Archive | Exploits/Vulnerabilities


01 May 2014 | 760 views

Microsoft Confirms Internet Explorer 0-Day

So during the past weekend, Microsoft confirmed an Internet Explorer 0-day that is actually being used in targeted online attacks. Vulnerability in Internet Explorer Could Allow Remote Code Execution It will be interesting to see if they push an out of band patch for this one or just wait for the next Patch Tuesday. It’s [...]

Continue Reading


24 April 2014 | 1,420 views

Viber Vulnerable To Man In The Middle Attack (MITM)

So this week, researchers at the University of New Haven have been focusing on Viber and have found that pretty much everything transferred and stored on the Viber service, except the messages themselves is not encrypted either in transit or at rest (doodles, images, location data & videos). The implication of this is that the [...]

Continue Reading


17 April 2014 | 1,120 views

Royal Canadian Mounted Police Arrest Heartbleed Hacker

The Heartbleed Bug was the big thing last week and honestly pretty much the biggest thing this year so far. And it turns out someone has been caught using the Heartbleed bug in a malicious way and in Canada no less. The young Heartbleed hacker goes is a 19 year old Stephen Arthuro Solis-Reyes and [...]

Continue Reading


09 April 2014 | 4,241 views

Heartbleed Bug SSL Vulnerability – Everything You Need To Know

Introduction So the Internet has been exploding this week due to the Heartbleed Bug in OpenSSL which effects a LOT of servers and websites and is being hailed by some as the worst vulnerability in the history of the Internet thus far. The main info on the bug can be found at http://heartbleed.com/. In basic [...]

Continue Reading


03 April 2014 | 696 views

Oracle Java Cloud Service Vulnerabilities Publicly Disclosed

Security researches from the Polish firm Security Explorations have released a massive slew of PoC code and technical details on 30 Oracle Java Cloud Service Vulnerabilities. It seems like they had already reported them to Oracle, but weren’t happy with how things were handled, so have decided to go public with the weaknesses. They gave [...]

Continue Reading


11 March 2014 | 1,789 views

ODA – Online Web Based Disassembler

ODA stands for Online DisAssembler. ODA is a general purpose machine code disassembler that supports a myriad of machine architectures. Built on the shoulders of libbfd and libopcodes (part of binutils), ODA allows you to explore an executable by dissecting its sections, strings, symbols, raw hex, and machine level instructions. ODA is an online Web [...]

Continue Reading


06 March 2014 | 791 views

Target CIO Beth Jacob Resigns After Huge Breach

So the latest news this week is that the Target CIO Beth Jacob has resigned, it seems to be somewhat linked to the massive heist of credit card details from Target that took place in December last year. To be fair it was a fairly complex, high-level attack and I’m pretty sure most companies would [...]

Continue Reading


19 February 2014 | 1,248 views

2 Different Hacker Groups Exploit The Same IE 0-Day

It hasn’t been too long since the last serious Internet Explorer 0-day, back in November it was used in drive-by attacks – Another IE 0-Day Hole Found & Used By In-Memory Drive By Attacks. And earlier last year there was an emergency patch issued – Microsoft Rushes Out ‘Fix It’ For Internet Explorer 0-day Exploit. [...]

Continue Reading


23 December 2013 | 5,370 views

Researchers Crack 4096-bit RSA Encryption With a Microphone

So this is a pretty interesting acoustic based cryptanalysis side-channel attack which can crack 4096-bit RSA encryption. It’s been a while since we’ve seen anything hardware based, and RSA 4096 is pretty strong encryption, I wonder how they figured this one out. It makes sense though when you think about it, although I wouldn’t have [...]

Continue Reading


25 November 2013 | 1,349 views

vBulletin.com Hacked – Forum User Emails & Encrypted Passwords Leaked

vBulletin.com hacked is the latest news going around, there seems to have been a spate of these lately, with huge numbers of user accounts leaked. Thankfully this time, the passwords are actually hashed, but with what algorithm – we aren’t quite sure. Perhaps someone could figure it out with HashTag. I do have some vBulletin [...]

Continue Reading