6251 matches found
Miniduke APT Campaigh Returns with New Targets, Hacking Tools
The Miniduke advanced persistent threat APT campaign uncovered by researchers at Kaspersky Lab and CrySys Lab in February 2013 is back after a year-long hiatus in which attacks abated almost entirely. While the initial Miniduke operations primarily targeted government organizations in Europe, thi...
Alteon AceDirector Half-Closed HTTP Request IP Address Revealing Vulnerabililty
No description provided by source. source: http://www.securityfocus.com/bid/3964/info Alteon ACEdirector is a hardware solution distributed by Nortel Networks. ACEdirector runs the Nortel WebOS operating system. It is possible to retrieve the real IP addresses of webservers that are managed by an...
appRain Quick Start Edition Core Edition Multiple 0.1.4-Alpha - XSS Vulnerabilities
No description provided by source. Title : appRain Quick Start Edition Core Edition Multiple Persistence Cross-Site Scripting Vulnerabilities. Author : Antu Sanadi from SecPod Technologies www.secpod.com Vendor : http://www.apprain.com/ Advisory : http://secpod.org/blog/?p=215...
CyberLink Power2Go Essential 9.0.1002.0 - Registry SEH/Unicode Buffer Overflow
No description provided by source. !/usr/bin/perl Exploit Title: CyberLink Power2Go Essential 9.0.1002.0 - Registry SEH/Unicode Buffer Overflow Discovery date: 11-26-2013 Exploit Author: Mike Czumak Tv3rn1x -- @SecuritySift Vulnerable Software/Version: CyberLink Power2Go 9 Essential 9.0.1002.0...
openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2012:1154-1)
Java-170-openjdk was updated to fix a remote exploit CVE-2012-4681. Also bugfixes were done : - fix build on ARM and i586 - remove files that are no longer used - zero build can be enabled using rpmbuild osc build --with zero - add hotspot 2.1 needed for zero - fix filelist on %ix86 - Security...
Kali Linux 1.0.7 Released
Kernel 3.14, Tool Updates, Package Improvements Kali linux 1.0.7 has just been released, complete with a whole bunch of tool updates, a new kernel, and some cool new features. Check out our changelog for a full list of these items. As usual, you don’t need to re-download or re-install Kali to...
Google Chrome OS < 33.0.1750.152 Multiple Vulnerabilities
Binary data 8202.prm...
Google Chrome OS < 33.0.1750.152 Multiple Security Vulnerabilities (deprecated)
Binary data 8161.prm...
CVE-2014-1708
The boot implementation in Google Chrome OS before 33.0.1750.152 does not properly consider file persistence, which allows remote attackers to execute arbitrary code via unspecified vectors...
CVE-2014-1708
The boot implementation in Google Chrome OS before 33.0.1750.152 does not properly consider file persistence, which allows remote attackers to execute arbitrary code via unspecified vectors...
CVE-2014-1708
CVE-2014-1708 affects Google Chrome OS boot: the boot implementation before 33.0.1750.152 does not properly account for file persistence, allowing remote attackers to execute arbitrary code via unspecified vectors. Affected: Chrome OS boot path; root cause: inadequate handling of file persistence...
Stable Channel Update for Chrome OS
The Stable channel has been updated to 33.0.1750.152 Platform version: 5116.115.4/5116.115.5 for all devices. This build contains security fixes for Pwnium. Systems will be receiving the updates over the next few days. Security Fixes and Rewards Congratulations to geohot for an epic Pwnium...
[MIDAS] Mac Intrusion Detection Analysis System
MIDAS is a framework for developing a Mac Intrusion Detection Analysis System, based on work and collaborative discussions between the Etsy and Facebook security teams. This repository provides a modular framework and a number of helper utilities, as well as an example module for detecting...
Model Predicts Optimal Timing of a Cyber Conflict
Security researchers from the Ford School of Public Policy at the University of Michigan have published a mathematical model they said will produce the proper timing for the delivery of offensive cyberweapons. Defenders can also make use of the model to understand attackers and when an targeted...
Microsoft Online, Office And Cloud Persistent Encoding Issues
Document Title: =============== Microsoft Online, Office & Cloud - Persistent Encoding Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=806 Microsoft Security Response Center MSRC ID: 14090 Microsoft Security Response Center MSRC Manager:...
Persistent Payload In Windows Volume Shadow Copy
This Metasploit module will attempt to create a persistent payload in a new volume shadow copy. This is based on the VSSOwn Script originally posted by Tim Tomes and Mark Baggett. This Metasploit module has been tested successfully on Windows 7. In order to achieve persistence through the RUNKEY...
Microsoft Windows Authenticated Powershell Command Execution
This module uses a valid administrator username and password to execute a powershell payload using a similar technique to the "psexec" utility provided by SysInternals. The payload is encoded in base64 and executed from the commandline using the -encodedcommand flag. Using this method, the payloa...
Persistent Payload in Windows Volume Shadow Copy
This module will attempt to create a persistent payload in a new volume shadow copy. This is based on the VSSOwn Script originally posted by Tim Tomes and Mark Baggett. This module has been tested successfully on Windows 7. In order to achieve persistence through the RUNKEY option, the user shoul...
Shylock/Caphaw Banking Malware Infections on the Rise
Two dozen major U.S. and European banks are in the crosshairs of the Shylock, or Caphaw, financial malware of late, and victims who trade with one of the 24 financial institutions are at risk of giving up their credentials and losing assets in their accounts. Malware researchers have noticed a ri...
Mac OS X Sudo Password Bypass
This module gains a session with root permissions on versions of OS X with sudo binary vulnerable to CVE-2013-1775. Tested working on Mac OS 10.7-10.8.4, and possibly lower versions. If your session belongs to a user with Administrative Privileges the user is in the sudoers file and is in the...