9 matches found
Design/Logic Flaw
Versions of Sage 300 through 2022 implement role-based access controls that are only enforced client-side. Low-privileged Sage users, particularly those on a workstation setup in the "Windows Peer-to-Peer Network" or "Client Server Network" Sage 300 configurations, could recover the SQL connectio...
GHSA-HX3R-JV9Q-85JW Bitcoin Inventory Out-of-Memory Denial-of-Service Attack (CVE-2018-17145)
There was an easily exploitable uncontrolled memory resource consumption denial-of-service vulnerability that existed in the peer-to-peer network code of three implementations of Bitcoin and several alternative chains. For more details please see: https://invdos.net/ For the paper:...
Don’t Be a Coinmining Zombie – Part 1: Getting Cryptojacked
When your computer or mobile device and now, even your IoT device is hijacked to secretly mine cryptocurrencies, it’s been cryptojacked and becomes a coinmining zombie. Its CPU, memory, disk, and power are enlisted in varying degrees in the service of the mining botnet, which labors on behalf of...
To Protect Your Devices, A Hacker Wants to Hack You Before Someone Else Does
It should be noted that hacking a system for unauthorised access that does not belong to you is an illegal practice, no matter what's the actual intention behind it. Now I am pointing out this because reportedly someone, who has been labeled as a 'vigilante hacker' by media, is hacking into...
Sadly, Windows 10 Is Stealing Your Bandwidth 'By Default' — Disable It Immediately
After installing Windows 10, Feeling like your Internet Bandwidth is dropping away? Windows 10 is stealing your network bandwidth. Along with the privacy features related to Wi-Fi Sense, Windows 10 users should check for another hidden by default feature that uses your network bandwidth to share...
World's most secure messaging service offers £10,000 if you crack it
Privacy conscious phone users are being offered a new app that claims to be the world's first totally secure messaging service. A London-based iPhone messaging app claims to be unhackable and is offering reward to anyone who can intercept a message sent by it. Redact believes that messages sent v...
The Inside Story of the Kelihos Botnet Takedown
Earlier this week, Microsoft released an announcement about the disruption of a dangerous botnet that was responsible for spam messages, theft of sensitive financial information, pump-and-dump stock scams and distributed denial-of-service attacks. Kaspersky Lab played a critical role in this botn...
Py2Play Game Engine Detection
The remote host is running Py2Play, a peer-to-peer network game engine. Make sure that this service has been installed in accordance with your security policy. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include"compat.inc"; if description scriptid19759;...
The PACKET 0' DEATH FastTrack network vulnerability
The PACKET 0' DEATH FastTrack network vulnerability =================================================== Vulnerability Overview ---------------------- There exists a vulnerability in the FastTrack network core that can be used by an attacker to take control of all FastTrack network supernodes. The...