Researchers Disclose Undocumented Chinese Malware Used in Recent Attacks

Cybersecurity researchers have disclosed a series of attacks by a threat actor of Chinese origin that has targeted organizations in Russia and Hong Kong with malware — including a previously undocumented backdoor. Attributing the campaign to Winnti or APT41, Positive Technologies dated the first...

l0l - The Exploit Development Kit

l0l a exploit development kit. with C++ language scripting. Yet, are being developed. Then the beta version will be published. Status Shellcodes : 5 Injectors : 0 Encoders : 0 Backdoors : 6 Install - Requirements : g++ and Python. $ make or, l0l.cpp compile the file.. Exp: $ g++ -o l0l l0l.cpp Ru...

Microsoft Blocks Unsigned DLLs in Edge with Update

The security community rejoiced when Microsoft announced earlier this year that it would strip maligned extensions such as ActiveX and VB Script – often bullied in attacks – from its new Edge browser. Now the company claims a recent update to the browser prevents the loading of unsigned DLLs...

Google Removes 200 Ad-Injectors Chrome Extensions

In the War against Ad injectors, Google has started removing ad-injecting extensions for its Chrome browser after it discovered as many as 200 Chrome extensions that exposed Millions of its users to malicious software and fraudulent activities. While working with a team of researchers from the...

Google to Publish Research on Browser Ad Injectors

Google is preparing to release new research on the prevalence of ad injectors, the often-unwanted browser extensions that inject ads onto Web pages, and the numbers will show just how widespread and problematic the software is. Ad injectors belong to that great, amorphous pile of applications tha...

WebBlizzard CMS 'index.php' SQL注入漏洞

BUGTRAQ ID: 30074 CNCAN ID：CNCAN-2008070701 WebBlizzard CMS是一款基于PHP的WEB应用程序。 WebBlizzard CMS不正确处理用户提交的输入，远程攻击者可以利用漏洞进行SQL注入攻击，可能获得敏感信息或操作数据库。 问题由于'index.php'脚本对用户提交给WEB参数缺少过滤，构建恶意SQL查询作为参数数据，可更改原来的SQL逻辑，获得敏感信息或操作数据库。 WebBlizzard CMS 目前没有解决方案提供： http://www.webblizzard.de/ /usr/bin/perl |+| Vendor...

CMS WebBlizzard - 'index.php' Blind SQL Injection

/usr/bin/perl |+| Vendor Not Notified |+| Author: Bl@ckbe@rD |+| Discovered On: 10 june 2008 |+| greetz: InjEctOrs , underz0ne crew --//-- -- CMS webBlizzard Blind SQL Injection Exploit -- --//-- Exploit : use strict; use LWP::Simple; print...