HELK: one with the advanced analysis capabilities of vulnerability discovery platform-vulnerability warning-the black bar safety net

Today to introduce to you is a guy named HELK a tool, it is a superior analytical capability of Hunting ELK（Elasticsearch, Logstash, Kibana is. ! Target 1. To the security community to provide a free vulnerability Hunting platform, and shared some basic security threats and vulnerability discover...

The researchers found that the 4G LTE network Protocol vulnerability-vulnerability warning-the black bar safety net

Recently, four American University researchers found that a 4G LTE agreement in question, the use of this vulnerability can be false information fabricated, you can also monitor the user and the address of the track. In the 5G is the deployment of the next phase, we should also note that the...

Adobe ColdFusion arbitrary command execution flaws vulnerability 0day(CVE–2017–11283, CVE–2017–11284)early warning-vulnerability warning-the black bar safety net

Adobe ColdFusion in 2017 9 November 12 released a network security update in refer to the previous version, there is a serious deserialization flaws vulnerability bug（CVE-2017-11283, CVE-2017-11284, and may incur long-distance code to fulfill. When applying the Flex integration-do on Remote Adobe...

Adobe Flash was broke vulnerabilities hacker available to the computer implant malicious programs-vulnerability warning-the black bar safety net

Beijing Time 10 month 17 days afternoon message, Adobe issued a warning that hackers are using the company's Flash products vulnerability to the user of the computer implant malicious programs. Adobe recommended users as soon as possible to play better Flash of the latest patch, in order to avoid...

WPA2 vulnerability flaws bug the principles of research and prevention（WIPS product against KRACK vulnerability-vulnerability warning-the black bar safety net

Media In recent days, a network security researcher revealed WPA2 agreement layer in the presence of the logical shortcomings, nearly all support Wi-Fi equipment have to face the intimidating, the transmission of data there is sniffing, tampering risk. Intrusion the attacker can obtain WiFi data...

Japanese Subaru car, was traced to the presence of flaws vulnerability bug, able to clone the key to open the door electronic key-vulnerability warning-the black bar safety net

Recently, a man named Tom Wimmenhove the Dutch electronics industry Planner at multi Subaru car key system of the invention a serious Network Security Plan drawbacks, manufacturers today have yet to fix this vulnerability flaws bug, but the vulnerability flaws of the bug will incur Subaru car is...

KRACK: WPA2 series of vulnerabilities in the event of early warning-vulnerability warning-the black bar safety net

2017 10 on 16 September, called KRACK vulnerability flaws bug invasion attack method is expressed, for WiFi+WPA2 collect intrusion attack. KRACK tension is the application of 802. 11i 4-way handshake vulnerability in the flaws bug to the ultimate completion of the decryption and fabricated...

How to use OAuth error configuration to achieve the takeover of the Flickr account of the object-vulnerability warning-the black bar safety net

! Flickr is Yahoo's a picture of the video sharing sites, and presumably everyone is very understanding. Yahoo today, the application of the OAuth authentication situation instead of the previous the disembarkation method. The author of this article via a process of reflection on the disembarkati...

Microsoft Office Word free macro command execution flaw vulnerability 0day-vulnerability warning-the black bar safety net

If we inform you that in MS-Word on the presence of a Royal Decree to fulfill the vulnerability flaws of the bug, which unnecessary any macro maybe memory overflow? Windows for use between the stop data transfer supply a variety of transmission methods, this one is called static swap agreements, ...

Microsoft windows October release of the 62 flaws vulnerability bug patch, and repair of the National researchers submitted the 0-day flaw vulnerability bug-vulnerability warning-the black bar safety net

Microsoft on Tuesday's Patch Tuesday on the breath announced a 62 bug. the bug of the patch, which contains a has been applied to the major Office 0-day exploits flaws in the bug, this is by memory of the destruction occasioned by the long-distance code to perform vulnerability flaws bug（...

