Java exposure to high-risk 0day vulnerability has been Russian hackers use-vulnerability warning-the black bar safety net

Recently, the Java exposure to high-risk 0day vulnerability. Trend Micro has warned that the vulnerability has now been a Russian hacking group using, attack target primarily the United States Department of Defense, North Atlantic Treaty Organization member States. ! Java exposure to high-risk 0d...

Three pieces of Flash 0day vulnerability exposure, Flash again the emergency update-bug warning-the black bar safety net

Firefox developers in the latest version of the Firefox browser in the Flash Player Plug-In included in the shield list, which means that on the website all Flash content will be disabled and the user had to manually open the Flash. Adobe today released the latest 1 8. 0. 0. 2 0 9 version, has be...

GET to the vulnerability-vulnerability warning-the black bar safety net

This article is mainly about the current on the Internet get method is non-standard use of some of the security vulnerabilities. Which focuses on speaking the get request in the account login system is abuse of the scene and attacks. 0x01 Get method defined In between the client and server for...

Hacking exposed Tesla Model S the memory 5 of the digital vulnerability-vulnerability warning-the black bar safety net

According to Forbes reports, next month's Defcon hacker conference the eve of the opening, Tesla Model S models are exposed there are still 5 at the digital security vulnerabilities, and these vulnerabilities are still not being blocked. As global probably the most popular consumer interest in th...

Alipay 9. 0 reset password function is defective, you can easily modify any user's password-vulnerability warning-the black bar safety net

As is well known, in the PayPal new upgrade of 9. 0 version cancel a user gesture password settings, the transition to“Big Data, risk control”protection. If the users phone does not have fingerprint unlock function, then on their mobile phones PayPal account can be directly accessed. !...

Hacking Team attack code analysis Part5 Adobe Font Driver kernel privilege elevation vulnerability the second bomb+Win32k KALSR bypass vulnerability-vulnerability warning-the black bar safety net

0x01 vulnerability principle analysis: By simply browsing attack code, we know the attack code used a Win32k. sys in the KASLR bypass vulnerability get the Win32k base, and organize the ROP chain, at the same time, load a font filefont-data. binto use the font driver vulnerability, trigger the RO...

OpenSSL-CVE-2 0 1 5-1 7 9 3 vulnerability analysis-vulnerability warning-the black bar safety net

OpenSSL official in 7 on 9 December released a number of CVE-2 0 1 5-1 7 9 3 cross-certificate authentication bypass vulnerability, which mainly affects OpenSSL's 1. 0. 1 and 1. 0. 2 branch. 1.0. 0 and 0. 9. 8 branch is not affected. 3 6 0 security researcher au2o3t of the vulnerability carried o...

74cms(2 0 1 5 0 2 0 9)latest global SQL injection official wonderful repair case-the vulnerability of early warning-the black bar safety net

This vulnerability, we see the knight how to repair Tick: 74cms2 0 1 4 1 0 2 0globalSQL injectionfilter bypass First try with the single quotes, with a width of bytes to try, you can see the display database error ! 3 6 0 截图 20150404091343001.jpg Look at the database how to bring into. You can se...

UF Zhiyuan A6 collaborative system of high-risk SQL injection-vulnerability warning-the black bar safety net

The system usage is very large code area /yyoa/HJ/iSignatureHtmlServer. jsp? COMMAND=DELESIGNATURE&DOCUMENTID=1&SIGNATUREID=2 DOCUMENTID, the SIGNATUREID are the presence of error injection A simple test method code area...

Hacking Team data discovered the second gold Flash 0day vulnerability-vulnerability warning-the black bar safety net

! Hacking Team is an Italian company specializing in surveillance technology hacking team and the company, was due to the government and intelligence agencies, the sale of spyware and be sued. Karma the final cycle, the company last week was the hack attack, leaked nearly 400GB of data, which in...

