29 matches found
SOHO router compromise leads to DNS hijacking and adversary-in-the-middle attacks
In this article 1. DNS hijacking attack chain: From compromised devices to AiTM and other follow-on activity 2. Mitigation and protection guidance 3. Microsoft Defender detection and hunting guidance Executive summary Forest Blizzard, a threat actor linked to the Russian military, has been...
EUVD-2014-9237
Malware in sbrugna...
EUVD-2010-3127
Malware in sbrugna...
EUVD-2015-7196
Malware in sbrugna...
HCL Traveler 代码问题漏洞
HCL Traveler is a software from HCL India. It is used to provide automatic, bi-directional, wireless synchronization between HCL Domino servers and wireless handheld devices. A security vulnerability exists in HCL Traveler for Microsoft Outlook that stems from vulnerability to COM hijacking attac...
CVE-2023-31225
The Gallery app has the risk of hijacking attacks. Successful exploitation of this vulnerability may cause download failures and affect product availability...
CVE-2023-31225
The Gallery app has the risk of hijacking attacks. Successful exploitation of this vulnerability may cause download failures and affect product availability...
Design/Logic Flaw
The Gallery app has the risk of hijacking attacks. Successful exploitation of this vulnerability may cause download failures and affect product availability...
CVE-2023-31225
The Gallery app has the risk of hijacking attacks. Successful exploitation of this vulnerability may cause download failures and affect product availability...
CVE-2023-31225
Technical details about CVE-2023-31225 are not publicly provided in the supplied documents. Monitor for updates from vendors and security advisories.
CVE-2023-31225
The Gallery app has the risk of hijacking attacks. Successful exploitation of this vulnerability may cause download failures and affect product availability...
Ubuntu: Security Advisory (USN-5034-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Learn How Hackers Can Hijack Your Online Accounts Even Before You Create Them
Malicious actors can gain unauthorized access to users' online accounts via a new technique called "account pre-hijacking," latest research has found. The attack takes aim at the account creation process that's ubiquitous in websites and other online platforms, enabling an adversary to perform a...
New Research Paper: Pre-hijacking Attacks on Web User Accounts
In 2020, MSRC awarded two Identity Project Research Grants to support external researchers working to further strengthen the security of identity protocols and systems. Today we are pleased to release the results of the first of these projects. This research, led by independent security researche...
New Research Paper: Pre-hijacking Attacks on Web User Accounts
In 2020, MSRC awarded two Identity Project Research Grants to support external researchers working to further strengthen the security of identity protocols and systems. Today we are pleased to release the results of the first of these projects. This research, led by independent security researche...
Golang Go CVE-2019-16276 HTTP Request Smuggling Vulnerability
Description Golang Go is prone to an HTTP-request-smuggling vulnerability. A remote attacker may leverage this issue to poison web caches,bypass security defenses, launch cross-site scripting and HTML-injection attacks, and execute session-hijacking attacks. Other attacks are also possible...
Facebook Proxygen Security Vulnerability (CNVD-2017-05674)
Facebook Proxygen is a set of open source C++ HTTP class libraries from the U.S. company Facebook . A security vulnerability exists in the SPDY/2 codec in versions of Facebook Proxygen prior to 2015-11-09. An attacker can exploit the vulnerability to perform hijacking and injection attacks...
CVE-2015-7265
Facebook Proxygen before 2015-11-09 mismanages HTTPMessage.request state, which allows remote attackers to conduct hijacking attacks and bypass ACL checks...
CVE-2015-7263
The SPDY/2 codec in Facebook Proxygen before 2015-11-09 allows remote attackers to conduct hijacking attacks and bypass ACL checks via a crafted host value...
Design/Logic Flaw
Facebook Proxygen before 2015-11-09 mismanages HTTPMessage.request state, which allows remote attackers to conduct hijacking attacks and bypass ACL checks...