CERT found that most of the BIOS there is a security vulnerability-vulnerability warning-the black bar safety net

Carnegie Mellon University's computer Emergency Response Team-CERT today released in most of the BIOS Firmware vulnerability exists in the security Bulletin, the hacker can exploit the vulnerability to re-refresh the motherboard BIOS. In the X86 computer device to deploy a series of security...

An unexpected 0day journey-vulnerability warning-the black bar safety net

Do not know everybody noticed no, after Baidu Cloud Security X-TEAM-authored articles in the technical analysis: on the Android libStagefright series vulnerability analysis, in fact, implies a natural and egg 0day the. This“0day”, the kind we in the construction of the sample of the byproduct...

Android and then exposed the new vulnerability: remote causing the user can not receive calls-vulnerability warning-the black bar safety net

! This week is is the Android device the“Black week”, a few days ago has just been broke Stagefight media library on there worth a“heart blood”of high-risk vulnerabilities, this two-day security researchers then aeration may be the remote cause of the Android device is not properly connected to t...

Then the probe Stagefright vulnerability: on POC with the EXP-bug warning-the black bar safety net

Foreword In before the topic--Stagefright vulnerability: a preliminary study, we determined the vulnerability of the generating position, and then the whole article just stopped short. This vulnerability after all the impact is very deep, and some details do not know when to speak improper to...

CVE-2 0 1 5-3 1 1 3 analysis-vulnerability warning-the black bar safety net

Fireeye in its 6-month 2 3 day post“Operation ceeinject. Gen! g Wolf”are discussed in a cyber-espionage group, known as APT3, in Adobe Flash using a 0day vulnerability. Unit42 also use the UPS tracking APT3 group, it was originated in China the invasion of the toolset, with the earlier of 0day...

Android Broadcast Assembly permission bypass vulnerability-vulnerability warning-the black bar safety net

Lolipop source code has been released some days, I found google in Android 5.0 on the Fix a high risk vulnerability, exploit the vulnerability you can send any broadcast: not only can you send a system protection level of the broadcast, you can also ignore receiver android:exported=false...

A data packet to eliminate a single server of the DNS vulnerability-vulnerability warning-the black bar safety net

2 0 1 5 year 7 on 2 8 August, the world's most widely used DNS server bind9 broke a serious denial of service vulnerability, CVE-2 0 1 5-5 4 7 7 to. A little background: DNS is the domain name mapped to the IP address of the service. When you visit google.com when, the computer will ask you where...

By hungry cryptography misuse of the actuator to bypass the defense talking about the android cryptographic vulnerability-the vulnerability warning-the black bar safety net

Cryptography is misused in the app is a big problem, almost all apk's checksum algorithm can be simulated Hungry the algorithm robustness and concealment was good, the proposed terms is in order to prove that the signature checking mechanism of the vulnerable Although presented to the hungry, but...

Technical analysis: on the Android libStagefright series vulnerability analysis-vulnerability warning-the black bar safety net

The article corresponds to the CVE-2 0 1 5-1538,1539,3824,3826,3827,3828,38297 a CVE, the specific mapping relationship is currently unknown. The security vulnerability known as the impact of the“9 5%”Android phone security. To follow through on the vulnerability of the attack surface of view, th...

The Apple APP Store and the iTunes Store exposed high-risk vulnerabilities-vulnerability warning-the black bar safety net

The official Apple App Store and iTunes Store found in a high-risk vulnerability, affecting millions of Apple users. Vulnerability Labs Vulnerability-Lab founder and security researcher Benjamin Kunz Mejri in the Apple App Store shopping list module found in an application-side input validation w...

Android Stagefright high-risk vulnerability: a preliminary study-vulnerability warning-the black bar safety net

Order Shocked Stagefright exposed significant vulnerabilities can result in remote code execution, even clockwork MMS, it is possible the invasion of the user mobile device. This sounds but a rare case of a large vulnerability., as security personnel, nature good steak with a steak insider...

Pupils with EasyFuzzer 1.0 mining software vulnerabilities-vulnerability warning-the black bar safety net

EasyFuzzer is a new fuzzing tool. Currently only supports the file format of the fuzzy test. Features: easy, streamlined, efficient, and intelligent. Easy: very easy to use, does not need any configuration. With his elementary students can also dig vulnerability, don't worry there is no 0day...

Initiate--Stagefright vulnerability of the century-vulnerability and early warning-the black bar safety net

0x00 sequence Last night shocked Stagefright broke significant vulnerabilities can result in remote code execution, even clockwork MMS, it is possible the invasion of the user mobile device. This sounds but a rare case of a large vulnerability., as security personnel, nature good steak with a ste...

