Schneider Electric Pelco VideoXpert Privilege Escalation Vulnerability

Schneider Electric Pelco VideoXpert is vulnerable to an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'F' flag full for the 'Users' group, for...

Wikileaks Unveils CIA Implants that Steal SSH Credentials from Windows & Linux PCs

WikiLeaks has today published the 15th batch of its ongoing Vault 7 leak, this time detailing two alleged CIA implants that allowed the agency to intercept and exfiltrate SSH Secure Shell credentials from targeted Windows and Linux operating systems using different attack vectors. Secure Shell or...

Adware the series, part 6

In this series of posts, we will be using the flowchart below to follow the process of determining which adware we are dealing with. Our objective is to give you an idea of how many different types of adware are around for Windows systems. Though most are classified as PUPs, you will also see the...

Second Global Ransomware Outbreak Under Way

Join Kaspersky Lab and Comae Technologies Thursday June 29, 2017 at 10 a.m. Eastern time for a webinar “The Inside Story of the Petya/ExPetr Ransomware.” Click here to attend. A global WannaCry-like ransomware outbreak–which began in Russia and Ukraine and spread across Europe–is being reported...

CompuLab Intense PC and MintBox 2 BIOS Privilege Vulnerability

The CompuLab Intense PC and MintBox 2 are both mini-PC devices from CompuLab Israel. the BIOS is a ROM on-chip application. A BIOS privilege vulnerability exists in CompuLab Intense PC and MintBox 2 using versions of BIOS prior to 2017-05-21, which stems from the program's failure to apply write...

CVE-2017-8083

CompuLab Intense PC and MintBox 2 devices with BIOS before 2017-05-21 do not use the CloseMnf protection mechanism for write protection of flash memory regions, which allows local users to install a firmware rootkit by leveraging administrative privileges...

CVE-2017-8083

CompuLab Intense PC and MintBox 2 devices with BIOS before 2017-05-21 do not use the CloseMnf protection mechanism for write protection of flash memory regions, which allows local users to install a firmware rootkit by leveraging administrative privileges...

Design/Logic Flaw

CompuLab Intense PC and MintBox 2 devices with BIOS before 2017-05-21 do not use the CloseMnf protection mechanism for write protection of flash memory regions, which allows local users to install a firmware rootkit by leveraging administrative privileges...

CVE-2017-8083

CVE-2017-8083 affects CompuLab Intense PC and MintBox 2 BIOS prior to 2017-05-21. The BIOS does not apply CloseMnf write-protection to flash memory regions, allowing a local attacker with administrative privileges to install a firmware rootkit. No remediation details are provided in the connected...

CVE-2017-8083

CompuLab Intense PC and MintBox 2 devices with BIOS before 2017-05-21 do not use the CloseMnf protection mechanism for write protection of flash memory regions, which allows local users to install a firmware rootkit by leveraging administrative privileges...

Insecure Defaults

chef is vulnerable to arbitrary code execution. The library has a local socket mode on port 8889 that is open by default. This can allow a malicious user to connect to that socket and upload an arbitrary file such as the rootkit cookbook...

Over 1 Million Google Accounts Hacked by 'Gooligan' Android Malware

If you own an Android smartphone, Beware! A new Android malware that has already breached more than 1 Million Google accounts is infecting around 13,000 devices every day. Dubbed Gooligan, the malware roots vulnerable Android devices to steal email addresses and authentication tokens stored on...

Dangerous Rootkit found Pre-Installed on nearly 3 Million Android Phones

Here's some bad news for Android users again. Nearly 3 Million Android devices worldwide are vulnerable to man-in-the-middle MITM attacks that could allow attackers to remotely execute arbitrary code with root privileges, turning over full control of the devices to hackers. According to a new...

MSRT November 2016: Unwanted software has nowhere to hide in this month’s release

We came across a browser modifier that sports rootkit capabilities. Not only does the threat, detected as BrowserModifier:Win32/Soctuseer, cross the line that separates legitimate software from unwanted, it also takes staying under the radar to the next level. Rootkit capabilities, which make it...

GMER Stack Buffer Overflow Vulnerability

GMER is a program for detecting and removing rootkits. GMER suffers from a stack buffer overflow vulnerability due to the program failing to adequately validate user-supplied data. Allowing an attacker to exploit the vulnerability would allow execution of arbitrary code within the context of the...

Here's How Hackers Can Disrupt '911' Emergency System and Put Your Life at Risk

What would it take for hackers to significantly disrupt the US' 911 emergency call system? It only takes 6,000 Smartphones. Yes, you heard it right! According to new research published last week, a malicious attacker can leverage a botnet of infected smartphone devices located throughout the...

FreePBX 1314 - Remote Command Execution Privilege Escalation

FreePBX 1314 - Remote Command Execution Privilege Escalation !/usr/bin/env python -- coding, latin-1 -- DESCRIPTION FreePBX 13 remote root 0day - Found and exploited by pgt @ nullsecurity.net AUTHOR pgt - nullsecurity.net DATE 8-12-2016 VERSION freepbx0day.py 0.1 AFFECTED VERSIONS FreePBX 13 & 14...

Viking Horde Malware Co-Ops Android Devices for Ad Fraud

The latest Android malware campaign to wend its way through Google’s Play marketplace can leverage victims’ phones for ad fraud, carry out DDoS attacks, send spam, and more, researchers warn. Dubbed Viking Horde, the campaign ropes Android devices into a botnet without their owners being any the...

VirusTotal Firmware Malware Implant Scanning

Successful attacks against firmware are rare but provide hackers with one thing they covet most: persistence. Advanced attack groups have already accelerated their capabilities in finding ways to burrow into the BIOS and EFI as noted by the Snowden leaks’ description of the NSA’s attempts to...

Oh Snap! Lenovo protects your Security with '12345678' as Hard-Coded Password in SHAREit

What do you expect a tech giant to protect your backdoor security with? Holy Cow! It's "12345678" as a Hard-Coded Password. Yes, Lenovo was using one of the most obvious, awful passwords of all time as a hard-coded password in its file sharing software SHAREit that could be exploited by anyone wh...