New Windows Backdoor BITSLOTH Exploits BITS for Stealthy Communication

Cybersecurity researchers have discovered a previously undocumented Windows backdoor that leverages a built-in feature called Background Intelligent Transfer Service BITS as a command-and-control C2 mechanism. The newly identified malware strain has been codenamed BITSLOTH by Elastic Security Lab...

ThreatList: Almost Half of the World’s Top Websites Deemed ‘Risky’

Nearly half of the world’s most popular websites are risky places to visit, according to a fresh analysis of top Alexa sites. Vulnerable code, the running of active content from risky background sites, and large amounts of code downloads marked a good chunk of the top 50 websites used in all of t...

Bash Vulnerability Exploits Dropping DDoS Bots

A honeypot run by researchers at AlienVault Labs has snared two separate pieces of malware attempting to exploit the Bash vulnerability. One sample is a repurposed IRC bot written in Perl that is trying to build a botnet to be used in distributed denial of service attacks DDoS, said Jaime Blasco,...

Mozilla Thunderbird < 7.0 Multiple Vulnerabilities

Binary data 6029.prm...

Other Web Servers vulnerable to &#37;3f.jsp directory listing

I tried posting to Bugtraq...but perhaps this is the more appropriate mailing list. Anyways here are some Response headers to servers that are vulnerable to the 3f.jsp directory listing exploit -Slow2Show- University of Florida HTTP/1.0 200 OK Date: Fri, 30 Nov 2001 03:43:27 GMT Server:...

Web Server Long URL Handling Remote Overflow DoS

The remote web server crashes when it receives a too long URL. It might be possible to make it execute arbitrary code through this flaw. C Tenable Network Security, Inc. Some vulnerable servers: SmallHTTP All versions vulnerable: 2.x Stables, 3.x Latest beta 8 OmniHTTPd v2.09 of Omnicron...