TianoCore EDK II BIOS Vulnerabilities - US

Lenovo Security Advisory: LEN-22660 Potential Impact: Denial of service, privilege escalation Severity: Medium Scope of Impact: Industry-wide Summary Description: Lenovo was notified of multiple buffer validation and parsing vulnerabilities in TianoCore EDK II BIOS that could lead to denial of...

LDAP_Search - Tool To Perform LDAP Queries And Enumerate Users, Groups, And Computers From Windows Domains

LDAPSearch can be used to enumerate Users, Groups, and Computers on a Windows Domain. Authentication can be performed using traditional username and password, or NTLM hash. In addition, this tool has been modified to allow brute force/password-spraying via LDAP. LdapSearch makes use of Impackets...

CVE-2018-12120

Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by default: When the debugger is enabled with node --debug or node debug, it listens to port 5858 on all interfaces by default. This may allow remote computers to attach to the debug port and evaluate...

xkcd on Voting Computers

Funny and true...

Active Directory Reconnaissance: ADRecon

ADRecon is a tool which extracts various artifacts as highlighted below out of an AD environment in a specially formatted Microsoft Excel report that includes summary views with metrics to facilitate analysis. The report can provide a holistic picture of the current state of the target AD...

Inmates pirated movies from computers they build with spare parts

By Waqas Initial investigations showed the same inmates were found hacking prison's This is a post from HackRead.com Read the original post: Inmates pirated movies from computers they build with spare parts...

Artificial Intelligence and the Attack/Defense Balance

Artificial intelligence technologies have the potential to upend the longstanding advantage that attack has over defense on the Internet. This has to do with the relative strengths and weaknesses of people and computers, how those all interplay in Internet security, and where AI technologies migh...

2,000 Colorado DOT computers infected with SamSam Ransomware

By Uzair Amir Another day, another ransomware scam - This time, it is This is a post from HackRead.com Read the original post: 2,000 Colorado DOT computers infected with SamSam Ransomware...

macOS Malware Creator Charged With Spying on Thousands of PCs Over 13 Years

The U.S. Justice Department unsealed 16-count indictment charges on Wednesday against a computer programmer from Ohio who is accused of creating and installing spyware on thousands of computers for more than 13 years. According to the indictment, 28-year-old Phillip R. Durachinsky is the alleged...

ADRecon - Tool Which Gathers Information About The Active Directory

ADRecon is a tool which extracts various artifacts as highlighted below out of an AD environment in a specially formatted Microsoft Excel report that includes summary views with metrics to facilitate analysis. The report can provide a holistic picture of the current state of the target AD...

BlueBorne Bluetooth Vulnerabilities

US-CERT is aware of a collection of Bluetooth vulnerabilities, known as BlueBorne, potentially affecting millions of unpatched mobile phones, computers, and Internet of Things IoT devices. A remote attacker could exploit several of these vulnerabilities to take control of affected devices. US-CER...

clickbank.com XSS vulnerability

Vulnerable URL: http://www.clickbank.com/product-category/computers-internet/?viewport=%22%3E%3Cimg%20src=x%20onerror=prompt/OPENBUGBOUNTY/;%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed...

Police Arrest Man Potentially Linked to Group Threatening to Wipe Millions Of iPhones

The British authority has reportedly arrested a 20-years-old young man – potentially one of the member of a cyber criminal gang 'Turkish Crime Family' who threatened Apple last week to remotely wipe data from millions of iOS devices unless Apple pays a ransom of $75,000. The UK's National Crime...

IRS Releases Tax-Time Guide

The Internal Revenue Service IRS has released tax-time advice intended to help the public protect their personal and financial data and computers. Recommendations include using strong passwords, backing up files, and using robust security software to help block malware and viruses. Users and...

FBI Hacked into 8,000 Computers in 120 Countries Using A Single Warrant

The FBI hacked into more than 8,000 computers in 120 different countries with just a single warrant during an investigation into a dark web child pornography website, according to a newly published court filings. This FBI's mass hacking campaign is related to the high-profile child pornography...

Firefox Add-On Flaw Leaves Apple And Windows Computers Open To Attack

Researchers warn hundreds of popular Firefox browser extensions are vulnerable to attack that could give hackers control of Mac OS X and Windows computers. Researchers from Northeastern University say the flaw is tied to Firefox’s support for an older browser extension platform and the Mozilla...

Microsoft Windows USB Mass Storage CVE-2016-0133 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete compromise of affected computers. Technologies Affected Microsoft...

Microsoft Revoves Trust for eDellroot Certficates

In the wake of last week’s eDellroot fiasco, Microsoft announced Monday that it revoked support for the self-signed, trusted root certificates that were found on some Dell computers. In a security advisory published on Monday, the company acknowledged that in order to prevent fraud, it removed...

Dell Computers Contain CA Root Certificate Vulnerability

Dell personal computers using the preinstalled certificate authority CA root certificate eDellRoot contain a critical vulnerability. Exploitation of the vulnerability could allow a remote attacker to read encrypted web browser traffic HTTPS, impersonate spoof any website, or perform other attacks...

Snort 2.4.x URIContent Rules Detection Evasion Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/18200/info Snort is reportedly prone to a vulnerability that may allow malicious packets to bypass detection. A successful attack can allow attackers to bypass intrusion detection and to carry out attacks against computer...