1184 matches found
Cybercrime Gang Recruiting Botmasters for Large-Scale MiTM Attacks on American Banks
A slew of major American banks, some already stressed by a stream of DDoS attacks carried out over the past 10 days, may soon have to brace themselves for a large-scale coordinated attack bent on pulling off fraudulent wire transfers. RSA’s FraudAction research team has been monitoring undergroun...
Wireshark -- Multiple vulnerabilities
Wireshark reports: It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. It may be possible to make Wireshark consume excessive CPU resources by injecting a malformed packet onto the wire or by...
Java Debug Wire Protocol Detection
A Java Debug Wire Protocol JDWP server was detected on the remote host. This is a network protocol that allows debugging of a remote Java virtual machine. Authentication is not required to access this service. A remote, unauthenticated attacker could connect to this service and execute arbitrary...
MongoDB Login Utility
This module attempts to brute force authentication credentials for MongoDB. Note that, by default, MongoDB does not require authentication. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Mongo...
Alleged Russian Cybercriminal Extradited to U.S.
Vladimir Zdorovenin, an alleged prolific Russian cybercriminal, has arrived in New York City following his arrest and subsequent extradition by Swiss authorities. The FBI had been working to find and extradite Zdorovenin for several years. Originally indicted under seal in May 2007, the 54-year-o...
Romanian Men Indicting For Hacking 150 Subway Restaurants
Four Romanian nationals were charged with hacking into the credit card processing systems of some 150 Subway sandwich shops and those of 50 other unnamed retailers, according to a copy of the indictment PDF. The four men and two co-conspirators, identified by their online pseudonyms,...
Suspect in "Hackerazzi" Case Says He Will Plead Guilty
A 35 year-old Florida man is facing a lengthy prison term after being arrested in connection with high profile hacks of the Web-based email accounts of more than 50 celebrities, including Hollywood ingenue Scarlett Johansson. According to a copy of the indictment PDF, Christopher Chaney of...
Harvard researcher arrested on hacking charges
Harvard researcher arrested on hacking charges A Harvard researcher Aaron Swartz has been arrested in Boston for broke into the computer networks at the Massachusetts Institute of Technology to gain access to JSTOR, a non-profit online service for distributing scholarly articles, and downloaded 4...
Harvard researcher arrested on hacking charges
Harvard researcher arrested on hacking charges A Harvard researcher Aaron Swartz has been arrested in Boston for broke into the computer networks at the Massachusetts Institute of Technology to gain access to JSTOR, a non-profit online service for distributing scholarly articles, and downloaded 4...
Indictment Names Reddit Luminary In Theft of Data from MIT
A 24 year-old entrepreneur and star programmer has been indicted by the federal authorities in Boston following and accused of hacking into the network of the Massachusetts Institute of Technology and making off with millions of pages of copyrighted documents. Aaron Swartz, who is best known as a...
IL и XSS уязвимости во многих темах для WordPress
Здравствуйте 3APA3A! Сообщаю вам о найденных мною Information Leakage и Cross-Site Scripting уязвимостях во многих темах для WordPress. В разных шаблонах имеется test.php - скрипт с phpinfo - что приводит к Information Leakage утечка FPD и другой важной информации о сервере и XSS в PHP 4.4.1,...
WordPress WooThemes Live Wire theme - Cross-Site Scripting
WordPress WooThemes Live Wire theme is prone to a cross-site scripting vulnerability. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can steal cookie-based authentication credentials. Other attacks are also...
Nmap NSE net: jdwp-version
Detects the Java Debug Wire Protocol. This protocol is used by Java programs to be debugged via the network. It should not be open to the public Internet, as it does not provide any security against malicious attackers who can inject their own bytecode into the debugged process. Documentation for...
Student Charged With Posting Counterfeit Coupons to 4Chan
A student at New York’s Rochester Institute of Technology RIT has been arrested for producing hundreds of thousands of dollars worth of fake coupons and posting them to 4chan and other websites. Lucas Henderson, a 22-year old computer security student from Lubbock, Texas was charged with wire fra...
FBI Warns of Massive Wire Fraud Scams
The FBI is warning businesses about an ongoing spate of attacks that are stealing millions of dollars from companies through unauthorized bank transfers to Chinese companies. The fraudulent wire transfers are not a new tactic, but the FBI says the current round of attacks is notable in that...
Уязвимости в темах Live Wire 2.0 и Live Wire Style для WordPress
Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting, Full path disclosure, Abuse of Functionality и Denial of Service уязвимостях в темах Live Wire 2.0 и Live Wire Style для WordPress. Это ещё две темы, которые вместе с Live Wire Edition входят в серию Live Wire. Это коммерческ...
Уязвимости в TimThumb и во многих темах для WordPress
Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting, Full path disclosure, Abuse of Functionality и Denial of Service уязвимостях в TimThumb и во многих темах для WordPress. Уязвимыми являются TimThumb и все веб приложения в частности темы для WordPress, которые его используют...
Live Wire 2.0 For WordPress Cross Site Scripting / Denial Of Service
Hello list! I want to warn you about Cross-Site Scripting, Full path disclosure, Abuse of Functionality and Denial of Service vulnerabilities in Live Wire 2.0 and Live Wire Style themes for WordPress. These are another two themes which are a part of Live Wire series together with Live Wire Editio...
Уязвимости в теме Live Wire Edition для WordPress
Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting, Full path disclosure, Abuse of Functionality и Denial of Service уязвимостях в теме Live Wire Edition для WordPress. Это коммерческий шаблон для WP. XSS WASC-08:...
WordPress Theme Live Wire 2.3.1 - Multiple Vulnerabilities
WordPress Theme Live Wire 2.3.1 - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/47299/info Live Wire for Wordpress is prone to multiple security vulnerabilities. These vulnerabilities include multiple denial-of-service vulnerabilities, a cross-site scripting vulnerability, an...