New Strain of Banking Trojan Targets Android, Steals SMS

A relatively new Android Trojan that specializes in stealing banking information by intercepting SMS messages has been making the rounds. Researchers at zScaler spotted the as yet unnamed Trojan circulating as 888.apk. Like many types of malware that came before it, at least for the moment, the...

D-Link DSL-2740R Web Interface Authentication Bypass Vulnerability

The D-Link DSL-2740R is a home wireless ADSL router. An authentication bypass vulnerability exists in the D-Link DSL-2740R web interface, which can be exploited by attackers to modify DNS settings, intercept sessions, or launch denial of service attacks...

蝉知企业门户系统 v3.3csrf修改管理员密码

简要描述： 蝉知企业门户系统 v3.3csrf修改管理员密码 详细说明： 蝉知企业门户系统 v3.3最新版本 存在csrf漏洞 而且我测试的时候发现，即使修改了密码，管理员也不会马上需要重新登陆，所以配合我的回旋镖，可以达到神不知鬼不觉的修改其管理密码 接下来，我就来详细的演示漏洞过程 漏洞证明： 1、我们进入后台，发现没有添加管理员，那么我们来尝试一下修改管理员密码 很有意思，我们发现修改管理员的密码，不需要验证原密码好危险撒！ 那我们再来抓包截断看看有没有token之类的验证 2、用burpsuite截断 我的小伙伴们都惊呆了 有木有？？ 没有验证，就两个password...

CVE-2014-9648

Removed by vendor...

Adobe Flash Player and AIR Information Disclosure Vulnerability (CNVD-2015-00336)

Adobe Flash Player is a Flash file handling program.Adobe Air is a cross-OS runtime library from Adobe. An information leakage vulnerability exists in Adobe Flash Player/AIR that could allow an attacker to construct malicious SWF files, trick users into parsing them, and intercept user keystrokes...

OpenSSL Ephemeral ECDH Cipher Suite Handshake Downgrade (CVE-2014-3572)

A vulnerability has been detected in the way OpenSSL handles TLS handshakes involving certain cipher suites. An attacker might leverage this vulnerability to impersonate a server and intercept secure communications...

Gogo In-flight Internet issues Fake SSL Certificates to its own Customers

Gogo — one of the largest providers of in-flight Internet service — has been caught issuing fake SSL certificates, allowing the inflight broadband provider to launch man-in-the-middle MITM attacks on its own users, view passwords and other sensitive information. The news came to light when securi...

Global mobile security vulnerabilities“for the benefit of the”hack-vulnerability warning-the black bar safety net

German researchers said that global mobile phone operators the use of a system security vulnerabilities allow hackers to large-scale monitoring of mobile phone users traffic as possible. This security issue relates to the distribution standard system Signaling System 7, or SS7 in. The system is...

Cellular communications network discovery security vulnerabilities allow others to monitor the dead calls or intercept text messages-vulnerability warning-the black bar safety net

German researchers in a cellular communication network widely used on the VII signaling system SS7, Signaling System Number 7 on the discovery of a security vulnerability, allowing spies, hackers and criminals potential large-scale monitoring of private phone calls and intercept text messages...

Hackers Can Read Your Private SMS and Listen to Phone Calls

Security researchers have discovered a massive security flaw that could let hackers and cybercriminals listen to private phone calls and read text messages on a potentially vast scale – no matter if the cellular networks use the latest and most advanced encryption available. The critical flaw lie...

Google Document Embedder 2.5.16 SQL Injection

Exploit Title : Google Document Embedder 2.5.16 mysqlrealescpaestring bypass SQL Injection Data : 2014 – 12 -03 Exploit Author : Securely Yoo Hee man Plugin : google-document-embedder Fixed version : N/A Software Link : https://downloads.wordpress.org/plugin/google-document-embedder.2.5.16.zip 1...

Internet Voting Hack Alters PDF Ballots in Transmission

Threats to the integrity of Internet voting have been a major factor in keeping the practice to a bare minimum in the United States. On the heels of the recent midterm elections, researchers at Galois, a computer science research and development firm in Portland, Ore., sent another reminder to...

EFF Calls Out ISPs Modifying STARTTLS Encryption Commands

As Net Neutrality debates swirl, privacy advocates at the Electronic Frontier Foundation and VPN provider Golden Frog have gone public with a Federal Communications Commission filing that got more attention for accusations that Verizon FIOS customers were having their Netflix streaming service...

CVE-2014-3610

The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 does not properly handle the writing of a non-canonical address to a model-specific register, which allows guest OS users to cause a denial of service host OS crash by leveraging guest OS privileges, relate...

CVE-2014-7587

The Blocked in Free aka com.blueup.blocked application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

HackerOne: Ability to see common response titles of other teams (limited)

Hello guys, Not sure what's happening exactly but when I go to my team program dashboard add a new Trigger and then tamper the request and change JSON variable commonresponseid to say 24 and after trigger gets added I see a title of ████████ which is not in my default team template nor added by...

BlackBerry 10 Open to Bug That Allows Malicious App Installation

BlackBerry has patched a vulnerability in its BlackBerry 10 devices that could allow an attacker to intercept users’ traffic to and from the BlackBerry World app store and potentially install malware on a targeted device. The vulnerability is a weakness in the integrity checking system that...

From the DHCP and then dug the broken shell exploits-vulnerability warning-the black bar safety net

Broken shell vulnerabilityShellshockfar-reaching, the use of up seems not so easy, so for the broken shell vulnerability study using the new method will intermittently appear. It is well known, the use of broken shell loophole attacks the Web application has been a popular object of study, and by...

DEBIAN-CVE-2013-4488

libgadu before 1.12.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers...

Люди готовы "на всё" ради бесплатного WiFi

Специалисты из компаний F-Secure, Британского института по информационной безопасности и немецкой компании SySS провели совместное исследование, насколько обычные пользователи готовы подключаться к бесплатному хотспоту, даже если это подключение представляет потенциальную опасность. Для проверки,...