35 matches found
Microsoft Windows Unquoted Service Path Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/exe' class MetasploitModule 'Windows Unquoted Service Path Privilege Escalation', 'Description' = %q This module exploits a logic flaw due to h...
Tracing the Supply Chain Attack on Android
Earlier this month, Google disclosed that a supply chain attack by one of its vendors resulted in malicious software being pre-installed on millions of new budget Android devices. Google didn't exactly name those responsible, but said it believes the offending vendor uses the nicknames "Yehuo" or...
Canadian Police Raid ‘Orcus RAT’ Author
Canadian police last week raided the residence of a Toronto software developer behind “Orcus RAT,” a product that’s been marketed on underground forums and used in countless malware attacks since its creation in 2015. Its author maintains Orcus is a legitimate Remote Administration Tool that is...
Machine Learning to Detect Software Vulnerabilities
No one doubts that artificial intelligence AI and machine learning ML will transform cybersecurity. We just don't know how, or when. While the literature generally focuses on the different uses of AI by attackers and defenders and the resultant arms race between the two I want to talk about...
Gmail “From field” bug makes phishing attacks easier for hackers
By Waqas Gmail, as we know, is a popular and commonly preferred email platform around the world. That’s why any news about a bug in this platform is bound to create chaos among users. And, that’s exactly the case this time. Software developer Tim Cotten has discovered a bug Gmail’s ‘From:’ header...
Misconfigured backup leads to exposure of 50.5 million GOMO Mobile customers
By Waqas The same company was once caught spying on its Keyboard app users. GOMO, which is also known as Sungy Mobile, is a well-known Chinese mobile app and software developer company. It is famous worldwide for GO series applications Yes, the developers of popular GOKeyboard app that was caught...
Flight Sim Labs’ ‘Heavy Handed’ Anti-Piracy Tactics Raise Hackles
Software developer Flight Sim Labs is in hot water after acknowledging that it installed a password harvester for the Google Chrome browser in its flight simulator product. The company explained it was only targeting pirate users of its software, but critics are calling the tactics “dirty”. The...
Apple macOS High Sierra Bug Exposes Passwords of Encrypted APFS Volumes As Hint
A severe programming error has been discovered in Apple's latest macOS High Sierra 10.13 that exposes passwords of encrypted Apple File System APFS volumes in plain text. Reported by Matheus Mariano, a Brazilian software developer, the vulnerability affects encrypted volumes using APFS wherein th...
UCanCode - Multiple Vulnerabilities
UCanCode multiple vulnerabilities Url: http://www.hmi-software.com/ http://www.ucancode.net/index.htm http://www.ucancode.net/bbs/zhuce/login.htm Description: Form vendor's web page "UCanCode Software is a Market Leading provider of HMI & SCADA, CAD, UML, GIS, Vector Graphics and Real Time Data...
French Android Malware writer Arrested for stealing $653700
A French hacker has been arrested for spreading a virus through fake smartphone applications. Prosecutors say he stole tiny sums from 17,000 people, amassing about 500,000 euros £405,000 since 2011. Working from the basement of his parents' home in Amiens, France, he created malicious software th...
Cube7 CMS SQL Injection
Cube7 CMS Authentication Bypass Vulnerability Software : Cube7 Date : 8/18/2012 Vendor : http://www.hedion.nl/default.asp?node=188&Cube7-CMS Language : ASP Author : ITTIHACK Home : http://ittihack.com Vulnerable File: login.asp Exploit: http://target/admin/login.asp Username:user: 'or''='...
The Killswitch : They can remotely modify your Window 8
The Killswitch : They can remotely modify your Window 8 Last year,a Finnish software developer, was cruising Google's Android Market for smartphone apps last year when he noticed something strange. Dozens of best-selling applications suddenly listed the same wrong publisher. Google uses a little...
China Software Developer Network (CSDN) 6 Million user data Leaked
China Software Developer Network CSDN 6 Million user data Leaked The "Chinese Software Developer Network" CSDN, operated by Bailian Midami Digital Technology Co., Ltd., is one of the biggest networks of software developers in China. A text file with 6 Million CSDN user info including user name,...
Card bar end plug not inserted into the thread—1 Software Developer challenge-vulnerability warning-the black bar safety net
I am asoftwaredeveloper, have been in this New Year occasion, it should not sweep everyone's interest, but to see some of the foreign companies doing I had to stand up and say some words! Don't know if you remember 2 0 0 4 occurred in a dispute, generally the events are as follows:...
jvm-1.3.crash.txt
Hi, this simple java program crashes the VM at least 1.3.1-b24 on W2K, and is another example of Java-Frontier Bugs.... Yours sincerely Marc Schönefeld // Marc Schoenefeld // class Tester public static void ColorIt sun.awt.color.CMM.cmmCombineTransformsnew long30000, sun.awt.color.ICCTransform...