Report: Intel Facing New Spectre-Like Security Flaws

Intel may be facing as many as eight new Spectre-level vulnerabilities in its chips, a new report alleges. The report comes months after the Spectre and Meltdown flaws first rocked the silicon industry in early 2018. German magazine c’t reported on Thursday that the new security flaws in Intel CP...

nolanpartners.com.au XSS vulnerability

Open Bug Bounty ID: OBB-609906 Description| Value ---|--- Affected Website:| nolanpartners.com.au Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Test Your IQ 1.1 SQL Injection

Exploit Title: Test Your IQ v1.1 - SQL Injection Google Dork: inurl:"/index.php?page=vysledek" Date: 2018/25/04 Exploit Author: ShanoWeb Author Mail : MrdotNet2NetatGmaildotcom Vendor Homepage: http://testyouriqnow.com/ Software Buy: https://codecanyon.net/item/test-your-iq/6400433 Demo:...

PyRoMine Uses NSA Exploit for Monero Mining and Backdoors

The ShadowBrokers’ release of a trove of National Security Agency exploits last year appears to be the gift that keeps on giving, to the hacker community at least: A fresh malware that uses the EternalRomance tool has hit the scene, with Monero-mining as the stated goal. However, more damaging...

Exploit Targets Nvidia Tegra-Based Nintendo Systems

UPDATE – Nvidia sought to downplay a vulnerability discovered in its Tegra X1-based systems in a recently published notice. “A researcher indicates that a person with physical access to older Tegra-based processors could connect to the device’s USB port, bypass the secure boot and execute...

The Sky Is Falling! Responding Rationally to Headline Vulnerabilities

It’s happening more and more. Gill Langston, a Qualys Director of Product Management, speaks at RSA Conference 2018 High profile vulnerabilities like Meltdown and Spectre are disclosed, and become headline-grabbing news not just in the technology press, but on general news outlets worldwide. Even...

Don’t Trust Android OEM Patching, Claims Researcher

Many Android device manufacturers are not telling the truth when they say they have patched phone vulnerabilities in new updates, researchers found. Karsten Nohl and Jakob Lell, researchers with Security Research Labs, told Threatpost they have tested the firmware on close to 3,000 phones and fou...

Rop-Tool - A Tool To Help You Write Binary Exploits

A tool to help you writing binary exploits OPTIONS rop-tool v2.4.1 Help you to make binary exploits. Usage: rop-tool OPTIONS Commands : gadget Search gadgets patch Patch the binary info Print info about binary heap Display heap structure disassemble Disassemble the binary search Search on binary...

IoT Security Disconnect: As Attacks Spike, Device Patching Still Lags

As more businesses bring IoT devices onboard they are coming face to face with the security downsides of the IoT boom, researchers say. According to a report by Trustwave released last week, 61 percent of companies surveyed who have deployed some level of connected technology have also had to dea...

Mobile Application Hacking Diary Ep.2

Mobile Application Hacking Diary Ep.2 |=--------------------------------------------------------------------=| |=------------= Mobile Application Hacking Diary Ep.2=--------------=| |=------------------------= 18 February 2018 =----------------------=| |=----------------------= By CWH Underground...

A week in security (January 29 – February 04)

Last week on Labs, we looked into PUPs stealing and using mainstream logos of security and tech companies to further gain user trust, GandCrab and Scarab ransomware variants in the wild, and a new Mac malware called OSX.CreativeUpdater that can be distributed via MacUpdate. We also profiled...

Wonder CMS 2.3.1 - Unrestricted File Upload

Affected Code: public static function uploadFile + - if ! wCMS::$loggedIn && ! isset$FILES'uploadFile' && ! isset$REQUEST'token' return; + private static function uploadFileAction - if isset$REQUEST'token' && $REQUEST'token' == wCMS::generateToken && isset$FILES'uploadFile' Proof of Concept Steps...

homepages.ed.ac.uk XSS vulnerability

Open Bug Bounty ID: OBB-551115 Description| Value ---|--- Affected Website:| homepages.ed.ac.uk Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Beers with Talos EP 21: How to Hire the Best, Attribution Without Apaches is Useless

Beers with Talos BWT Podcast Episode 21 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing: www.talosintelligence.com/podcast EP21 Show Notes: It is a packed episode this time! We are joined by Edmund from the Talos Outreach Grou...

Intel Halts Spectre/Meltdown Patching for Broadwell and Haswell Systems

Intel is advising OEMs and partners to halt patching for the Spectre and Meltdown vulnerabilities amid numerous reports the updates are causing reboot issues on systems running the Broadwell and Haswell microprocessors. “We recommend that OEMs, cloud service providers, system manufacturers,...

Meltdown and Spectre fallout: patching problems persist

Last week, the disclosure by multiple teams from Graz and Pennsylvania University, Rambus, Data61, Cyberus Technology, and Google Project Zero of vulnerabilities under the aliases Meltdown and Spectre rocked the security world, sending vendors scurrying to create patches, if at all possible, and...

Meltdown/Spectre and Qualys Cloud Platform

In light of the recently released information about two security vulnerabilities, Qualys has considered the impact on the Qualys Cloud Platform and associated services. Qualys released a detailed advisory for customers of the Qualys Cloud Platform to help customers identify these vulnerabilities...

Visualizing Spectre/Meltdown Impact and Remediation Progress

In order to determine the impact of Spectre/Meltdown and track remediation progress across your entire environment, it is important to visualize vulnerability detections in a dynamic dashboard. For more information on Spectre and Meltdown, please see our previous blog. Using Qualys AssetView, we...

Spectre and Meltdown Attacks Against Microprocessors

The security of pretty much every computer on the planet has just gotten a lot worse, and the only real solution -- which of course is not a solution -- is to throw them all away and buy new ones. On Wednesday, researchers just announced a series of major security vulnerabilities in the...

Carbon Black Solutions Currently Compatible With Major OS Vendor Patches on Meltdown & Spectre

Recently, researchers have released details on two classes of vulnerabilities in modern CPU hardware. These vulnerabilities affect unprecedented numbers of systems and are some of the more difficult issues to address in recent history. These vulnerabilities, dubbed Meltdown and Spectre, may be...