially stated that they won’t be fixing them and the official line on this, is to uninstall QuickTime. I guess a lot of people […]

Tags: , , , , , , , ,

Posted in: Apple, Exploits/Vulnerabilities, Windows Hacking | Add a Comment

BADLOCK – Are ‘Branded’ Exploits Going Too Far?

So there’s been hype about this big exploit coming, for over a month, before anything was released. It had a name, a website and a logo – and it was called Badlock. And now it’s out, and it’s more like Sadlock – really a local network DoS against DCE/RPC services on Windows and Linux with […]

Tags: , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, General Hacking | Add a Comment

DROWN Attack on TLS – Everything You Need To Know

So SSL in general is having a rough time lately, now with the SSLv2 DROWN attack on TLS. And this is not long after Logjam and a while since Heartbleed, POODLE and FREAK. DROWN is a cross-protocol attack that can decrypt passively collected TLS sessions from up-to-date clients and stands for Decrypting RSA with Obsolete […]

Tags: , , , , , , , , , ,

Posted in: Cryptography, Exploits/Vulnerabilities | Add a Comment

The Linux glibc Exploit – What You Need To Know

So the Internet exploded this week with news of a pretty serious glibc exploit, something that everyone pays attention to as every Linux server uses this library and in some cases it can yield remote code execution. In basic terms the glibc DNS client (libresolv) is vulnerable to a stack-based buffer overflow when the getaddrinfo() […]

Tags: , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Linux Hacking | Add a Comment

Malwarebytes Bug Bounty Program Goes Live

So Malwarebytes bug bounty program is live, the official name is actually Malwarebytes Coordinated Vulnerability Disclosure Program – what a mouthful (guidelines here). It’s good to see, bug bounty programs typically tend to have a nett positive effect and end in win-win situations for researchers and software vendors alike. In an effort to encourage researchers […]

Tags: , , , , , , , ,

Posted in: Exploits/Vulnerabilities | Add a Comment

PayPal Remote Code Execution Vulnerability Patched

So this is a big one, and thankfully this PayPal Remote Code Execution Vulnerability was discovered by security researchers and not the bad guys. Although there’s no way for us to know if someone has been using this to siphon data out of PayPal for some time before the whitehats found it. It’s a roundabout […]

Tags: , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Web Hacking | Add a Comment

Fortinet SSH Backdoor Found In Firewalls

So the Fortinet SSH Backdoor, apparently it’s just a management authentication issue. Sorry, what’s that? It looks like a passphrase based admin level access login via SSH to me personally. Which is scary. They are adamantly shouting from rooftops that it was not planted by a 3rd party (NSA? Like Juniper..) or any kind of […]

Tags: , , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Network Hacking | Add a Comment

Facebook Disabled Flash For Video Finally

So Facebook disabled Flash for video finally, sadly it’s still there for games but a large use case for it just went out the window. And really, it’s not surprising after the recent mega patch in Adobe Flash that fixed 78 CVE classified vulnerabilities. There’s just no good reason for anyone to still be using […]

Tags: , , , , , , , ,

Posted in: Exploits/Vulnerabilities | Add a Comment

Popular Tags

computer-security · darknet · exploits · fuzzing · google · hacking · hacking-networks · hacking-websites · hacking-windows · hacking tool · Hacking Tools · information gathering · malware · microsoft · network-security · Network Hacking · Password Cracking · penetration-testing · Phishing · Privacy · Python · scammers · Security · Security Software · spam · spammers · sql-injection · trojan · trojans · virus · viruses · vulnerabilities · web-application-security · web-security · Web Hacking · windows · windows-security · Windows Hacking · worms · XSS ·