Hacked App Part of US/Israeli Propaganda Campaign Against Iran

Wired has the story: Shortly after the first set of explosions, Iranians received bursts of notifications on their phones. They came not from the government advising caution, but from an apparently hacked prayer-timing app called BadeSaba Calendar that has been downloaded more than 5 million time...

Hacked Prayer App Sends ‘Surrender’ Messages to Iranians Amid Israeli and US Strikes

As Israeli airstrikes hit Tehran this morning, Iranians received mysterious push notifications saying that “help is on the way,” promising amnesty if they surrender...

tehranchemie.co Cross Site Scripting vulnerability OBB-3587976

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Iran’s Internet Blackouts Are Sabotaging Its Own Economy

A new US State Department assessment highlights the stark economic toll of Tehran’s recent shutdowns and platform control...

An Attack on Albanian Government Suggests New Iranian Aggression

A Tehran-linked hack of a NATO member marks a significant escalation against the backdrop of US-Iran nuclear talks...

Detailed: Here's How Iran Spies on Dissidents with the Help of Hackers

Twin cyber operations conducted by state-sponsored Iranian threat actors demonstrate their continued focus on compiling detailed dossiers on Iranian citizens that could threaten the stability of the Islamic Republic, including dissidents, opposition forces, and ISIS supporters, and Kurdish native...

tehran-tea.ir Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1172285 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

tehran-intex.com XSS vulnerability

Open Bug Bounty ID: OBB-634238 Description| Value ---|--- Affected Website:| tehran-intex.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

netbarg.com XSS vulnerability

Open Bug Bounty ID: OBB-494214 Description| Value ---|--- Affected Website:| netbarg.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Disclosure Standard:| Coordinated Disclosure based o...

tehran-kharid.ir XSS vulnerability

Vulnerable URL: http://www.tehran-kharid.ir/?s= Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 1739381 VIP website status:| No Check tehran-kharid.ir SSL connection:| Grade: A...

tehran-city.locopoc.com XSS vulnerability

Vulnerable URL: http://tehran-city.locopoc.com/q-dd524-'-alert'OPENBUGBOUNTY'-' Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No Chec...

tehran-city.locopoc.com XSS vulnerability

Vulnerable URL: http://tehran-city.locopoc.com/q-'-alert%60OPENBUGBOUNTY%60-' Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No Check...

Threat Outbreak Alert RuleID18377: Email Messages Distributing Malicious Software on September 30, 2015

Medium Alert ID: 41286 First Published: 2015 September 30 14:13 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID18377 may contain the following files: Name ...

AJA Portal 1.2 - Local File Inclusion Vulnerabilities (win)

No description provided by source. -------------:multi local file include:------------ --------------- script:AJA 1.2 ------------------------------------------------------------------ download from:http://www.magtrb.com/en/modules.php?name=Downloads&op=getit&lid=6...

Exclusive : New Touch ID hack allows hacker to unlock an iPhone by multiple fingerprints

The Iranian group defeated the very basic phenomenon of an iPhone Fingerprinting scanner, which allows them to unlock an iPhone device with multiple Fingerprints. Apple's iPhone 5s, was launched just available in stores two weeks before with a new feature of biometrics-based security system calle...

Exclusive : New Touch ID hack allows hacker to unlock an iPhone by multiple fingerprints

The Iranian group defeated the very basic phenomenon of an iPhone Fingerprinting scanner, which allows them to unlock an iPhone device with multiple Fingerprints. Apple‘s iPhone 5s, was launched just available in stores two weeks before with a new feature of biometrics-based security system calle...

Religious 'Madi' Spyware Spies on Critical Infrastructure in Middle East

A new variety of spyware has been targeting users in Iran, Israel and the Middle East for the last eight months according to joint research from Israeli security software firm Seculert and Kaspersky Lab. The new malware is using a variety of odd techniques and misdirection to entice users to...

News Roundup: What The Experts Are Saying About The Flame Worm

UPDATE: Are the winds of cyber war blowing, or is the newly discovered Flame worm just a tempest in a teapot? Just days after it was disclosed to the public, the Flame worm is fanning the flames of controversy within the security world. Threatpost takes a look at what people are saying. Calling...

DAPH CMS Shell Upload

Exploit Title: DAPH CMS Remote File Upload RFU Vulnerability Date: 2012-02-04 GMT +7 Author: BHG Security Center Discovered : Nitrojen90 Software Link: http://www.daph.gov.lk/ Dork: inurl:Animal Production and Health DAPH Tested on: ubuntu 11.04 CVE : -...

Anfibia Remote Command Execution

Exploit Title: Anfibia Remote Command Execution RCE Vulnerability Date: 2012-02-03 GMT +7 Author: BHG Security Center Discovered : Nitrojen90 Software Link: http://www.anfibia.com.br/ Dork: intext:"/op1.txt" "command" filetype:php Tested on: ubuntu 11.04 CVE : -...