How I snooped into your private Slack messages [Slack Bug bounty worth $2,500]

When researching about MX records of slack.com, I noticed that they used a 3rd party email service. In that service, however slack.com was already claimed. After a little more research, I found that all the sub-domains of slack.com like teamname.slack.com also had MX set to the same service. Thes...

Here’s How to Hack Windows/Mac OS X Login Password (When Locked)

A Security researcher has discovered a unique attack method that can be used to steal credentials from a locked computer but, logged-in and works on both Windows as well as Mac OS X systems. In his blog post published today, security expert Rob Fuller demonstrated and explained how to exploit a U...

Reading Uber’s Internal Emails [Uber Bug Bounty report worth $10,000]

After recent finding about one of the Uber’s subdomain takeover was publicly disclosed, I looked into Uber to find similar bugs. One of my colleagues Abhibandu Kafle, pointed out that em.uber.com also had CNAME pointing to SendGrid and could be vulnerable to similar kind of issue. I had limited...

VeraCrypt Audit Under Way; Email Mystery Cleared Up

Update To say the VeraCrypt audit, which begins today, got off to an inauspicious start would be an understatement. On Sunday, two weeks after the announcement that the open source file and disk encryption software would be formally scrutinized for security vulnerabilities, executives at one of t...

Bluetooth Smart MITM Framework: BtleJuice

Bluetooth Smart MITM Framework BtleJuice is a complete framework to perform Man-in-the-Middle attacks on Bluetooth Smart devices also known as Bluetooth Low Energy. It is composed of: an interception core an interception proxy a dedicated web interface Python and Node.js bindings How to install...

New Relic: Login CSRF vulnerability

Hi New Relic security team, While doing pentesting on your website, I found that while logging into the account the "authenticitytoken" was not properly validated. I was able to login into my account even without "authenticitytoken". Impact: High Steps to Reproduce: 1 Login to your account. 2 Whi...

Tenable SecurityCenter < 5.4.0 Multiple Vulnerabilities (TNS-2016-12)

According to its self-reported version, the Tenable SecurityCenter application installed on the remote host is prior to 5.4.0. It is, therefore, affected by multiple vulnerabilities : - An arbitrary code execution vulnerability exists in the bundled version of libcurl due to using an insecure pat...

SuperFish Vulnerability

Lenovo Security Advisory: LEN-2015-010 Potential Impact: Man-in-the-Middle Attack Severity: High Summary: This advisory only applies to Lenovo Notebook products. ThinkPad, ThinkCentre, Lenovo Desktop, ThinkStation, ThinkServer and System x products are not impacted. SuperFish was previously...

Misys FusionCapital Opics Plus Information Disclosure Vulnerability

Misys FusionCapital Opics Plus is an end-to-end scalable money business solution for the financial industry from Misys UK. The solution provides IAS-compliant accounting structures, foreign exchange tools and client-facing e-banking capabilities. A security vulnerability exists in Misys...

Google Updates CA Trust Mechanisms in Android Nougat

Google last week announced changes in the way it will handle trusted Certificate Authorities in Nougat, the latest version of the Android operating system. The changes are expected to cut into the likelihood of a successful man-in-the-middle attack, or a device falling victim to an...

Hackers Can Steal Your ATM PIN from Your Smartwatch Or Fitness Tracker

As your day-to-day apparel and accessories are turning into networked mobile electronic devices that attach to your body like smartwatch or fitness band, the threat to our personal data these devices collect has risen exponentially. A recent study from Binghamton University also suggests your...

The vulnerability of the Zyxel ZLD operating system allows a remote attacker to intercept network traffic.

The Zyxel ZyWALL USG 300 network interface card/mesh router does not perform ARP packet authentication for packets transmitted over the IPv4 protocol. This allows for intercepting traffic processed by this router through ARP spoofing attacks...

The vulnerability of the microprogrammed routing software of the D–Link DSR–1000 allows a malicious actor to intercept network traffic.

The microprogrammed software of the D-Link DSR-1000 router does not perform ARP packet authentication for packets transmitted over the IPv4 protocol. This allows for intercepting the traffic processed by this router through ARP spoofing attacks...

The vulnerability of the microprogrammed software of the D–Link DSR–250 router allows a malicious individual to intercept network traffic.

The microprogrammed software of the D-Link DSR-250 router does not perform ARP packet authentication for packets transmitted over the IPv4 protocol. This allows for intercepting the traffic processed by this router through ARP spoofing attacks...

The vulnerability of the microprogrammed logic controller Siemens Simatic S7-1200 allows a malicious actor to intercept communication sessions.

The software of the Siemens SIMATIC S7-1200 programmable logic controller contains a vulnerability in the random number generator integrated into the authentication handler of the web server. During operation, it is possible to intercept a communication session by adjusting the session identifier...

Vulnerability of Cisco ACE software, which allows a malicious actor to intercept sessions

The vulnerability exists in OpenSSL due to an improper limitation on the processing of ChangeCipherSpec messages. Exploiting this vulnerability allows a malicious actor to induce the use of a null-length master key in the OpenSSL-to-OpenSSL communication, thereby intercepting the session or gaini...

Vulnerability of Cisco ASA software, allowing a malicious actor to intercept sessions

The vulnerability exists in OpenSSL due to an improper limitation on the processing of ChangeCipherSpec messages. Exploiting this vulnerability allows a malicious actor to induce the use of a null-length master key in the OpenSSL-to-OpenSSL communication, thereby intercepting the session or gaini...

Instagram Block - Moderately Critical - Information Disclosure - SA-CONTRIB-2016-037

This module enables you to authenticate with Instagram's API via an intermediary service instagram.yanniboi.com. The module doesn't sufficiently advise that your authentication tokens could be intercepted. CVE identifiers issued ACVE identifier will be requested, and added upon issuance, in...

The vulnerability of Cisco IPS software allows a malicious actor to intercept sessions.

The vulnerability exists in OpenSSL due to an improper limitation on the processing of ChangeCipherSpec messages. Exploiting this vulnerability allows a malicious actor to induce the use of a null-length master key in the OpenSSL-to-OpenSSL communication, thereby intercepting the session or gaini...

The vulnerability of Cisco PIX software allows a malicious actor to intercept sessions.

The vulnerability in the Cisco PIX Firewall allows a malicious actor to intercept a user’s VPN session...