663 matches found
HackPwn how to use the context-aware vulnerability deception self-driving cars-vulnerability warning-the black bar safety net
HackPwn2016 Safety geeks Carnival is global attention to intelligent life safety hack Fiesta. The first HackPwn2015 Safety geeks Carnival by the top international hackers team 360VulcanTeam, the 360UnicornTeam initiated, in absorbs the domestic and foreign various security events advantages on th...
Juan Andres Guerrero-Saade and Brian Bartholomew on APT False Flags and Attribution
Mike Mimoso talks to Kaspersky Lab Global Research and Analysis Team researchers Juan Andres Guerrero-Saade and Brian Bartholomew about a paper released at Virus Bulletin on deception tactics and false flags flown by APT groups to frustrate analysis. Download their paper presented at Virus...
Concrete CMS: Content Spoofing possible in concrete5.org
An attacker can include any arbitrary text using specially crafted concrete5 url. This is done using character /%0d%0a. Input https://www.concrete5.org/%0d%0ahas%20moved%20to%20www.evil.com.Please%20visit%20evil.com%20Present%20resource Output The requested URL / has moved to www.evil.com.Please...
Android Mediaserver Denial of Service Vulnerability (CNVD-2016-07431)
Android is a Linux-based open source operating system developed by Google Inc. and the Open Handheld Consortium. A security vulnerability exists in Android Mediaserver, which allows remote attackers to build malicious applications that can be exploited to trick users into parsing, which can crash...
How Your Computer Monitor Could Be Hacked To Spy On You
Just stop believing everything you see on your screen, as it turns out that even your computer monitor can be hacked. You have seen hackers targeting your computer, smartphone, and tablet, but now, it has been proved that they can even compromise your monitor and turn them against by just changin...
Foxit vulnerability: the 4 billion users at risk-vulnerability and early warning-the black bar safety net
! The popular PDF reader Foxit developers recently fixed a 1 2 at the risk of security vulnerabilities,these vulnerabilities may lead to remote code execution. This reader has about 4 million users,they think this is a Adobe Reader is the perfect alternative. The official fix for the windows and...
Craig Wright Will Move Satoshi Nakamoto's Bitcoin to Prove His Claim
Yesterday, BBC broke a story allegedly revealing Craig Wright as the original creator of Bitcoin digital currency Satoshi Nakamoto. However, the highly skeptical cryptographic community is definitely not yet convinced with the technical proofs Wright has yet provided to the media outlets and on h...
Adobe Acrobat/Reader Bypass Information Disclosure Vulnerability (CNVD-2015-06735)
Adobe Reader/Acrobat is a popular application for working with PDF files. An information disclosure bypass vulnerability exists in Adobe Reader/Acrobat. Allowing an attacker to construct a malicious PDF file and trick the user into parsing it, sensitive information can be obtained...
Adobe Flash Player Flash broker for Internet Explorer elevation of privilege vulnerability
Adobe Flash Player is a Flash file handling program. Adobe Flash Player Flash broker for Internet Explorer has a privilege issue that allows remote attackers to construct malicious SWF content and trick users into parsing it with elevated privileges...
Active Defense Can Give Pause to Threats
SAN FRANCISCO – Disrupting hackers on your own network has become sort of a parlor trick for enterprises with enough resources and desire to dive into those waters. Today at RSA Conference, one expert explained how most organizations can leverage networking tools they’ve already invested in to pu...
Websense TRITON AP-EMAIL Clickjacking Vulnerability
Websense TRITON is a unified content architecture to protect data security. A clickjacking vulnerability exists in Websense TRITON AP-EMAIL, which allows attackers to construct malicious URIs, trick users into parsing them, and spoof user communications...
Mozilla: Reading of local files through manipulation of form autocomplete (MFSA 2015-24)
An information leak flaw was found in the way Firefox implemented autocomplete forms. An attacker able to trick a user into specifying a local file in the form could use this flaw to access the contents of that file...
Beeswarm - Active IDS made easy
Beeswarm is an active IDS project that provides easy configuration, deployment and management of honeypots and clients. The system operates by luring the hacker into the honeypots by setting up a deception infrastructure where deployed drones communicate with honeypots and intentionally leak...
Honeypot Deployment Made Easy: Beeswarm
Beeswarm is an active IDS project that provides easy configuration, deployment and management of honeypots and clients. The system operates by luring the hacker into the honeypots by setting up a deception infrastructure where deployed drones communicate with honeypots and intentionally leak...
Apple Safari 4.0.1 Error Page Address Bar URI Spoofing Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/35829/info Apple Safari is affected by a URI-spoofing vulnerability. An attacker may leverage this issue by inserting arbitrary content to spoof a URI presented to an unsuspecting user. This may lead to a false sense of...
Microsoft Internet Explorer 4/5/6 Embedded Image URI Obfuscation Weakness
No description provided by source. source: http://www.securityfocus.com/bid/10308/info It has been reported that Microsoft Internet Explorer is prone to a URI obfuscation weakness that may hide the true contents of a URI link. The issue occurs when an image is contained within a properly formatte...
Shellcodeexec execution shellcode-exploit warning-the black bar safety net
shellcodeexec.x32.exe a Can on windows execute shellcode tools, the use of this feature, you can also use it to execute contained malicious code shellcode, so as to achieve the invasion's purpose. shellcodeexec. x32. exe this tool can to https://github. com/inquisb/shellcodeexec. This website...
Possibly Tricking Users – The Perils of Drag n Drop Decadence
Security Possibly Tricking Users – The Perils of Drag n Drop Decadence Share May 12th, 2014 In the recent Opera 21 Stable release, we fixed a number of bugs relating to the address field. Normally, we would not want to give away too much about a security issue, as it would give a potential attack...
Vulnerability of small summary: the browser in those strange logic-vulnerability warning-the black bar safety net
0x00 introduction As early as a few years ago to see a book the dig 0day act, which introduced a sogou browser vulnerabilities-the forge website, although after a lapse of four years, sogou still made the same mistake, but at that time I only know that there is this treatment, but suffer from on...
Threat Outbreak Alert: Fake Specification Requirements List Email Messages on February 12, 2014.
Medium Alert ID: 32848 First Published: 2014 February 13 16:30 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain a required specification list for the recipient. The text in the email message attempts to convince the...