Technical analysis: Hacking Team for Flash 0day brace-vulnerability warning-the black bar safety net

! The vast JIT CODE, how to find we want to track The code? Borrow HackingTeam Flash 0day event detail debug flow and jitcode, to help some friends to follow better learning. ValueOf the frequency out of the vulnerability, adobe now has been the lack what fill what, a 7 on No. 8, only repair the...

Hacking Team the new Flash 0day analysis-vulnerability warning-the black bar safety net

Following a few days ago from the Hacking Team found a flash 0day, Adobe released fixes, and be in the mail to find a flash 0day and. the readme in the description, scope of Adobe Flash Player 9+ 32/64-bit since Jun 2 0 0 6。 In Windows IE, in OS X and firefox can be executed directly on the...

Hacking Team Flash New 0Day exploit code analysis-vulnerability warning-the black bar safety net

The weekend early in the morning, you see the know Chong Yu on the microblogging said, the Hacking Team and leaked to the new Flash 0Day in the current measured. Thus the author download a copy of the exploit code, tested indeed in the latest version available, currently the official Adobe did no...

Hacking Team attack code analysis Part 4: Flash 0day Vulnerability CVE-2 0 1 5-5 1 2 2-vulnerability warning-the black bar safety net

A few days ago we analyzed the Hacking Team leaks data 3 virus, including a flash 0day, a flash nday and a windows font to mention the right to 0day on. Yesterday Adobe released the latest flash version 18.0.0.203, and patching one of the flash 0day（CVE-2 0 1 5-5 1 1 9-in. However, today twitter...

Android adb backup vulnerability exists that can be injected into the malicious APK-vulnerability warning-the black bar safety net

! Android in the system backup after the restore process on the existence of a serious Vulnerability, CVE-2 0 1 4-7 9 5 2, and so an attacker can inject malicious apk file to a backup filethus reducing the time a malicious app installed on the go. The vulnerability is by the Android command-line...

OpenSSL latest high-risk Vulnerability, CVE-2 0 1 5-1 7 9 3 patch released-vulnerability warning-the black bar safety net

! Researchers Adam Langley/David Benjamin Google/BoringSSLrecently found a new OpenSSL critical security vulnerability. The vulnerability the vulnerability number CVE-2 0 1 5-1 7 9 3, is the certificate validation logic the process not able to properly validate new and untrusted certificates. An...

AirLive IP Surveillance Camera there is a command injection vulnerability, a large number of products affected-vulnerability warning-the black bar safety net

A large number of AirLive IP Surveillance Camera is exposed there is a command injection vulnerability, an attacker can use this vulnerability to steal user login credentials and control equipment. The vulnerability principle and scope of impact OvisLink company manufactured a large number of...

Adobe released official patch: fix Hacking Team leaked Flash 0day vulnerability-vulnerability warning-the black bar safety net

Adobe today released Flash Player update patches for the repair of Hacking Team to steal the 400G data is found in the 0day vulnerability. An attacker can use this vulnerability to make the target machine the system crashes and Access Control permissions. Vulnerability This 0day vulnerability by...

Cisco Unified CDM platform exposure of privileged accounts and static passwords-vulnerability warning-the black bar safety net

! Cisco's Unified CDM communications domain Manager was revealed to contain a default that cannot be modified privileged accounts and the use of static password, the attacker can use the platform to remote attacks and intrusions. Vulnerability Cisco's Unified CDM is a Cisco hosted collaboration...

Hacking Team attack code analysis Part 2: a Pwn2Own vulnerability of the fantasy drifting-vulnerability warning-the black bar safety net

Before we analyze the HackingTeam leaked data in the Flash 0day bytearray 0day。 And in the leaked data, we've also seen another one called convolutionfilter flash exploit that. Look at this flash exploit, and soon realized that this vulnerability is a already patched the vulnerability, cve-2 0 1...

