FinalRecon - The Last Web Recon Tool You'll Need

FinalRecon is a fast and simple python script for web reconnaissance. It follows a modular structure so in future new modules can be added with ease. Featured NullByte https://null-byte.wonderhowto.com/how-to/conduct-recon-web-target-with-python-tools-0198114/...

Now Chrome Can Block Ads That Leach Power From Your CPU

Google developers have built a feature to help you avoid abusive ads. Here’s how to turn it on...

Create-Project Manager 1.07 Cross Site Scripting / HTML Injection

Exploit Title: Create-Project Manager 1.07 Multi XSS /HTML injection Vunlerabilities Google Dork:N/A Date: 2020-05-06 Exploit Author: @ThelastVvV Vendor Homepage: https://codecanyon.net/item/create-project-manager-with-authenticator/20483329?srank=3 Version: 1.6 Tested on: 5.4.0-kali4-amd64...

What Is Fleeceware, and How Can You Protect Yourself?

Sneaky developers are charging big bucks for basic apps. Here's how to spot a scam in sheep's clothing...

FreeBSD : py-bleach -- regular expression denial-of-service (4c52ec3c-86f3-11ea-b5b4-641c67a117d8)

Bleach developers reports : bleach.clean behavior parsing style attributes could result in a regular expression denial of service ReDoS. Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean..., attributes='a': 'style'. C...

CVE-2020-6825

Mozilla developers and community members Tyson Smith and Christian Holler reported memory safety bugs present in Firefox 74 and Firefox ESR 68.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary...

Memory corruption

Mozilla developers and community members Tyson Smith and Christian Holler reported memory safety bugs present in Firefox 74 and Firefox ESR 68.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary...

Over 700 Malicious Typosquatted Libraries Found On RubyGems Repository

As developers increasingly embrace off-the-shelf software components into their apps and services, threat actors are abusing open-source repositories such as RubyGems to distribute malicious packages, intended to compromise their computers or backdoor software projects they work on. In the latest...

MS16-015: Description of the security update for Excel 2016: February 9, 2016

MS16-015: Description of the security update for Excel 2016: February 9, 2016 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft...

Official Government COVID-19 Mobile Apps Hide a Raft of Threats

A rash of COVID-19 Android mobile apps have emerged that are aimed at helping citizens in Iran, Italy and Colombia track symptoms and virus infections. However, they’re also putting people’s privacy and the security of their data at risk, researchers have found. Security researchers at the ZeroFO...

Windows Unquoted Service Path Privilege Escalation

This module exploits a logic flaw due to how the lpApplicationName parameter is handled. When the lpApplicationName contains a space, the file name is ambiguous. Take this file path as example: C:\program files\hello.exe; The Windows API will try to interpret this as two possible paths:...

Thousands of Android Apps Are Silently Accessing Your Data

More than 4,000 Google Play apps let developers and advertisers collect a list of the user's other installed apps, no permission needed...

[SECURITY] Fedora 31 Update: tor-0.4.2.7-1.fc31

The Tor network is a group of volunteer-operated servers that allows people to improve their privacy and security on the Internet. Tor's users employ this network by connecting through a series of virtual tunnels rather than makin g a direct connection, thus allowing both organizations and...

[SECURITY] Fedora 30 Update: tor-0.4.2.7-1.fc30

The Tor network is a group of volunteer-operated servers that allows people to improve their privacy and security on the Internet. Tor's users employ this network by connecting through a series of virtual tunnels rather than makin g a direct connection, thus allowing both organizations and...

[SECURITY] Fedora 32 Update: tor-0.4.2.7-1.fc32

The Tor network is a group of volunteer-operated servers that allows people to improve their privacy and security on the Internet. Tor's users employ this network by connecting through a series of virtual tunnels rather than makin g a direct connection, thus allowing both organizations and...

Ransomware Maze

ARCHIVED STORY Ransomware Maze Alexandre Mundo · MAR 26, 2020 Overview The Maze ransomware, previously known in the community as “ChaCha ransomware”, was discovered on May the 29th 2019 by Jerome Segura1. The main goal of the ransomware is to crypt all files that it can in an infected system and...

Applied ThreadFix: Getting the Most Out of Your Training Investment

As we talked about in an earlier blog post, secure coding training for developers can be expensive. Knowledgeable individuals who are adept at training are relatively rare. Quality training materials are expensive to develop and maintain. For these reasons, solid commercial instructor-led trainin...

Google’s War on Android App Permissions, 60 Percent Successful

Overzealous Android apps that needlessly ask for permissions to handset resources such as contact lists and location data are not only obnoxious, but also potential privacy threats. To address this hot-button issue with Android users Google implemented a strict permission policy designed to curb...

Google Advises Android Developers to Encrypt App Data On Device

Google today published a blog post recommending mobile app developers to encrypt data that their apps generate on the users' devices, especially when they use unprotected external storage that's prone to hijacking. Moreover, considering that there are not many reference frameworks available for t...

CVE-2019-11770

In Eclipse Buildship versions prior to 3.1.1, the build files indicate that this project is resolving dependencies over HTTP instead of HTTPS. Any of these artifacts could have been MITM to maliciously compromise them and infect the build artifacts that were produced. Additionally, if any of thes...