How to tap the anti-virus software vulnerabilities-vulnerability warning-the black bar safety net

A:“I heard that your College major is Information Security?” B:“Yes, leadership.” A:“well, go to help install an anti-virus software.” B:“leadership, please respect the profession, information security is......” A:“please you the way how to find antivirus software security vulnerabilities?” B:“th...

Apple Yosemite operating system local to mention the right to: EXP length of not more than a Twitter-bug warning-the black bar safety net

Apple's latestoperating systemYosemite was broke a local mention the right vulnerability, the vulnerability is by the German security researcher Stefan Esser discovered and has been in OS X 10.10-10.10.4 version of the test is successful. If you want to fix the vulnerability, please upgrade to th...

Hacking Team keep track of the Flash Exploit-vulnerability warning-the black bar safety net

Background 7 months since the leaked 0day also really let the people rejoice let the people worry. Compared to Malwaredontneedcoffee from time to time the release of the sample in the inhuman confusion of the encryption, they HackTeam offer but retracted neat, variable naming Convention, comments...

Four IE browser 0day vulnerability is released-vulnerability warning-the black bar safety net

Hewlett-Packard's Zero-Day Initiative ZDIteam has published four against Microsoft IE browser 0day vulnerabilities, these vulnerabilities can cause the victim host to be the remote execution of malicious code. All four of these vulnerabilities were reported to Microsoft, was originally for the...

OpenSSH exposed high-risk vulnerabilities, the Linux host is facing brute force attacks threat-vulnerability warning-the black bar safety net

The OpenSSH software is broke a simple but high-risk vulnerabilities, the attacker can in a short time thousands of times a login attempt. ! OpenSSH is the most popular Linux system for remote control of the software. In General, the software allows 3 to 6 times password login attempts, then it...

Siemens multiple products there is a security problem, the part of the patch has been released-vulnerability warning-the black bar safety net

Siemens recently released software and firmware security update, saying the company multiple products there are security issues, users are advised to update ASAP. ICS-CERT and Siemens announcement that the SIPROTEC 4 and SIPROTEC Compact devices recently have been affected by the vulnerability...

WordPress aeration XSS high-risk vulnerabilities, affect millions of websites-vulnerability warning-the black bar safety net

! WordPress CMS has just released the update--4.2.3 version, to fix a serious, affecting millions of websites security breach. WordPress on thereXSSvulnerability The WordPress team on Tuesday in its blog wrote, Wordpress 4.2.3 version fixes a cross-site scriptXSS vulnerability, has author rights,...

iPhone blue screen of 0day vulnerabilities analysis: playback video trigger kernel denial of service-vulnerability warning-the black bar safety net

Recent find someone in wechat group to share the video link when using the Apple device users click on this video link while a video is playing will cause the Apple device to restart. Found this problem after 360NirvanTeam core members@Proteas first time take samples for analysis, in a...

Microsoft Word remote code execution CVE-2 0 1 5-0 0 9 7 simple the use of the introduction-vulnerability warning-the black bar safety net

0x00 introduction Microsoft Office Word 2 0 0 3, 2 0 0 7 Remote Code Execution Vulnerability 0x01 known successful environment Word 2 0 0 3, 2 0 0 7 SP3 on Windows XP, 7, 8, 8.1 all up to this date. 0x02poc file description Create-Recordset. hta: used to generate the recordset. txt and dldrun. vb...

The OpenSSH service vulnerability exists allowing unlimited password guesses-vulnerability warning-the black bar safety net

! You can only have 6 times to try a password? If you were given 1 million chance? OpenSSH the presence of a vulnerability, this vulnerability can allow an attacker to bypass Single Sign-On password input attempts, the error limit number of times. By default, the encryption service only allows th...

SysAid Help Desk Administrator Portal Arbitrary File Upload-vulnerability warning-the black bar safety net

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'SysAid Help Desk Administrator Portal Arbitrary File Upload', 'Description' = %q This module exploits a file upload vulnerability in...

phpcms v9 latest high-risk sql injection exp-vulnerability warning-the black bar safety net

Get the current database http://192.168.1.139:8080/phpcms/index.php?m=member&c=index&a=login post: forward=http%253A%252F%252F192. 1 6 8. 1. 1 3 9%253A8080%252Fphpcms%252Findex. php%253Fm%253Dmember&username=phpcms&password=1 2 3 4 5 6%26username%3d%2 5 2 7%2bunion%2bselect%2b%2 5 2 7 2% 2 5 2...

