The Dumbest Hack of the Year Exposed a Very Real Problem

Last April, a hacker hijacked crosswalk announcements to mimic Mark Zuckerberg and Elon Musk. Records obtained by WIRED reveal how unprepared local authorities were...

Palo Alto Crosswalk Signals Had Default Passwords

Palo Alto's crosswalk signals were hacked last year. Turns out the city never changed the default passwords...

EUVD-2016-6616

Malware in sbrugna...

SparklingGoblin Revamps SideWalk Backdoor for Linux Variant

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary SparklingGoblin aka Earth Baku State-backed Chinese hackers has integrated a Linux variant of the SideWalk backdoor. SparklingGoblin Threat actors typically target East and Southeast Asian countries, wit...

CISA, NIST Says Use Cybersecurity Control Systems

The agencies conducted a crosswalk of existing cybersecurity documents and identified nine categories to be used as the foundation for preliminary control systems cybersecurity performance goals...

Researchers Disclose Undocumented Chinese Malware Used in Recent Attacks

Cybersecurity researchers have disclosed a series of attacks by a threat actor of Chinese origin that has targeted organizations in Russia and Hong Kong with malware — including a previously undocumented backdoor. Attributing the campaign to Winnti or APT41, Positive Technologies dated the first...

Researchers Disclose Undocumented Chinese Malware Used in Recent Attacks

Cybersecurity researchers have disclosed a series of attacks by a threat actor of Chinese origin that has targeted organizations in Russia and Hong Kong with malware — including a previously undocumented backdoor. Attributing the campaign to Winnti or APT41, Positive Technologies dated the first...

CB Threat Analysis Unit: Technical Analysis of “Crosswalk”

The technical analysis is related to the TAU-TIN for the same malware which can be located in this post. FireEye recently reported on APT41, a Chinese state sponsored espionage group. The group has been documented as targeting healthcare, high-tech, and telecommunications companies for traditiona...

CB TAU Threat Intelligence Notification: State-Sponsored Espionage Group Targeting Multiple Verticals with ‘Crosswalk’

FireEye recently reported on APT41, a Chinese state-sponsored espionage group. The group has been documented as targeting healthcare, high-tech, and telecommunications companies for traditional corporate espionage purposes. Additionally this group has also targeted companies in the video game...

crosswalk-project.org XSS vulnerability

Open Bug Bounty ID: OBB-629465 Description| Value ---|--- Affected Website:| crosswalk-project.org Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Facebook Graph OpenSearch Phone Number Metadata Crosswalk Mapping

!/usr/bin/perl Facebook 'Graph' OpenSearch Phone Number metadata crosswalk mapping PoC 2018 Todor Donev https://ethical-hacker.org/ https://facebook.com/ethicalhackerorg Description: Criminal hacker CRACKER can take advantage of this weakness by creating a specialized database to manipulate...

Facebook Graph Phone Number Metadata Crosswalk Mapping Proof Of Concept

!/usr/bin/perl Facebook 'Graph' Phone Number metadata crosswalk mapping PoC 2018 Todor Donev https://ethical-hacker.org/ https://facebook.com/ethicalhackerorg Description: Criminal hacker CRACKER can take advantage of this weakness by creating a specialized database to manipulate facebook users...

Facebook Graph Metadata Crosswalk Mapping Proof Of Concept

!/usr/bin/perl Facebook 'Graph' metadata crosswalk mapping PoC 2018 Todor Donev https://ethical-hacker.org/ https://facebook.com/ethicalhackerorg Description: Criminal hacker CRACKER can take advantage of this weakness by creating a specialized database to manipulate facebook users with fake news...

OpenSSL 0.9.x < 0.9.6 MitM (Crosswalk)

Binary data 9461.prm...

Intel Crosswalk Man-in-the-Middle Attack Vulnerability

Intel Crosswalk is the United States Intel Intel company's set of Web engines. A man-in-the-middle attack vulnerability exists in Intel Crosswalk because the program fails to properly validate X.509 certificates. An attacker can exploit this vulnerability with a specially crafted certificate to...

CVE-2016-5672

Intel Crosswalk before 19.49.514.5, 20.x before 20.50.533.11, 21.x before 21.51.546.0, and 22.x before 22.51.549.0 interprets a user's acceptance of one invalid X.509 certificate to mean that all invalid X.509 certificates should be accepted without prompting, which makes it easier for...

CVE-2016-5672

Intel Crosswalk before 19.49.514.5, 20.x before 20.50.533.11, 21.x before 21.51.546.0, and 22.x before 22.51.549.0 interprets a user's acceptance of one invalid X.509 certificate to mean that all invalid X.509 certificates should be accepted without prompting, which makes it easier for...

Information disclosure

Intel Crosswalk before 19.49.514.5, 20.x before 20.50.533.11, 21.x before 21.51.546.0, and 22.x before 22.51.549.0 interprets a user's acceptance of one invalid X.509 certificate to mean that all invalid X.509 certificates should be accepted without prompting, which makes it easier for...

CVE-2016-5672

Intel Crosswalk before 19.49.514.5, 20.x before 20.50.533.11, 21.x before 21.51.546.0, and 22.x before 22.51.549.0 interprets a user's acceptance of one invalid X.509 certificate to mean that all invalid X.509 certificates should be accepted without prompting, which makes it easier for...

CVE-2016-5672

CVE-2016-5672: Intel Crosswalk before 19.49.514.5, 20.x before 20.50.533.11, 21.x before 21.51.546.0, and 22.x before 22.51.549.0 mishandles an initial user acceptance of an invalid X.509 certificate, causing the app to permanently accept all future invalid certificates without further prompts. T...