Important vulnerabilities early warning: the Windows DNS client in the broke multiple heap buffer overflow flaws vulnerabilities in bug-bug warning-the black bar safety net

Microsoft has in the 2017 year 10 months official fix for the vulnerability CVE-2017-11779, the vulnerability includes the Windows DNS client in the plurality of memory corruption vulnerabilities, running Windows 8/Server 2012 and an updated version ofOSthe computer will be affected by this...

The latest Office 0day vulnerabilities flaws bug(CVE-2017-11826)in the wild attack warning-vulnerability warning-the black bar safety net

! 2017 9 May 28, 360 the focus of the Network Security Business Unit upscale intimidating response team to capture an application Office 0day vulnerabilities flaws bug（CVE-2017-11826 the Korean invasion attack. The vulnerability flaws bug nearly affect the Microsoft currently support all office...

To expose the spike Trend Micro multiple products RCE vulnerability flaws bug-a vulnerability warning-the black bar safety net

The framework of the network security of ever more and more give rise to a network security staff to the presence of dependents, for example, the Apache Struts case because within the framework of a wide range of vulnerabilities flaws bug the excitation of the network hits the firing presumably...

The flaws exploit the bug using the kit Exploit Kit simple history introduction-vulnerability warning-the black bar safety net

Malicious Trojan virus software as well as the rest of the unpopular French there are many ways to get into your computer, but in snapped past few years, the most popular of the two wrist is an e-mail to seduce and application vulnerability flaws bug the application kit. Now, the scum mail of...

dnsmasq:exposure out of the plurality of levels is quite high vulnerability-vulnerability warning-the black bar safety net

dnsmasq as a lightweight DNS and DHCP do, thanks to its simple and easy to use, in the SME case, and the Cloud Platform is widely used, contains libvirt, etc., component the YAP indirect application of it as a support. 2017 10 on 2 September, by Google safe team invention, a plurality of dnsmasq...

For Fibaro home center regulation device of the remote executable command flaws vulnerability oday studies-vulnerability and early warning-the black bar safety net

In my everyday ordinary su interest of time, I match the hobby to discuss some of the smart home and Internet of things equipment the coherence of hardware and software. Recently this period of time, I was known in the workshops of the equipment the adoption of network security solutions. In my...

BlueBorne Bluetooth flaws vulnerability bug depth research and PoC-vulnerability warning-the black bar safety net

The other day, and armis burst a series of Bluetooth flaws, no war no perception of the receiving system can be a bit can be hacked, and essentially impact all of the Bluetooth equipment, the persecution of the immeasurable, can be seen here https://www.armis.com/blueborne/ to understand how it...

Depth study of the IE browser address bar content leakage flaws vulnerability bug-vulnerability warning-the black bar safety net

In this article, let's explore tool is IE reader, only the reader slightly hin state, but its users still a lot of TO is not negligence. I recently MSRC feel very comforting, since they are the things that the center of gravity moved to the Edge of the reader, plan flaws vulnerability bug, and th...

Linux PIE/stack memory corruption vulnerability flaws bug alert(CVE–2017–1000253)number-vulnerability warning-the black bar safety net

2015 4 on 14 September, Michael Davidson found PIE（Position Independent Executable mechanism to allow the part of the application of the French data segment is placed across the reserved memory area to form memory bounds, and thus incur the mention of the right to, and in the Linux Source Tree on...

Fan your face for 20! Apple system macOS High Sierra（10.13 announced before the release of the again exposed oday vulnerability flaws bug-a vulnerability warning-the black bar safety net

In Apple's estimation of 9 on 25 September the launch of its desktop and notebook computers the latest version of the manipulation of the system-macOS High Sierra（10.13 the previous several hours, a network security seminar staff announced on Twitter a video showing him in the macOS High Sierra...

SugarCRM new vulnerability is reproducible,a hacker attacker or can remote steal customer information data-vulnerability warning-the black bar safety net

SugarCRM audit a variety of network security achievements SugarCRM is more than a hotspot a customer relationship governance check-in Solution, and SugarCRM now important to have two major versions, that is necessary to pay the trade Edition and open source Community Edition, the eras of all ther...

