Archive | Exploits/Vulnerabilities




PayPal Remote Code Execution Vulnerability Patched

So this is a big one, and thankfully this PayPal Remote Code Execution Vulnerability was discovered by security researchers and not the bad guys. Although there’s no way for us to know if someone has been using this to siphon data out of PayPal for some time before the whitehats found it. It’s a roundabout […]

Tags: , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Web Hacking | Add a Comment

Fortinet SSH Backdoor Found In Firewalls

So the Fortinet SSH Backdoor, apparently it’s just a management authentication issue. Sorry, what’s that? It looks like a passphrase based admin level access login via SSH to me personally. Which is scary. They are adamantly shouting from rooftops that it was not planted by a 3rd party (NSA? Like Juniper..) or any kind of […]

Tags: , , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Network Hacking | Add a Comment

Facebook Disabled Flash For Video Finally

So Facebook disabled Flash for video finally, sadly it’s still there for games but a large use case for it just went out the window. And really, it’s not surprising after the recent mega patch in Adobe Flash that fixed 78 CVE classified vulnerabilities. There’s just no good reason for anyone to still be using […]

Tags: , , , , , , , ,

Posted in: Exploits/Vulnerabilities | Add a Comment

Critical Remote Root Zero-Day In FireEye Appliances

So FireEye doesn’t have a particularly good reputation in the security community, it’s generally not handled responsible disclosure well and it’s even taken a security firm (ERNW) to court over a vulnerability disclosure. And now there’s another critical remote root zero-day in FireEye appliances – which is scary, as these are high end devices protecting […]

Tags: , , , , , , ,

Posted in: Countermeasures, Exploits/Vulnerabilities | Add a Comment

Latest Update Patches 78 CVE-classified Flash Security Vulnerabilities

So as a rule, in 2015 running Adobe Flash is already pretty scary – but the latest patch release covers 78 CVE-classified Flash security vulnerabilities. That’s not scary, that’s terrifying. By now you kinda expect flaws in Flash, it’s just a given. But 78 CVE-classified vulnerabilities in one patch release? That’s just insane, that’s worse […]

Tags: , , , , , , , ,

Posted in: Exploits/Vulnerabilities | Add a Comment

SprayWMI – PowerShell Injection Mass Spray Tool

SprayWMI is a method for mass spraying Unicorn PowerShell injection to CIDR notations. It’s an alternative to traditional, ‘noisy’ tools which leave something on the disk like PsExec, smbexec, winexe and so on. These tools have worked really well, however, they are fairly noisy creating a service and touching disk which will trigger modern defense […]

Tags: , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Hacking Tools, Windows Hacking | Add a Comment

VTech Hack – Over 7 Million Records Leaked (Children & Parents)

And once again, the messy technical flaws of a company are being exposed with the recent VTech hack – it’s really not looking good for them with account passwords ‘secured’ with unsalted md5 hashes and all kinds of private information being leaked includes parents addresses, kids birthdays, genders, secret answers and associated meta-data (IP addresses, […]

Tags: , , , , , , , ,

Posted in: Database Hacking, Exploits/Vulnerabilities, Privacy | Add a Comment

TalkTalk Hack – Breach WAS Serious & Disclosed Bank Details

So it turns out the TalkTalk hack is a lot more serious than they initially tried to make it out to be, TalkTalk claimed that it’s core system wasn’t compromised and only the website was breached. But now they’ve admitted the hackers got away with bank account numbers, partial credit card numbers and dates of […]

Tags: , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Legal Issues, Privacy | Add a Comment

Fitbit Vulnerability Means Your Tracker Could Spread Malware

So it seems there is a Fitbit vulnerability involving the BlueTooth implementation that can be used to embed self replicating malware onto the wearable fitness tracker. I actually own a Fitbit, and have had previous models too, so this is quite interesting to me. The malware could spread to your PC/Laptop if you’re using the […]

Tags: , , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Hardware Hacking, Malware | Add a Comment

OWASP WebGoat – Deliberately Insecure Web Application

WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons. This program is a demonstration of common server-side application flaws. The exercises are intended to be used by people to learn about application security and penetration testing techniques. In each lesson, users must demonstrate their understanding of a […]

Tags: , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Web Hacking | Add a Comment

Popular Tags

computer-security · darknet · exploits · fuzzing · google · hacking · hacking-networks · hacking-websites · hacking-windows · hacking tool · Hacking Tools · information gathering · malware · microsoft · network-security · Network Hacking · Password Cracking · penetration-testing · Phishing · Privacy · Python · scammers · Security · Security Software · spam · spammers · sql-injection · trojan · trojans · virus · viruses · vulnerabilities · web-application-security · web-security · Web Hacking · windows · windows-security · Windows Hacking · worms · XSS ·