Hacking Team attack code analysis Part 1: Flash 0day-vulnerability warning-the black bar safety net

The recent special offers by attacks techniques for network monitoring hacking company Hacking Team is black, contains the company's email, documents, and the attack Code of 400G data leakage. 360Vulcan Team the first time to obtain the relevant information, and for which exploit code is analyzed...

Another“heart blood”for? OpenSSL tomorrow will release security patches, fixes undisclosed 0day high-risk vulnerabilities-vulnerability warning-the black bar safety net

OpenSSL official release of the vulnerability of early warning, to remind the system administrator to do the OpenSSL upgrade ready. The latest version of OpenSSL will be held 7 on 9, The Thursday release, fixes an undisclosed high-risk vulnerabilities. Many security experts speculate that the...

Hacking Team attack code analysis Part 3 : the Adobe Font Driver kernel driver elevation of privilege vulnerability-vulnerability warning-the black bar safety net

In order to in IE and Chrome bypassing its sandbox mechanism to completely control the user's system, Hacking Team also utilizes a Windows kernel driver: the Adobe Font Driveratmfd.dllin the presence of a font 0day vulnerability to achieve privilege escalation and bypass the sandbox mechanism. Th...

Adobe today released HackingTeam leaked 0day vulnerability patch-vulnerability warning-the black bar safety net

Spyware vendor Hacking Team is after the invasion, the internal 400GB data stolen and published online, and then, in Flash Player 0dayzero-daysecurity vulnerabilities will be crazy use. And Adobe is planning to release today this 0day vulnerability patch. Hacking Team, one of the world's most...

The most beautiful flash vulnerability exposure, expert: relief of the IT-vulnerability warning-the black bar safety net

! Lei Feng network previously reported, the Italian hacking company Hacking Team is attacking, including source code, e-mail, including a 400GB file is public. Coincidentally, these are disclosed in the document there is a Adobe Flash 0-Day vulnerability, HT in the document referred to as“nearly...

Spring3. 2. 1 1 with Quartz2. 2. 1 integrated memory leaks problem solving-vulnerability warning-the black bar safety net

Quartz is a timer task scheduling open-source framework, use up more convenient. And Spring's support package for Quartz with integrated. But the author in the web application using the process but encountered a memory leak problem. Problems of the author in using the Spring+Quartz usage is as...

The phone did not leave the body but by hacking the lock to blackmail you don't understand the Apple“security vulnerability”-vulnerability warning-the black bar safety net

Yesterday reported that Mr. Xu transfer of second-hand Apple phone, the A 9 0 after the guy borrowed test machine of two-time with a cloud account bound, Mr. Xu phone, and extortion 3 0 0 Yuan unlocking fee. Smartphones bring to our lives a lot of convenience and even lifestyle changes. However,...

At least one into the subject of mobile software vulnerabilities, some companies to grab the market does not consider security 9 0 after hacks said the hand tour“9 9% has a vulnerability” insiders suggested that the state of mobile software development of a unified standard of review-vulnerability warning-the black bar safety net

“It is a problem of the APP.” Xuhui Public Security Bureau network security detachment Bob Sergeant, record this phone the name of the software and is the“Black”of the symptoms. This is Bob the police officer and his colleagues made an experiment: they selected a certain influence of mobile phone...

Tai Chi jailbreak major security Backdoor-vulnerability warning-the black bar safety net

Tai Chi jailbreak iOS8. 1. 3-8. 4 contains a major security back door, escape after causing any the APP can extract right to the Root, thereby affecting the user data safe. For example to obtain Root permission after full control of system files, and even further to install Trojans and other...

Apple iOS 8.4 and OS X 10.10.4 fix vulnerabilities at a glance-vulnerability warning-the black bar safety net

Yesterday Apple released the latest iOS 8.4 and Mac OS X 10.10.4, the new version of the system contains a large number of security patches, fixing a remote code execution vulnerability, China certificate trust policy and other security issues. iOS 8.4 bug fixes list 1, iOS 8. 4 version of the...