About Redis unauthorized access flaws vulnerability bug want to do research use-vulnerability warning-the black bar safety net

redis is a high-performance in-memory database, but also support the memory data retained on the hard disk, to achieve persistent storage. Because redis does not force the visited authentication, incur not authorized to visit the hot spots of vulnerability bug-prone, the intruders take this...

Samba information leak flaws vulnerability is a bug vulnerability number CVE–2017–12163 in advance prevention publicity-vulnerability warning-the black bar safety net

Samba as a Linux and UNIX system implemented on the SMB Protocol is a freeware software in thenix category have a very wide range of application scenarios. Recently, the 360 Gear Team the security researchereven a Han,Hu JI-binfound that Samba SMB1 Protocol there is a security flaw, the attacker...

The latest exposure of the RTF vulnerability beside the use of research to explore the topic guide-vulnerability warning-the black bar safety net

0×1 details In recent days, Tencent computer housekeeper to capture a new office document virus samples, 经阐发为9月12号刚被微软修复的.NET Framework vulnerability flaws bug（CVE-2017-8759 the fields of intrusion samples. The vulnerability flaws of the bug with the previous rtf vulnerabilities flaws...

Joomla! LDAP injection leads to bypass the login authentication vulnerability bugCVE-2017-14596-vulnerability warning-the black bar safety net

With more than 8400 million downloads, Joomla! Is now the Internet's most popular CMS. It hosts a collection of world all website content and articles 3. 3 per cent. The use of code elucidating the object RIPS in the login controller detects a snapped celecoxib no invention of the LDAP injection...

Burp Suite is expose the presence of a remote code execution flaw vulnerability bug,I'll ask dare to continue to invade day the station?-vulnerability warning-the black bar safety net

Burp Suite is what? Confidence to engage in Web Network Security all know, the Burp Suite is for Web application to do network security testing of the integrated platform. It includes a lot of objects, and these objects program a lot of interface, can greatly accelerate our Web application networ...

Intrusion detection penetration magic Burp Suite uncovered a remote code executable flaws vulnerabilities of the bug, the official replied that it evidence is not conclusive-vulnerability warning-the black bar safety net

Recently, the outer Magenta network security staff revealed a the presence of the object long-distance code to perform vulnerability flaws bug the video, Burp Suite civil on Twitter about this reply: the video evidence is not sufficient, and there can be fabricated. Burp Suite Burp Suite is an...

iTerm2 by DNS requests may leak the user private information,your system terminal is reliable? - Vulnerability warning-the black bar safety net

On Mac developers can abnormal awareness of iTerm2, this terminal using the program, and have used it instead of the Apple civil terminal using the location. But just the day before, iTerm2 also there is a serious level of the rest of the network security score--the score was now actively reflect...

Tomcat remote code execution vulnerability flaws bug research CVE-2017-12615 and patch Bypass-vulnerability warning-the black bar safety net

9 on 19 May, Tencent Cloud Network Security intermediate monitoring to an Apache Tomcat fix the 2 serious has the rest of the vulnerability flaws of the bug, the separation of: information leakage vulnerability flaws bug（CVE-2017-12616, the long distance code to perform vulnerability flaws...

Many high-risk SVGA code execution vulnerability bug,VMware efforts to be patched-vulnerabilities and early warning-the black bar safety net

VMware this week announced a patch to fix a number of vulnerabilities flaws bug, contains a major vulnerability flaws bugs, exploits flaws bug touches the product containing ESXi, vCenter Server, Workstation and Fusion. This is the major vulnerability flaws bug number for CVE-2017-4924, which is ...