White hat hackers: part of the banks risk enterprise network platform to determine the memory vulnerability-vulnerability warning-the black bar safety net

The insurance company through the website and other online sales channels to sell insurance really“insurance”? Recently, a large listed life insurance companies were again exposed a“provincial system loopholes, leaks millions of customer information.” In fact, the securities daily on zqrbbaoxian...

PHPCMS user login SQL injection vulnerability analysis-vulnerability warning-the black bar safety net

0x00 description Before manning in the vulnerability of the time, suddenly found a normal landing does not go up, then help with the next phpcms login process. After feeling this process looks like some of the questions, carefully looked under, did not think really a 0day 0x01 vulnerability...

Microsoft released an emergency update: serious remote code execution vulnerability, affecting all versions of Windows-vulnerability warning-the black bar safety net

! Microsoft today released an emergency update that fixes the relates to all versions of Windows in high-risk remote code execution vulnerability. Whether you are using what version of Windows System, we recommend that you have to update it-this one high-risk vulnerability could allow an attacker...

PHPCMS \phpcms\modules\member\index.php user login SQL injection vulnerability analysis-vulnerability warning-the black bar safety net

catalog 1. Vulnerability description 2. Vulnerability trigger conditions 3. Vulnerability scope 4. Vulnerability code analysis 5. Defense method 6. Offensive and defensive thinking 1. Vulnerability description 2. Vulnerability trigger conditions 0x1: POC http://localhost/phpcmsv9/index. php?...

CVE-2 0 1 5-5 0 9 0 exploit-vulnerability warning-the black bar safety net

0x01 introduction 2 0 1 5 year 7 month, Adobe patched several vulnerabilities, wherein the CVE-2 0 1 5-5 0 9 0 exceptionally conspicuous, it is worth get to the bottom. However, Adobe for these vulnerabilities just according to the level of threat are ranked, and gave no details. In fact, an...

Heap overflow unlink using the method-vulnerability warning-the black bar safety net

0x01 the first part of the First a brief introduction about the heap chunk structure We may be in malloc. c is found on the heap chunk structure of the code struct mallocchunk INTERNALSIZET prevsize; / Size of previous chunk if free. / INTERNALSIZET size; / Size in bytes, including overhead. /...

Uninstall the browser Flash can really eradicate Flash vulnerabilities? - Vulnerability warning-the black bar safety net

! /Article/UploadPic/2015-7/201572110550961.jpg Poor antique Adobe Flash seems to have been to endure endless 0day attacks, as well as endless official patch update. In our hearts, it seems to have been saddled with a bad reputation. No wonder now Adobe Flash is a rat crossing the street, everyon...

Smart home vulnerabilities is how to be hackers-use-vulnerability warning-the black bar safety net

! Smart Home is today's favourites, however in people only focus on the home of intelligent and humane, hackers are will look to put in a smart home, everything can be exploitable. From the application vulnerability Data show that in a variety of home automation equipment and the help of sensors,...

Early into the flash vulnerability analysis-vulnerability warning-the black bar safety net

Cut-off date by hackting team leaks the derived has been patched or will be patched 0day has reached 6 months. 3 by the ValueOf function induced flash vulnerabilities, 2 ring0 can lead to mentioning the right of the font parsing vulnerability, adobe or. dll kernel font parsing components, as well...

The social security system, The exposed proximal 2 0 0 vulnerabilities, a hacker can obtain sensitive information-vulnerability warning-the black bar safety net

In recent years, because of the leakage of personal information causes of telecommunications fraud, crooks know of the victims unit, name, ID number, level of income. The social security system vulnerability to cause the leakage of personal information, may be one of the sources. 2 0 1 3 year to...

Microsoft released MS15-0 7 8 notice: the font drive containing the vulnerability affects all versions-bug warning-the black bar safety net

Microsoft today released MS15-0 7 8 Number of security announcements, announcement said Microsoft font driver contains a vulnerability, the vulnerability is remote code execution. If a user opens a specially crafted file, or unsafe web pages which contain embedded OpenType fonts can be remote cod...

The net exposure of the Bank to pay the loopholes in the suspected SMS CAPTCHA by hackers hijacking-vulnerability warning-the black bar safety net

Recently, the media exposed the Bank to pay the presence of vulnerabilities. The criminals forcibly opened the depositors of the Bank only with the SMS verification code to transactions of the“e payment”service, with illegally intercepting SMS verification code, easily removed the card money. !...

Adobe CVE-2 0 1 5-5 0 9 0: allow to use system permissions to code execution-vulnerability warning-the black bar safety net

! /Article/UploadPic/2015-7/201571916147641.jpg Adobe in 2 0 1 5 year 7 month released numerous bug-fix patches, in that many of the updates patch, CVE-2 0 1 5-5 0 9 0 very worth it for a turn research. Adobe this vulnerabilities described may allow the system privileges from a lower privilege...