A year later, Yahoo finally fixes the SSRF vulnerability-vulnerability warning-the black bar safety net

! After a lapse of a year later, Yahoo finally fixes the image processing system of the SSRF service end request forgery）vulnerabilities. SSRF service end request forgery）vulnerability, also known as XSPA（cross-site port attacks, the problem exists in the application program loading the user...

Massachusetts Institute of Technology（MIT）invention vulnerabilities automatically repair system-vulnerability warning-the black bar safety net

! In this month's Computer Society programming languages design and implementation Conference on the Association for Computing Machinery's Programming Language Design and Implementation, the MIT researchers demonstrated a new system, it is possible by introducing other, more security of applicati...

Affect tens of millions of APP the Android APP“parasitic beast”vulnerability technical analysis-vulnerability warning-the black bar safety net

3 6 0 mobile security research team vulpecker recently discovered a new Android app security vulnerabilities, the market tens of millions of apps are affected by the vulnerability. The vulnerability once attacker, it can be directly on the user's mobile phone implanted Trojans to steal the user's...

Away from the Flash, away from the dangerous: from Flash 0day vulnerability disclosure to the integrated penetration tools package, only used 4-day-vulnerability warning-the black bar safety net

6 on 2 7 January, a penetration testing Toolkit Magnitude has been successfully Adobe Flash Player 0day vulnerability, and this time only in the Adobe release fix vulnerabilities patch after four days, kit software the author recently become the fastest to achieve the use of the Flash Player...

Mac OSX Safari 8.0.5 UXSS vulnerability technical analysis-vulnerability warning-the black bar safety net

Vulnerability description: The vulnerability affects version 6. 2. 6,7. 1. 6,8. 0. 61before the Apple Safari browser, the attacker can be through carefully constructed URLs to bypass the same origin policy any read the file. Vulnerability description: In the Safari browser, similar...

MiTo Xiu Xiu, the gReader, the Foxit PDF reader in the column: 1 4, of Android apps vulnerable to MiTM attacks-vulnerability warning-the black bar safety net

! AppBugs company researchers through the analysis found that there are 1 4 Total Total Download amount up to 8 million times the popular APP in processing social account login when there is a security risk, vulnerable to MiTM hijacking（MITM attack is. Problem application list MeituPic MiTo Xiu...

Android Debugger vulnerability exists, you can get the device memory data-vulnerability warning-the black bar safety net

A structure of delicate ELFExecutable and Linkable Formatfile can cause the debugger to crash, and then through the tombstone file and the corresponding logd log files exposure of memory contents. This can be used for denial of service attacks, can help bypass ASLR to execute malicious code. Only...

A large number of Cisco security devices was traced to the presence of a default SSH key-vulnerability warning-the black bar safety net

! Cisco revealed that a large number of Cisco security devices was traced to the presence of a default SSH key, an attacker can use this vulnerability to control the device. The scope of the impact Cisco's security experts found that a lot of Cisco security devices in the presence of a default SS...

PHP security issues: a remote overflow, DoS, safe_mode bypass vulnerability-vulnerability warning-the black bar safety net

One, the Web serversecurity PHP actually but is the Web server of a module function, so the first thing to ensure Web Server Security. Of course Web server to be secure and must be first to ensure the system safe, so you pull away, endless. PHP can be and various The Web server binding, also here...

flash vulnerabilities:CVE-2 0 1 5-3 1 1 3 and CVE-2 0 1 5-3 0 4 3 comparison-vulnerability warning-the black bar safety net

Before we talk about Flash Player out-of-band data out-of-band problem, which consists of a Adobe release number for APSB-1 5-1 4-in. Now the Flash Player update to 1 8. 0. 0. 1 9 4 in. Our current defect analysis revealed: CVE-2 0 1 5-3 1 1 3 impact similar to the CVE-2 0 1 5-3 0 4 3 in. Are in...

