Hackers and Developers Need to Hug it Out

The divide between developers and hackers is real. So, apparently, is the effort to bring them together and make them play nicely. “It’s not just a knowledge gap, but an empathy gap,” said I Am The Cavalry founder Josh Corman during a panel discussion at last week’s RSA Conference. “One common...

D-Link Webcam Hack Turns IoT Device into Backdoor

Connecting a webcam to your home or office network might seem like a harmless thing, but researchers have figured out how to turn that connected device into a backdoor. Researchers at Vectra Networks today released a report demonstrating how a $30 D-Link webcam can be abused by attackers and turn...

Embedded Devices Share, Reuse Private SSH Keys, HTTPs Certificates

Researchers have found that thousands of Internet gateways, routers, modems and other embedded devices share cryptographic keys and certificates, exposing millions of connections to man-in-the-middle attacks that open the door to more extensive intrusions that jeopardize encrypted data. This type...

REXT - Router Exploitation Toolkit

Small toolkit for easy creation and usage of various python scripts that work with embedded devices. core - contains most of toolkits basic functions databases - contains databases, like default credentials etc. interface - contains code that is being used for the creation and manipulation with...

Mobile Application Security - Main Issues & Vulnerabilities

Document Title: =============== Mobile Application Security - Main Issues & Vulnerabilities References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1647 Download: http://www.vulnerability-lab.com/resources/documents/1647.pdf Vulnerability Magazine:...

Is This Security-Focused Linux Kernel Really UnHackable?

Can you name which Operating System is most Secure? ...Windows, Mac, Linux or any particular Linux Distribution? Yes, we get that! It’s not an easy thing to pick. Besides Windows, Even the so-called ultra-secure Linux Distros were found to be vulnerable to various critical flaws in past years...

rext

Router Exploitation Toolkit - REXT =============================...

'Yes, Your Car Wash is On Facebook'

CANCUN–When or if people think about the security of the devices they interact with and use on a daily basis, the machines that run their local car wash probably aren’t high up on that list. But, like everything else with a computer for a brain these days, those machines are connected to the...

Memory Corruption Bugs Found in VLC Media Player

There are two memory corruption vulnerabilities in some versions of the VLC open-source media player that can allow an attacker to run arbitrary code on vulnerable machines. Neither one of the vulnerabilities has been fixed by VideoLAN, the organization that maintains VLC. Security researcher...

Pirelli Home Broadband Routers Exposed for Two Years

ISP-issued home broadband routers have been a shooting gallery for researchers and hackers alike looking for, and successfully exploiting, shocking vulnerabilities. One disclosed by a researcher in Spain this week is symptomatic of the problem to a disturbing degree. Researcher Eduardo Novella...

BASHLITE Malware leverages ShellShock Bug to Hijack Devices Running BusyBox

Cyber criminals are using new malware variants by exploiting GNU Bash vulnerability referred to as ShellShock CVE-2014-6271 in order to infect embedded devices running BusyBox software, according to a researcher. A new variant of "Bashlite" malware targeting devices running BusyBox software was...

NAT-PMP Security Vulnerability Affects 1.2M Routers

Vulnerabilities in embedded devices, in particular small office and home office routers, have been relentless. Another serious issue was discovered this week that affects more than 1.2 million such devices due to improper NAT-PMP protocol implementations, most of which run counter to the...

WPS Implementation Issue Exposes Wi-Fi Routers to Attack

A number of popular home and small office routers suffer from an implementation problem that could lead an experienced hacker down the road toward learning the devices’ eight-digit Wi-Fi Protected Setup WPS PINs in one guess. The attack, developed by Dominique Bongard, founder of 0xcite of...

Embedthis Goahead Webserver 3.1.3-0 - Multiple Vulnerabilities

No description provided by source. Title: Embedthis Goahead Webserver multiple DoS vulnerabilities. Author: 0in Maksymilian Motyl Date: 18.02.2014 Version: 3.1.3-0 Software Link: http://embedthis.com/products/goahead/ Download: https://github.com/embedthis/goahead Tested on: Linux x32 Description...

ZeroShell <= 1.0beta11 Remote Code Execution Vulnerability

No description provided by source. ==================================================== ZeroShell = 1.0beta11 Remote Code Execution Original Advisory: http://www.ikkisoft.com/stuff/LC-2009-01.txt luca.carettoniatikkisoftdotcom ==================================================== ZeroShell...

GoAheaad Webserver Source Code Disclosure Vulnerability

No description provided by source. Exploit Title: GoAheaad Webserver Source Code Disclosure Vulnerability Date: 5-28-10 Author: Sil3ntDre4m Software Link: http://data.goahead.com/Software/Webserver/2.1.8/webs218.zip Version: 2.18 and earlier Tested on: Windows Affects: Windows platform only Code ...

SNMP Public Community String Zero Day in Routers Disclosed

Researchers have discovered previously unreported problems in SNMP on embedded devices where devices such as secondary market home routers and a popular enterprise-grade load balancer are leaking authentication details in plain text. The data could be extracted by gaining access to the read-only...

Ninja PingU - High performance network scanner tool for large scale analyses

NINJA-PingU Is Not Just a Ping Utility is a free open-source high performance network scanner tool for large scale analyses. It has been designed with performance as its primary goal and developed as a framework to allow easy plugin creation. NINJA PingU comes out of the box with a set of plugins...

Embedthis Goahead WebServer 3.1.3-0 - Multiple Vulnerabilities

Embedthis Goahead WebServer 3.1.3-0 - Multiple Vulnerabilities Title: Embedthis Goahead Webserver multiple DoS vulnerabilities. Author: 0in Maksymilian Motyl Date: 18.02.2014 Version: 3.1.3-0 Software Link: http://embedthis.com/products/goahead/ Download: https://github.com/embedthis/goahead Test...

[SECURITY] Fedora 20 Update: monitorix-3.3.1-1.fc20

Monitorix is a free, open source, lightweight system monitoring tool design ed to monitor as many services and system resources as possible. It has been created to be used under production Linux/UNIX servers, but due to its simplicity and small size may also be used on embedded devices as well...