MS15-0 6 8-Windows Hyper-V remote code execution vulnerability-vulnerability warning-the black bar safety net

! /Article/UploadPic/2015-7/2 0 1 5 7 1 9 1 6 1 4 3 8 1 2 3. png Overview Microsoft THE the release of the security update patches related to Windows operating system vulnerabilities, if in a station by Hyper－V technology to create the virtual machine, there is a proven and there are special...

vmware multiple products privilege escalation vulnerability-vulnerability warning-the black bar safety net

! /Article/UploadPic/2015-7/201571916117864.jpg Description This article briefly describes our findings and our most recent in the three main VMware Windows products find a vulnerability. The affected products include the‘VMware Workstation’, ‘Horizon Client’ with Local Mode Option, and Player’on...

Hacking Team attack code analysis Part5: font 0day second bomb+Win32k KALSR bypass vulnerability-vulnerability warning-the black bar safety net

Following the 360Vulcan last week analyzed the Hacking Team leaks information in the exposure of the three Flash exploits and a Adobe Font Driver kernel vulnerability after a link see below. Hacking Team leaks information continues to be found that there is a new attack code and the 0day...

The hack will take place next month the General Assembly announced the Tesla car, and vulnerability-vulnerability and early warning-the black bar safety net

! Hack will take place next month the General Assembly announced the Tesla car, and vulnerability Tesla motors may be the world's most networked consumer car, but also affected by the hacking community's close attention. Global researchers are looking for Tesla engineering on the weaknesses, not...

Android very hurt: the Black Hat 2 0 1 5 hacker conference will be the announcement of the 6 mobile security threats-vulnerability warning-the black bar safety net

Black Hat 2 0 1 5 held soon, now with the small series together see see next month at Black Hat USA posted some of the Android security threat. 6 4-bit Android Root Recently a lot about the smartphone Root will cause the phone to much more dangerous debate. But we hope that cyber criminals would...

Occupy South Korea 8 0%market TOTOLINK router was traced to the presence of the back door, affecting 5 million router-vulnerability warning-the black bar safety net

TOTOLINK router in the Korean market share of 8 2. 3 per cent. By Shenzhen Zhong Tang tech company responsible for the product development and manufacturing. Vulnerability description By analyzing the most recent firmware as well as in a real router on the test after researchers found that 8...

Firefox temporarily shield the Flash, to avoid the user was hacked-vulnerability warning-the black bar safety net

! Hacking Team was attacked by hackers have been on the Adobe caused a serious impact. From Hacking Team leaks information that Adobe Flash Player there are two serious vulnerabilities. Since Adobe needs to spend some time to fix these vulnerabilities, so Mozilla decided for Firefox browser users...

Java exposure to high-risk 0day vulnerability has been Russian hackers use-vulnerability warning-the black bar safety net

Today Java exposure to high-risk 0day vulnerability. Trend Micro has warned that the vulnerability has now been a Russian hacking group using, attack target primarily the United States Department of Defense, North Atlantic Treaty Organization member States. Attack The attacker will first to victi...

The Truman show: the Ｈacking Team Win32 monitor code analysis-vulnerability warning-the black bar safety net

Hacking Team,an Italian software company. Their company is mainly to governments and legal bodies selling intrusion and surveillance software. 7 on the 5th night by the hacker attack, 400G of information were to leak, 0Day, various exploits also together is known around the world know, which is t...

Android new vulnerability: hackers control camera to take pictures to upload-vulnerability warning-the black bar safety net

According to foreign media reports, the former Google engineer Simon Isidore（Szymon Sidor found the Android system there is a new vulnerability, the vulnerability would allow malicious software to control Android device on the camera, and the user unknowingly take pictures, can even upload photos...

MetInfo5. 3 the latest version of SQL injection(you can access part of the data)-vulnerability warning-the black bar safety net

MetInfo5. 3 the latest version SQL injection search.php: $module=intval$module; if$class1$module=0; ifintval$module $serchsql.=" where lang='$lang' and recycle='0' or recycle='-1' and displaytype='1' "; else $class1info=$classlist$class1; if!$ class1infookinfo'../',$pagelangnoid; $class1sql="...

Hack or will be in 8 months to disclose the Tesla Model S The digital security vulnerabilities-vulnerability warning-the black bar safety net

Right now, the Tesla car is perhaps the world networking of the highest consumer vehicles, has become a hackers a target. Thomas Fox-Brewster at Forbes Chinese network wrote the article said, in 8 months, held at the Defcon hacker conference, CloudFlare company Research Director Marc Rogers Marc...