Archive | Exploits/Vulnerabilities

BADLOCK – Are ‘Branded’ Exploits Going Too Far?

So there’s been hype about this big exploit coming, for over a month, before anything was released. It had a name, a website and a logo – and it was called Badlock. And now it’s out, and it’s more like Sadlock – really a local network DoS against DCE/RPC services on Windows and Linux with […]

Tags: , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, General Hacking | Add a Comment

DROWN Attack on TLS – Everything You Need To Know

So SSL in general is having a rough time lately, now with the SSLv2 DROWN attack on TLS. And this is not long after Logjam and a while since Heartbleed, POODLE and FREAK. DROWN is a cross-protocol attack that can decrypt passively collected TLS sessions from up-to-date clients and stands for Decrypting RSA with Obsolete […]

Tags: , , , , , , , , , ,

Posted in: Cryptography, Exploits/Vulnerabilities | Add a Comment

The Linux glibc Exploit – What You Need To Know

So the Internet exploded this week with news of a pretty serious glibc exploit, something that everyone pays attention to as every Linux server uses this library and in some cases it can yield remote code execution. In basic terms the glibc DNS client (libresolv) is vulnerable to a stack-based buffer overflow when the getaddrinfo() […]

Tags: , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Linux Hacking | Add a Comment

Malwarebytes Bug Bounty Program Goes Live

So Malwarebytes bug bounty program is live, the official name is actually Malwarebytes Coordinated Vulnerability Disclosure Program – what a mouthful (guidelines here). It’s good to see, bug bounty programs typically tend to have a nett positive effect and end in win-win situations for researchers and software vendors alike. In an effort to encourage researchers […]

Tags: , , , , , , , ,

Posted in: Exploits/Vulnerabilities | Add a Comment

PayPal Remote Code Execution Vulnerability Patched

So this is a big one, and thankfully this PayPal Remote Code Execution Vulnerability was discovered by security researchers and not the bad guys. Although there’s no way for us to know if someone has been using this to siphon data out of PayPal for some time before the whitehats found it. It’s a roundabout […]

Tags: , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Web Hacking | Add a Comment

Fortinet SSH Backdoor Found In Firewalls

So the Fortinet SSH Backdoor, apparently it’s just a management authentication issue. Sorry, what’s that? It looks like a passphrase based admin level access login via SSH to me personally. Which is scary. They are adamantly shouting from rooftops that it was not planted by a 3rd party (NSA? Like Juniper..) or any kind of […]

Tags: , , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Network Hacking | Add a Comment

Facebook Disabled Flash For Video Finally

So Facebook disabled Flash for video finally, sadly it’s still there for games but a large use case for it just went out the window. And really, it’s not surprising after the recent mega patch in Adobe Flash that fixed 78 CVE classified vulnerabilities. There’s just no good reason for anyone to still be using […]

Tags: , , , , , , , ,

Posted in: Exploits/Vulnerabilities | Add a Comment

Critical Remote Root Zero-Day In FireEye Appliances

So FireEye doesn’t have a particularly good reputation in the security community, it’s generally not handled responsible disclosure well and it’s even taken a security firm (ERNW) to court over a vulnerability disclosure. And now there’s another critical remote root zero-day in FireEye appliances – which is scary, as these are high end devices protecting […]

Tags: , , , , , , ,

Posted in: Countermeasures, Exploits/Vulnerabilities | Add a Comment

Latest Update Patches 78 CVE-classified Flash Security Vulnerabilities

So as a rule, in 2015 running Adobe Flash is already pretty scary – but the latest patch release covers 78 CVE-classified Flash security vulnerabilities. That’s not scary, that’s terrifying. By now you kinda expect flaws in Flash, it’s just a given. But 78 CVE-classified vulnerabilities in one patch release? That’s just insane, that’s worse […]

Tags: , , , , , , , ,

Posted in: Exploits/Vulnerabilities | Add a Comment

SprayWMI – PowerShell Injection Mass Spray Tool

SprayWMI is a method for mass spraying Unicorn PowerShell injection to CIDR notations. It’s an alternative to traditional, ‘noisy’ tools which leave something on the disk like PsExec, smbexec, winexe and so on. These tools have worked really well, however, they are fairly noisy creating a service and touching disk which will trigger modern defense […]

Tags: , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Hacking Tools, Windows Hacking | Add a Comment

Popular Tags

computer-security · darknet · exploits · fuzzing · google · hacking · hacking-networks · hacking-websites · hacking-windows · hacking tool · Hacking Tools · information gathering · malware · microsoft · network-security · Network Hacking · Password Cracking · penetration-testing · Phishing · Privacy · Python · scammers · Security · Security Software · spam · spammers · sql-injection · trojan · trojans · virus · viruses · vulnerabilities · web-application-security · web-security · Web Hacking · windows · windows-security · Windows Hacking · worms · XSS ·