Has Your TeamViewer Account Been Hacked? Here's What to Do Immediately

Do you have remote login software TeamViewer installed on your desktop? If Yes, then it could be possible that your system can be accessed by attackers to steal your personal details, including your bank and PayPal accounts, as several reports on Reddit and Twitter suggests. According to recent...

Joomla Jumi 3.0.5 Cross Site Scripting

Exploit Title : Joomla Component comjumi - Cross Site Scripting Exploit Author : Persian Hack Team Vendor Homepage : http://extensions.joomla.org/extension/jumi Category: Webapps Tested on: Win Date: 2016/05/26 Version : 3.0.5 PoC: fileid vulnerable to XSS Payload = "PersianHack Team Demo :...

Report: Federal Reserve Target of Constant Hack Attacks

Forced to come clean on breaches against the U.S. Federal Reserve, the Fed on Wednesday revealed the agency that drives financial markets around the world has been breached as many as 50 times in the past five years. As part of a Freedom of Information Act request by the Reuters news agency, the...

Ubuntu: Security Advisory (USN-2985-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

LinkedIn Breach Just Got A Lot Worse: 117 Million New Logins For Sale

Over 117 million LinkedIn user logins are for sale on the black market “The Real Deal” by hacker “Peace” for five Bitcoins $2,280. The breach is tied to an earlier hack on LinkedIn in 2012, when the company originally said 6.5 million accounts had been compromised. The hacker, identified as Peace...

Joomla Event Manager 2.x Cross Site Scripting

Exploit Title : Joomla Event Manager comjem - Cross Site Scripting Exploit Author : Persian Hack Team Vendor Homepage : http://www.joomlaeventmanager.net/download Category: Webapps Tested on: Win Version: 2.x Date: 2016/05/11 PoC: itemid=XSS Payload = "PersianHack Team Demo :...

Identity Thieves Used Leaked PII to Steal ADP Payroll Info

Cybercriminals accessed a W-2 portal maintained by payroll company ADP recently to glean sensitive information about employees at a handful of companies. The company is stressing that the company itself wasn’t hacked, but that it appears identity thieves may have been able to create ADP accounts ...

For the First time, FBI discloses a Flaw to Apple, but it's already Patched!

In Brief The Federal Bureau of Investigation FBI made its first disclosure about a software security flaw to Apple under the Vulnerability Equities Process VEP, a White House initiative created in April 2014 for reviewing flaws and deciding which ones should be made public. Unfortunately, the...

IrIran Shopping Script 4.1 Cross Site Scripting

Exploit Title : IrIran Shoping Script Cross Site Scripting Vulnerability Exploit Author : Persian Hack Team Vendor Homepage : http://www.iriran.net/eshopbuilder/ Google Dork : "Powered by: IRIran.net" Date: 2016/04/26 Category: Webapps Tested on: Win /php Version : 4.1 PoC: Search Box Vulnerable ...

i-Tech Nepal Radio CMS 2.0 SQL Injection

Exploit Title : i-Tech Nepal Radio CMS SQL Injection Vulnerability Exploit Author : Persian Hack Team Vendor Homepage : http://www.itechnepal.com Google Dork : "Powered By : i-Tech Nepal" inurl:php? Date: 2016/04/26 Category: Webapps Tested on: Win /php Version : 2.0 Vulnerable Inputs: + alid + i...

Sony PlayStation Network to Get Two-Factor Authentication

In Brief: Sony is finally bolstering the security of the PlayStation Network by adding Two-Factor Authentication to the servers — almost five years after a massive hack that exposed data of over 77 Million users. Sony confirmed to Polygon today that it is planning to introduce two-factor...

Webnet CMS 1.2 XSS / File Disclosure / SQL Injection

Exploit Title : Webnet CMS Multiple Vulnerabilities Exploit Author : Persian Hack Team Vendor Homepage : http://www.webnet.ir/ Homepage : http://www.persian-team.ir Date: 2016/04/15 Version : 1.2 POC: 1-LFDLocal File Dislocation Explain : ids Parameter encode base64 Path , you can use...

Katie Moussouris on Hack the Pentagon, Embracing Hackers

Mike Mimoso talks to Katie Moussouris about her newly launched consultancy Luta Security, the Hack the Pentagon bug bounty program, and some ISO news around vulnerability disclosure. Download: KatieMoussourisonHerNewConsultancyHackthePentagonandMore.mp3 Music by Chris Gonsalves...

ChitaSoft CMS 3 Cross Site Scripting

Exploit Title : ChitaSoft v3 CMS Cross Site Scripting Exploit Author : Persian Hack Team Vendor Homepage : http://www.chitasoft.com/products/3 Author Homepage : http://www.persian-team.ir Date: 2016/04/15 Version : 3 PoC: product.php?id=XSS Payload = ' Demo:...

Forensic Firm that Unlocked Terrorist's iPhone 5C is Close to Crack iPhone 6

The FBI didn't disclose the identity of the third-party company that helped them access the San Bernardino iPhone, but it has been widely believed that the Israeli mobile forensic firm Cellebrite was hired by the FBI to put an end to the Apple vs. FBI case. For those unfamiliar in the Apple vs. F...

Hack the Pentagon DOD Bug Bounty

MIAMI—Lisa Wiswell’s phone rang off the hook last summer in the throes of the OPM hack. But she wasn’t just answering questions from those whose security clearance and personal data disappeared into the Chinese ether; there were also hackers on the other end of the line offering their help...

FBI Cracks the iPhone, Scourge of Ransomware Hits Hospitals, and the Hack the Pentagon Program

Mike Mimoso and Chris Brook recap the week in news, including how the FBI cracked that iPhone, the barrage of ransomware hitting hospitals, and the Hack the Pentagon bug bounty trial program announcement. Download: ThreatpostNewsWrap-April12016.mp3 Music by Chris Gonsalves...

Word Search - Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Word Search published at the 'play' market has multiple vulnerabilities...

AIMP - Customized SSL, Exported components, External URLs vulnerabilities

HackApp vulnerability scanner discovered that application AIMP published at the 'play' market has multiple vulnerabilities...

NHL - Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application NHL published at the 'play' market has multiple vulnerabilities...