Google“zero project”hackers released a serious vulnerability to get all the Windows-vulnerability warning-the black bar safety net

Google“zero project”hack Mateusz Jurczyk（@j00ru）one-time release the 1 5 remote code execution vulnerabilities, which contains a serious vulnerability affecting almost all of the Adobe Reader and the Windows version and will defeat all the defense measures. Jurczyk in the month, held at Recon...

Samsung PC malicious disable the Windows Update“scandal”-vulnerability warning-the black bar safety net

The recent Windows users reflect that their Samsung computer on the Windows Automatic Update program will be randomly disabled, this is for their PC Security a security risk. 禁用 Windows 更新 的 程序 名为 DisableWindowsupdate.exe this app is Samsung SW Update software part. SW Update is typical for the O...

Microsoft refused to fix the 3 2-bit the IE vulnerability, the reason given is: 3 2-bit programs to be eliminated-vulnerability warning-the black bar safety net

! HP security expert Dustin Childs recently disclosed one that affects millions of 3 2-bit Windows systems the IE vulnerability. Looks pretty serious isn't it? However, Microsoft does not seem to intend to fix this vulnerability...... This is a based on ASLR, address space layout randomization of...

The hacker group APT3 use of the Flash 0day vulnerability to launch large-scale fishing activities-vulnerability warning-the black bar safety net

On Tuesday Adobe released an emergency security update is recommended users and administrators to fix the Flash Player number for the CVE-2 0 1 5-3 1 1 3 0day vulnerability, because the vulnerability is being APT3 hack organizations for use in mass phishing attacks. Vulnerability details If the...

Adobe frequency existing 0day vulnerabilities is the Chinese hackers use-vulnerability warning-the black bar safety net

! This year 1 month Adobe is exposure found there is a not yet disclosed the new 0day vulnerability today, the company is also exposed 0day vulnerabilities, being a Chinese hacking group APT3aka UPSuse. It is reported that the 0day vulnerability is a United States security firm Fireeye in the...

Samsung mobile phone was traced to memory Safety vulnerabilities can be exploited by hackers to control the phone-vulnerability warning-the black bar safety net

Us network security firm NowSecure released the latest report, Samsung mobile phone keyboard application the vulnerability exists, the user a lot of information may therefore be compromised. And this vulnerability in a large number of Samsung mobile devices in the not yet been repaired, including...

Ubuntu aeration local elevation of privilege vulnerability, CVE-2 0 1 5-1 3 2 8）, The impact of multiple versions-vulnerability warning-the black bar safety net

Due to the particular case when the file is created the permissions check bug, the Ubuntu operating system exposure to local privilege escalation vulnerabilities affect Ubuntu 12.04 and 14.04, and 14.10, and 15.04 version. The current Ubuntu official has been fixed the vulnerability. The...

Technical analysis: Femtocell home base station to a communication to intercept, fake arbitrary SMS vulnerability-vulnerability warning-the black bar safety net

Ali mobile security team with the Chinese Thiel Laboratory of wireless technology Ministry of communication experts together, the combination of domestic operator a type of Femtocell base station for the security analysis, found that the more pieces of the major vulnerabilities that can lead to...

SAP HANA system exposed to security vulnerabilities, static key exists in the database-vulnerability warning-the black bar safety net

! SAP is well-known in-memory database management system HANA was traced to the presence of security vulnerabilities, static encryption key is actually stored in the database. SAP HANA is SAP ever the fastest-growing products. Vulnerability overview ERPScan researchers held in Amsterdam the black...

Femtocell home base station to a communication to intercept, fake arbitrary SMS vulnerability-vulnerability warning-the black bar safety net

Ali mobile security team with the Chinese Thiel Laboratory of wireless technology Ministry of communication experts together, the combination of domestic operator a type of Femtocell base station for the security analysis, found that the more pieces of the major vulnerabilities that can lead to...