Mccafé McAfee LiveSafe MiTM RCE Vulnerability CVE-2017-3898 research topic-vulnerability warning-the black bar safety net

Vulnerability flaws bug overview The vulnerability flaws bugs affecting McAfee LiveSafe MLS 16.0.3 previous all version, the presence of the long-distance code to fulfill. This vulnerability flaws bug to allow the invasion of the attacker via the process of tampering with the HTTP after the end o...

ddos denial of service flaws vulnerability bug can cause Android System Information application crash,vulnerability number CVE-2017-0780-vulnerability warning-the black bar safety net

Occasionally we all YAP received some funny face Pack GIF, what, then, if this GIF will lead to you Android information application collapse? Recently, Trend Micro to Google to declare a rebuff-do flaws vulnerabilities bugs, and such flaws vulnerability bug happens to be able to do this, and even...

Android Message APP denial of service ddos vulnerability flaws bug(CVE-2017-0780)the use of the research-vulnerability warning-the black bar safety net

0×01 flaws vulnerabilities in the bug description 9 on 7, Trend Micro announced a review of the CVE-2017-0780: rebuff-do flaws vulnerability bug can be incurred Android Message App the collapse of the articles. This morning had confirmed that the flaws vulnerabilities bug on the latest version of...

Struts 2 S2-053 flaws vulnerability bug thematic research with the POC-the exploit-warning-the black bar safety net

Flaws vulnerability bug overview Flaws vulnerability bug example Long distance code to fulfil flaws vulnerability bug CVE-ID CVE-2017-1000112 Persecution of the grade High-risk Impact version Struts 2.0.1 Struts 2.3.33 Struts 2.5 – Struts 2.5.10 Flaws vulnerability bug persecution When the...

Microsoft the Microsoft . NET Framework flaws vulnerability bug（CVE–2017–8759）alerts-a vulnerability alert-the black bar safety net

Accident with a view 8 on 24 May, the 360 focus of the Network Security Business Unit capture to a new office high-end intimidating intrusion attacks. 12, Microsoft stopped large-scale network security updates including CVE-2017-8759 of. The same time, FireEye also promulgated the invention of th...

Bluetooth agreement flaws vulnerability:BlueBorne attack affected the number of 10 million Bluetooth equipped-vulnerability warning-the black bar safety net

! Description Armis Labs show an intrusion attack vector, such that the mounting tributary of the move, the desktop, and IoT operating systems include Android, iOS, Windows, Linux systems and equipment are subject to its influence. It is through the process of atmosphereairbornecan be spread, and...

Bluetooth agreement revealed eight major security vulnerability bug, capable of affecting fifty-three billion Bluetooth the efficacy of the equipment-vulnerability warning-the black bar safety net

If you use a Bluetooth-enabled device, whether smartphone, laptop, or Smart TV, Smart Car, or other IoT devices, have to be careful. Recent researchers found the Bluetooth Protocol, 8 0-day vulnerabilities, of which 3 are classified as severity level. These vulnerabilities may affect the 53 milli...

Nearly half of Apple iOS users not to upgrade to the latest version easily by a known high-risk flaws vulnerability bug violations-vulnerability warning-the black bar safety net

the iOS system has always been to its good safety deep to give a large user of trust, in particular its security into the level rate with Android than there is a significant upper hand. But according to baidu security Labs hundreds of millions of the Taiwan Strait within the iOS equipment system...

A newline character causes the Oscar vulnerability 0day(CVE-2017-8759)reproduction-latest Office the highest level of threat attack warning-vulnerability warning-the black bar safety net

Krzysztof, the 360 group focus of the Security Business Unit elucidating the team invented a new type of Office document high-end intimidating onslaught, the 进击应用了9月12日补钉刚修复的.NET Framework flaws vulnerability bug, the flaw exploits a bug in the field is applied for 0day condition, the user closed...

D-link ten vulnerabilities 0Day studies attach detailed procedures-vulnerability warning-the black bar safety net

Security researcher Pierre Kim recently revealed the D-Link DIR 850LAC1200-Type Dual-Band Gigabit cloud router is exposed 10 a safety score comprisesXSSattack invasion, shortage of proper firmware cover, back door and root mention the right. Here are 10 Safety scores are: Firmware to. The firmwar...

