812 matches found
CyberArk User Enumeration - Multiple vulnerabilities
Security Advisory - CyberArk User Enumeration - Multiple vulnerabilities ======================================================================== Summary : CyberArk Vault was found prone to multiple user enumeration/harvesting vulnerabilities. Date : 1 August 2013 Affected versions : All Vault...
[Samurai Web Testing Framework v2.1] Live linux environment that has been pre-configured to function as a web pen-testing environment
The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites. In developing this environment, we have based our tool...
South Korea Blames North Korea for March Cyberattack
Officials from the Republic of Korea are saying North Korea’s military intelligence agency was responsible for the mid-March malware attacks that knocked several prominent South Korean banks and broadcasters offline, according to a Dow Jones Newswire report. The South Korean Science Ministry...
Attacks on SCADA, ICS Honeypots Modified Critical Operations
With antiquated gear running the country’s industrial control systems that oversee critical infrastructure, it’s no shock attackers targeting SCADA networks do their fair share of reconnaissance looking for weak spots in that equipment. A researcher decided to put that theory to a practical test...
Network Anti-Reconnaissance Tool: Nova
Nova: Network Anti-Reconnaissance Tool The Network Obfuscation and Virtualized Anti-Reconnaissance Nova system is an open-source software tool developed to detect network based reconnaissance efforts, to deny the attacker access to real network data while providing false information regarding the...
New U.S. drone hacked by IRAN ? Reality or propaganda?
It's known, drones are privileged vehicles for reconnaissance and attacks, technology has achieved level of excellence and their use is largely diffused, that's why defense companies are providing new solution to make them increasingly effective. But the incredible amount of technological...
HP Operations Agent Opcode coda.exe 0x8c Buffer Overflow
This Metasploit module exploits a buffer overflow vulnerability in HP Operations Agent for Windows. The vulnerability exists in the HP Software Performance Core Program component coda.exe when parsing requests for the 0x8c opcode. This Metasploit module has been tested successfully on HP Operatio...
Report: North Korea Accused Of DDoS Attack On South Korean Airport
North Korean agents have been linked to a malware attack on a South Korea’s Incheon International Airport, according to a report from the JoongAng Daily, a South Korean paper. The paper, citing the Seoul Metropolitan Police Agency, said that a 39 year-old South Korean man was arrested for...
Zeus Variant Targeting Cloud-Based Payroll Service
There is a new Zeus Trojan variant that is targeting the Canadian human resources and payroll service provider, Ceridian. The attack mixes malware infection with social engineering. Trusteer’s Amit Klein explains that Zeus takes a screenshot of Ceridian’s log-in, then, when a user with an infecte...
FBI will Monitor Social Media using Crawl Application
FBI will Monitor Social Media using Crawl Application The Federal Bureau of Investigation is looking for a better way to spy on Facebook and Twitter users. The Bureau is asking companies to build software that can effectively scan social media online for significant words, phrases and behavior so...
OWASP Mantra - c0c0n 11 and AppSecLatam 11 Release
OWASP Mantra - c0c0n 11 and AppSecLatam 11 Release The third beta of OWASP Mantra Security Toolkit has been released. One of the main features of this version is the multi-language support. Mantra now supports Hindi and Spanish, in addition to English. If you can give us a helping hand by...
MPlayer SAMI Subtitle File Overflow
Added: 09/07/2011 BID: 49149 OSVDB: 74604 Background MPlayer is an open source media player with support for many operating systems. Problem MPlayer does not properly validate the contents of Synchronized Accessible Media Interchange SAMI caption files. If a video references a malformed SAMI file...
BNAT Router
This module will properly route BNAT traffic and allow for connections to be established to machines on ports which might not otherwise be accessible. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...
Hackers Get Hacked at #Defcon 19 Conference
Hackers Get Hacked at Defcon 19 Conference There are so many ways to get hacked at the world's largest hacker conference. A hacker could bump against your pocket with a card reader that steals your credit card information. Or a hacker might eavesdrop on your Internet traffic through an unsecured...
Malicious PDF Attack Baiting Defense Industry Victims
There has been a spate of spear-phishing attacks against a number of high-profile targets in the last few months, including RSA and others, and that trend is continuing unabated. Researchers have come across a fresh attack using the familiar malicious PDF attachment that appears to be targeting...
Google's New Tool, DOM Snitch, Finds JavaScript Flaws
Google announced on Tuesday the availability of a new free application testing tool, dubbed “DOM Snitch,” that it says will help Web application developers find vulnerabilities in client side Web applications. The new application is a Chrome browser extension that works by injecting hooks into a...
Live Hacking DVD v1.3 Beta - Download !
Live Hacking DVD v1.3 Beta - Download ! Live Hacking DVD is a new Linux distribution packed with tools and utilities for ethical hacking, penetration testing and countermeasure verification. Based on Ubuntu this 'Live CD" runs directly from the DVD and doesn't require installation on your...
Metasploit 3.5.1 adds Cisco device exploitation !
Metasploit now enables security professionals to exploit Cisco devices, performs passive reconnaissance through traffic analysis, provides more exploits and evaluates an organization's password security by brute forcing an ever increasing range of services. This latest release adds stealth...
Mantra: A Browser based Security Framework !
Mantra is a dream that came true for the author. It is a collection of free and open source tools integrated into a web browser – Firefox, which can become handy for students, penetration testers, web application developers, security professionals etc. It is portable, ready-to-run, compact and...
S2 NetBox allows unauthenticated HTTP access to node logs, backups, and employee photographs
Overview S2 NetBox and related products do not adequately restrict access to node logs, backups, and employee photographs. A remote, unauthenticated attacker could use information obtained from a vulnerable system to aid in further attacks. Description S2 NetBox is a line of "...open architecture...