EUVD-2022-35972

Malicious code in bioql PyPI...

Bitdefender Total Security 信任管理问题漏洞

Bitdefender Total Security is a proactive threat protection software for PCs from the Romanian company Bitdefender. The software features antivirus, firewall, anti-spyware, privacy control, and parental control. It also includes features such as System TuneUp. A trust management issue vulnerabili...

Bitdefender Total Security 信任管理问题漏洞

Bitdefender Total Security is a proactive threat protection software for PCs from the Romanian company Bitdefender. The software features antivirus, firewall, anti-spyware, privacy control, and parental control. It also includes features such as System TuneUp. A trust management issue vulnerabili...

Facebook spied on Snapchat users to get analytics about the competition

Social media giant Facebook snooped on Snapchat users network traffic, engaged in anticompetitive behavior and exploited user data through deceptive practices. Thats according to a court document filed March 23, 2024. The document mentions Facebook’s so-called In-App Action Panel IAAP program,...

Hacking the Bitfi Part 5: MITM transactions

So what’s latest with the Bitfi unhackable/hackable crpto currency wallet? Bitfi release software version 89 over the weekend. Devices updated, so we had a look to see what had changed. First, they’ve tried to stop the passphrase and seed from being cached in memory and therefore trivially...

ThunderShell - PowerShell based RAT

ThunderShell is a Powershell based RAT that rely on HTTP request to communicate. All the network traffic is encrypted using a second layer of RC4 to avoid SSL interception and defeat network hooks. Dependencies apt install redis-server apt install python-redis Logs Every errors, http requests and...

LastPass websiteConnector.js content script allows proxying internal RPC commands

noticed this entry in the contentscript array from the LastPass manifest: "matches": "https://1min-ui-prod.service.lastpass.com/" , "js": "1minsignup/chrome/websiteConnector.js" , "allframes": true, "runat": "documentend" , That's a content script that is only used for one specific lastpass.com...

DIY Web Proxy: proxenet

proxenet is a multi-threaded proxy which allows you to manipulate your HTTP requests and responses using your favorite scripting language. No need to learn Java like for Burp or Python like for mitmproxy . proxenet supports heaps of languages and more can be added easily. proxenet is a C-based...

Microsoft Bans Superfish SSL Interception Adware

Microsoft has taken steps to impede the next Superfish from impacting users. Superfish was pre-installed adware found on new Lenovo laptops earlier this year. The software exposes users to man-in-the-middle attacks because of the way it injects advertisements into the browser. It comes with a...

Apple iOS NSURL Certificate Validation Vulnerability

Apple iOS is the latest operating system that runs on Apple's iPhone and iPod touch devices. Apple iOS has a certificate validation vulnerability in NSURL when the certificate is changed, allowing attackers in a privileged network location to intercept SSL/TLS links...

Proxenet - Hacker Friendly Proxy for Web Application Penetration Tests

Proxenet is a hacker friendly proxy for web application penetration tests. proxenet is a multi-threaded proxy which allows you manipulate your HTTP requests and responses using your favorite scripting language. No need to learn Java like for Burp or Python like for mitmproxy. proxenet supports...

Google Research Reveals Profitable, Pervasive Ad Injector Ecosystem

More than five percent of all unique IP addresses accessing Google sites included some kind of ad injector software, and there are more than 50,000 of those injector browser extensions in use today, according to new research from Google. The company conducted the research over the course of sever...

Apple Leaves CNNIC Root in iOS, OSX Certificate Trust Lists

When it was revealed late last month that a Chinese certificate authority had allowed an intermediate CA to issue unauthorized certificates for some Google domains, both Google and Mozilla reacted quickly and dropped trust in CNNIC altogether, Apple has kept the root certificates in its trusted...

Mozilla Pushes Hot Fix to Remove Superfish Cert From Firefox

Mozilla has issued a hot fix for Firefox that removes the Superfish root certificate from the browser’s trusted root store. The patch only removes the certificate if the Superfish software has been removed from the machine already, however. The Superfish adware performs SSL interception–essential...

Komodia Website Under DDoS Attack

Komodia.com, home to the SSL interception module at the heart of the Superfish adware dustup, is currently under a distributed denial-of-service attack. As of 2 p.m. Eastern time, its home page had been replaced with a notice that the site was offline because it was under attack. “Some people say...

Adtrustmedia PrivDog fails to validate SSL certificates

Overview Adtrustmedia PrivDog fails to validate SSL certificates, making systems broadly vulnerable to HTTPS spoofing. Description Adtrustmedia PrivDog is a Windows application that advertises "... safer, faster and more private web browsing." Privdog installs a Man-in-the-Middle MITM proxy as we...

SuperFish Adware Root Certificate

SuperFish Adware is a software that uses SSL man-in-the-middle MitM technique in order to intercept SSL sessions and inject its own content into the session. Successful exploitation might result in disclosure of confidential or private information passed over the SSL channel, or in such informati...

[HoneyProxy] A man-in-the-middle SSL Proxy & Traffic Analyzer

HoneyProxy is a lightweight tool that allows live HTTPS traffic inspection and analysis. It focuses on features that are useful for malware analysis and network forensics. Features Analyze HTTPS traffic on the fly Filter and highlight traffic, regex support included. Report Generation for saved...

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication. The 1 Net::ftptls, 2 Net::telnets, 3 Net::imap, 4 Net::pop, and 5 Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that the commonName CN field in a server certificate matches the domain name in a reque...

net:: * modules

The 1 Net::ftptls, 2 Net::telnets, 3 Net::imap, 4 Net::pop, and 5 Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that the commonName CN field in a server certificate matches the domain name in a request sent over SSL, which makes it easier for remote attackers to intercept SSL...