97 matches found
Pirate Bay Spotted Hosting Monero Cryptocurrency Miner
A cryptocurrency miner surfaced on the world’s largest torrenting site for a day over the weekend, raising the ire of users unaware the tool was there, let alone leveraging their machine’s computing power. Users noticed the miner Friday night on The Pirate Bay, a site that acts as a treasure trov...
Abuse of Apple Search Ads Feature Leading to Fraud
Apple has removed one of its top 10 grossing productivity apps after an independent developer’s story about fraudsters’ abuse of the App Store’s Search Ads functionality went viral. Search Ads is a new feature available to iOS developers that allows them to invest in the promotion of their apps...
WordPress 4.7.3 Patches Half-Dozen Vulnerabilities
WordPress released a security update on Tuesday that patched a half-dozen bugs, including one that could be chained with the recent REST API Endpoint flaw that led to a million website defacements. Given that the bug was introduced in WordPress 4.7 and the availability of a patch that backports...
Criminals Monetizing Attacks Against Unpatched WordPress Sites
Criminals have inevitably begun to attempt to monetize attacks against WordPress sites still vulnerable to a severe REST API endpoint vulnerability silently patched in the recent 4.7.2 security update. While more than one million websites have been defaced, researchers are now beginning to see so...
Wordpress Tevolution Plugin 2.3.1 Arbitrary Shell Upload Vulnerability
Exploit for php platform in category web applications Exploit Title : Wordpress Tevolution Plugin 2.3.1 Arbitrary Shell Upload Vulnerability Exploit Author : xBADGIRL21 Dork : inurl:/wp-content/plugins/Tevolution/tmplconnector Vendor Homepage : https://templatic.com/ version : 2.3.1 Tested on:...
ZeroClipboard Wordpress plugin XSS / FPD Vulnerabilities
Cross-Site Scripting vulnerabilities in multiple plugins for WordPress with ZeroClipboard.swf. These are Cross-Site Scripting vulnerabilities in multiple plugins for WordPress with ZeroClipboard.swf. Earlier I've wrote about Cross-Site Scripting vulnerabilities in ZeroClipboard...
Call for Articles : THN Magazine June 2012, Malware Edition
Call for Articles : THN Magazine June 2012, Malware Edition The Hacker News is calling for our June Magazine on the issue related to MALWARE. We'd like to see an analysis of the history of these most worrying viruses and the contemporary usage in cyber espionage and cyber warfare. It would be...
Security holes in Android with apps Advertisements
Security holes in Android with apps Advertisements Researchers at North Carolina State University have found privacy and security holes in Android apps because of in-application advertisements. They study the popular Android platform and collect 100,000 apps from the official Android Market in...
Koobface Gang Shuts Down C&C Server, Drops Offline
The crew behind the Koobface worm, who have been quite open about their exploits and financial gains from their work in the past, now seem to be ducking underground as pressure is building on them in the wake of exposures of their operation and real identities. The command-and-control server used...
Expert: Malicious Mobile App Fears Overblown
“It’s the code, stupid!” At least that’s what application security expert Andy Chou observes about go-go world of mobile devices. In this interview with Threatpost’s Paul Roberts, recorded at the RSA Security Conference in San Francisco, Chou said that mobile device software vendors face many of...
Analysis Shows DroidDream Trojan Designed for Future Monetization
A detailed analysis of the DroidDream Trojan that was found in dozens of apps in the Android Market this week shows that the malware has a modular construction that likely was designed to give attackers the ability to monetize infected devices through installations of adware or spyware. The Troja...
Gumblar Crew Starts Monetizing Compromised Servers
It looks like the group behind the Gumblar mass Web-site infections is beginning to get serious about making some money from all of the servers that the attacks have compromised in the last 18 months. The group has begun using some of its compromised servers in spam operations that are pushing th...
Edgephp ClickBank Affiliate Marketplace Script - Multiple Vulnerabilities
Edgephp ClickBank Affiliate Marketplace Script - Multiple Vulnerabilities Author: L0rd CrusAd3r aka VSN [email protected] Exploit Title:Edgephp Clickbank Affiliate Marketplace Script Multiple Vulnerability Vendor url:http://www.edgephp.com Version:1 Published: 2010-07-11 Greetz to:r0073r...
PGAUTOPro - SQL Injection Cross-Site Scripting (1)
PGAUTOPro - SQL Injection Cross-Site Scripting 1 ======================================= PGAUTOPro SQLi and XSS Vulnerability ======================================= 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 ...
PGAUTOPro - SQL Injection / Cross-Site Scripting (1)
======================================= PGAUTOPro SQLi and XSS Vulnerability ======================================= 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database...
Mac OS X Ransomware 'A Matter of Time'
In need of a fresh example that cybercriminals are actively looking for ways to monetize infected Mac OS X hosts? Early-stage discussions at several web forums, including a PoC proof of concept, source code included Mac OS X blocker as well as potential GUIs for the ransomware, offer an insight...
Dave Dittrich on Botnets, Conficker and the Evolution of Malware
Dennis Fisher talks with Dave Dittrich of the University of Washington, one of the top botnet and malware researchers in the industry, about the evolution of botnets and malware, the innovations of the Nugache botnet and the monetization of large-scale botnets. Download Subscribe to the Digital...