Canadian Telcos Patch an APT-Ready Flaw in Disability Services

Canadian telcos have patched a widespread local file-disclosure flaw in disability services that allow people who are deaf, hard of hearing, or have a speech disorder to place calls through a text telephone or other assistive devices. The vulnerability opens the door for widespread attacks on...

Unique Malspam Campaign Uses MS Publisher to Drop a RAT on Banks

UPDATE A malspam campaign targeting a slew of banks is turning researchers’ heads with its unusual use of a Microsoft Office Publisher file to infect victims’ systems with a well-known backdoor. Researchers with Trustwave said that they have seen a spate of emails with a Microsoft Office Publishe...

Vulnerability hunting with Semmle QL, part 1

Previously on this blog, we’ve talked about how MSRC automates the root cause analysis of vulnerabilities reported and found. After doing this, our next step is variant analysis: finding and investigating any variants of the vulnerability. It’s important that we find all such variants and patch...

Hacker leaks Snapchat’s source code on Github

By Waqas Pakistani Hacker Posted Authentic Snapchat Source Code on GitHub - Snapchat’s source code is stolen…can there be a bigger news than that? Perhaps there is! Not only that the source code has been stolen but also posted on Microsoft-owned GitHub of all the platforms. Reportedly, the hacker...

Snapchat Hack — Hacker Leaked Snapchat Source Code On GitHub

The source code of the popular social media app Snapchat was recently surfaced online after a hacker leaked and posted it on the Microsoft-owned code repository GitHub. A GitHub account under the name Khaled Alshehri with the handle i5xx, who claimed to be from Pakistan, created a GitHub reposito...

Snapchat Hack — Hacker Leaked Snapchat Source Code On GitHub

The source code of the popular social media app Snapchat was recently surfaced online after a hacker leaked and posted it on the Microsoft-owned code repository GitHub. A GitHub account under the name Khaled Alshehri with the handle i5xx, who claimed to be from Pakistan, created a GitHub reposito...

File Inclusion Vulnerability in Bluecoat CMS

Lanco CMS is a website building system developed with PHP+MYSQL technology and MVC model. BlueTech CMS has a file inclusion vulnerability that can be exploited by attackers to obtain source code...

CVE-2018-14941

Harmonic NSG 9000 devices allow remote authenticated users to read the webapp.py source code via a direct request for the /webapp.py URI...

Code injection

Harmonic NSG 9000 devices allow remote authenticated users to read the webapp.py source code via a direct request for the /webapp.py URI...

CVE-2018-14941

Harmonic NSG 9000 devices allow remote authenticated users to read the webapp.py source code via a direct request for the /webapp.py URI...

Microsoft Windows Defender Evasive Executable

This module allows you to generate a Windows EXE that evades against Microsoft Windows Defender. Multiple techniques such as shellcode encryption, source code obfuscation, Metasm, and anti-emulation are used to achieve this. For best results, please try to use payloads that use a more secure...

Starbucks: Backup Source Code Detected

Impact Depending on the nature of the source code disclosed, an attacker can mount one or more of the following types of attacks:•Access the database or other data resources. With the privileges of the account obtained, attempt to read, update or delete arbitrary data from the database. •Access...

Reddit Breach Stems from SMS Two-Factor Authentication Breakdown

Reddit confirmed Wednesday that a hacker broke into its systems and has accessed user data – including email addresses and passwords for accounts. The company said in a post today that the compromise occurred between June 14 and June 18, and it detected the incident on June 19. “We learned that a...

WebRTC - H264 NAL Packet Processing Type Confusion

Type confusion can occur when processing a H264 packet. In the method PacketBuffer::FindFrames in modules/videocoding/packetbuffer.cc there is a loop on line 296 that goes through the databuffer vector backwards. The flag ish264 is set before this loop, and if it is true, the loop extracts and se...

Uber: [experience.uber.com] Node.js source code disclosure & anonymous access to internal Uber documents, templates and tools

A configuration file on experience.uber.com exposed details for the server configuration as well as information about the content hosted on the site. The site itself did require authentication to log in, but this config file was publicly accessible. Other accessible URLs included slide deck...

CMSeeK v1.0.5 - CMS Detection And Exploitation Suite

What is a CMS? A content management system CMS manages the creation and modification of digital content. It typically supports multiple users in a collaborative environment. Some noteable examples are: WordPress, Joomla, Drupal etc. Release History - Version 1.0.5 19-07-2018 - Version 1.0.4...

Spring Data Commons RCE

Remote command execution vulnerability in Spring Data Commons Vulnerability Type: Remote Command Execution For the exploit source code contact DSquare Security sales team...

SRCMS Cross-Site Request Forgery Vulnerability (CNVD-2018-17521)

SRCMS is a security emergency response and defect management software. A cross-site request forgery vulnerability exists in SRCMS version 2.3.1. An attacker can exploit this vulnerability by adding a user account via admin.php?m=Admin&c=member&a=add...

BST (Binary String Toolkit) - Quickly And Easily Convert Binary Strings For All Your Exploit Development Needs

The Binary String Toolkit or BST for short is a rather simple utility to convert binary strings to various formats suitable for later inclusions in source codes, such as those used to develop exploits in the security field. Features Dump files content to standard output in a binary string format...

Ex-NSO Employee Caught Selling Stolen Phone Hacking Tool For $50 Million

A former employee of one of the world's most powerful hacking companies NSO Group has been arrested and charged with stealing phone hacking tools from the company and trying to sell it for $50 million on the Darknet secretly. Israeli hacking firm NSO Group is mostly known for selling high-tech...