Microsoft Windows kernel Pool overflow flaws vulnerabilities bug:object is a combination of Spray vulnerability use-vulnerability warning-the black bar safety net

This article I will first briefly introduce a Foundation with the Windows kernel pool overflow exploit bugs, flaws, and how to use hybrid kernel object radiation the kernel pool, via a process shrouded TypeIndex order to achieve flaws in the application. 0x01 the first volume In the added complet...

Struts2 new flaws vulnerability bug（S2-052 presents the use case, and face the vulnerability flaws of the enterprise-the race against time-vulnerability warning-the black bar safety net

Prior to the black bar safety net it S2-052）vulnerabilities done in a special thematic report, I believe we also have understand! Recently from the Cisco Talos experimental study of the analysis chamber and NVISO laboratory for the research staff also found that there was an attacker of real use ...

how2heap vulnerability technical research and analysis summary of-under-vulnerability warning-the black bar safety net

"how2heap"is shellphish team at Github on the open source stack flaws tutorial series. I this period of time non-stop in the refresher heap of flaws in the application of common sense,to see these applied skills in the future feel rewarding. This article is my training this tutorial series after ...

Microsoft windows the latest kernel has a vulnerability bug flaws: pass to kill all Windows version-bug warning-the black bar safety net

enSilo the research staff of the invention, a Microsoft kernel flaws, onslaught can take to bypass the anti-virus system and loaded vicious thoughts software. The flaws exist in the PsSetLoadImageNotifyRoutine, affects Windows 2000 to Windows 10 all editions. ! Microsoft in Windows 2000 to enable...

Described in the CTF game found Python deserialization BUG vulnerability flaws-vulnerability warning-the black bar safety net

In the first few days, I had the privilege to join the ToorConCTF（https://twitter.com/toorconctf in addition this event the process of my first time in Python in the invention the sequence of the flaws. In our competition process, there are two provocative touch to be able to perhaps receive the...

The Struts S2-052 vulnerability bug bounce Shell test-vulnerability warning-the black bar safety net

S2-052 had burst a few days, I also join in the fun hurry up and build the case feel a bit. Don't rest is how, me just beginning the test of time, feel able to fulfil the Royal Decree of unparalleled unlimited: there is no echo, the creation of a designated content files are very difficult, and...

Samsung, Huawei and other phone Bootloader was traced to the presence of many high-risk bug-vulnerability warning-the black bar safety net

California University research team to create the main stream mobile platform in the bootloader exists in the code test and the DOS of the security gap. Workshop staff with a BootStomp to create 6 new found cracks, 5 of which division is the manufacturer to confirm. There is also a su XI reported...

Struts2 S2-052(CVE-2017-9805)remote code execution vulnerability bug research-vulnerability warning-the black bar safety net

Struts2 S2-052 remote code perform vulnerability bug and the previous Struts2 vulnerability bug there is a difference, S2-052 operating the Java deserialization cracks, rather than reputation notorious ognl in. The flaws of the trigger point is the REST plug-in to parse begged in the xml file, ca...

For Youtube advanced Flash vulnerability bug research-vulnerability warning-the black bar safety net

A, media Flash is still a lively intimidating origin. In 2017, I isolated to Facebook, Youtube, WordPress, Yahoo, Paypal and Stripe to submit a Flash flaws. In the past 3 years, I to the flaws winning the narratives presented across 50 Flash flaws, get across the 80k dollar awards. Since Spirit i...

Apache Struts2–052 vulnerability research alert-vulnerability warning-the black bar safety net

The REST Plugin is using a XStreamHandler with an instance of XStream for deserialization without any type of filtering and this can lead to Remote Code Execution when deserializing XML payloads. - The Apache Struts civil peace Bulletinreference 1 2017 9 5 March, the Apache Struts announcement of...