22 matches found
Misleading cybersecurity lessons from pop culture: how Hollywood teaches to hack
In pop culture, cybercrimes are often portrayed as mysterious and unrealistic. Hackers are enigmatic and have extraordinary tech abilities. They can discover top secrets in a short time and type at breakneck speed to hack into a database. In real life, though, hacking is not that straightforward...
Pentagon Expands Bug-Bounty Program to Include Physical Systems
The Department of Defense is expanding its “Hack the Pentagon” bug-bounty program to include hardware assets, tapping the Synack, HackerOne and Bugcrowd platforms to attract more white hats to the effort. The news comes two weeks after the Government Accountability Office GAO released a report...
Under the hoodie: why money, power, and ego drive hackers to cybercrime
Just one more hour behind the hot grill flipping burgers, and Derek could call it a day. Under his musty hat, his hair was matted down with sweat, and his work uniform was spattered with grease. He knew he’d smell the processed meat and smoke for the next three days, even after he’d showered. But...
Krebs Given ISSA’s ‘President’s Award’
KrebsOnSecurity was honored this month with the 2017 President's Award for Public Service from the Information Systems Security Association, a nonprofit organization for cybersecurity professionals. The award recognizes an individual's contribution to the information security profession in the ar...
UNITEDRAKE Looms Large…Maybe
Responsible disclosure is a critical process in the security community. It’s the way for security researchers and vendors to work together in order to improve system security for users. We see the opposite of this process in the digital underground. Cybercriminals often sell exploits and maliciou...
NSA's EternalBlue Exploit Ported to Windows 10
The NSA’s EternalBlue exploit has been ported to Windows 10 by white hats, meaning that every unpatched version of the Microsoft operating system back to Windows XP—and likely earlier—can be affected by one of the most powerful attacks ever made public. Researchers at RiskSense, among the first t...
The Time Has Arrived to Embrace Hackers
BOSTON—More than ever, hackers are getting a welcoming embrace from law enforcement, governments and business. Bug bounties and vulnerability disclosure programs are becoming the norm across industry, and hackers are no longer universally viewed as a pariah. Simultaneously, however, groups such a...
DoD Publishes Vulnerability Disclosure Policy
The Department of Defense promised upon the inception of the Hack the Pentagon bug bounty program that it would continue to engage white-hats. Hack the Pentagon set the tone with more than 1,400 participants and 138 vulnerabilities resolved during the 24-day trial during the spring. Two weeks ago...
Hackers and Developers Need to Hug it Out
The divide between developers and hackers is real. So, apparently, is the effort to bring them together and make them play nicely. “It’s not just a knowledge gap, but an empathy gap,” said I Am The Cavalry founder Josh Corman during a panel discussion at last week’s RSA Conference. “One common...
VirusTotal Firmware Malware Implant Scanning
Successful attacks against firmware are rare but provide hackers with one thing they covet most: persistence. Advanced attack groups have already accelerated their capabilities in finding ways to burrow into the BIOS and EFI as noted by the Snowden leaks’ description of the NSA’s attempts to...
BadBarcode Internet Of Things Hack PacSec 2015
Barcodes’ pervasiveness in retail, health care and other service industries notwithstanding, hackers really haven’t paid much attention to these tiny lines of data. But like other technologies supporting the so-called Internet of Things, there are bound to be vulnerabilities and there are bound t...
Lessons Learned in Building a Vulnerability Coordination Program
CANCUN – Bounty programs are mislabeled creatures, too often pigeonholed as a payoff for finding individual vulnerabilities in software. Wrong. “The name bug bounty is actually a false categorization of what is truly just an incentive program,” said Katie Moussouris, chief policy officer at...
Facebook to Double Bounty Payouts For Ad Code Bugs
Popular segments of Facebook code have plenty of white—and black hats—poking around for bugs. The same probably cannot be said for the social network’s ads code, so Facebook has decided to add an incentive to its bug bounty program. Through the end of the year, payments will be doubled for bugs...
Bash vulnerability again evolution: a buffer overflow resulting in remote arbitrary command execution-vulnerability warning-the black bar safety net
In recent days, the“Shellshock”Bash vulnerability appeared it is to the security industry Put a heavy bomb, more and more manufacturers and black and white hats have added to the analysis of the camp which, at the same time also one after another burst more for the Bash vulnerability, the apparen...
Private Messaging App Vendor Wickr Offers Hackers $100,000 for Bugs
Bug bounty programs, for the most part, have been the domain of large software vendors and Web companies such as Google, Mozilla, Microsoft, PayPal and Facebook. But some smaller companies are now getting involved, with the latest one to announce a bounty being Wickr, the maker of secure messagin...
Microsoft Windows Media Player 10 - '.avi' Integer Division By Zero Crash (PoC)
!/usr/bin/perl Souhail Hammou - Independant Security Researcher & Penetration Tester . Facebook : www.facebook.com/dark.puzzle.sec E-mail : [email protected] Greetings to all moroccan researchers and white hats . Title : Windows Media Player 10 - .avi Integer Division By Zero Vulnerability Auth...
Majalty Group Sites SQL Injection
Exploit Title: Remote Sql Injection In Majalty Group Sites Date: 27/12/2011 - 11:00 Author: Cyber White Hats Nafsh Site: Cyberwh.org Mail: [email protected] Software Website: http://www.majalty.com/ Tested On: BackTrack 5 - Win7 Ultimate - Xp Platform: Php $ Dorks: "Programmmed By www.majalty.com"...
VIOCAM Sites SQL Injection
Exploit Title: Remote Sql Injection In VIOCAM Sites Date: 27/12/2011 - 11:30 Author: Cyber White Hats Nafsh Site: Cyberwh.org Mail: [email protected] Software Website: http://www.viocam.com/ Tested On: BackTrack 5 - Win7 Ultimate - Xp Platform: Php $ Dorks: "Powered by VIOCAM" Vulnerable File :...
VIOCAM Sites SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Remote Sql Injection In VIOCAM Sites Date: 27/12/2011 - 11:30 Author: Cyber White Hats Nafsh Site: Cyberwh.org Mail: email protected Software Website: http://www.viocam.com/ Tested On: BackTrack 5 - Win7 Ultimate - Xp Platform:...
MyBB 1.6.5 Cross Site Scripting
Exploit Title: 0-day MyBB 1.6.5 XSS Vulnerability Date: 25/12/2011 - 18:30 Author: Cyber White Hats Nafsh Site: Cyberwh.org Mail: [email protected] Software Website: http://www.mybb.com/ Tested On: BackTrack 5 - Win7 Ultimate - Xp Platform: Php $ Dorks: inurl:"tags.php" intext:"MyBB 1.6.5" Vulnerabl...