Researchers at CyberArk Labs have created a post-intrusion attack technique known as a Golden SAML that could allow an attacker to fake enterprise user identities and forge authentication to gainRead More →
Mac malware, Proton, is spreading through a legitimate security company. Security researchers spotted criminals using search poisoning to get more targets and leverage the credibility of Symantec in the industry.Read More →
We encountered a few interesting samples of a file-encoding ransomware variant implemented entirely in VBA macros called qkG (detected by Trend Micro as RANSOM_CRYPTOQKG.A). It’s a classic macro malware infectingRead More →
There’s certainly no shortage of commercial spying apps for Android, with most positioned as parental control tools. In reality, however, these apps barely differ from spyware, with the exception perhapsRead More →
The vulnerability could be exploited to perform remote code execution. HP has issued firmware patches to fix a security flaw which allowed attackers to perform remote code execution attacks onRead More →
After releasing the new kernel update for Ubuntu 16.04 LTS (Xenial Xerus) systems to patch 13 security vulnerabilities, Canonical announced the availability of a major kernel update for Ubuntu 17.10. IfRead More →
Well over 400 high profile websites are collecting all the keys that you’ve pressed, and it turns out that most of them don’t even know about it. When we hearRead More →
For many pentesters, Meterpreter’s getsystem command has become the default method of gaining SYSTEM account privileges, but have you ever have wondered just how this works behind the scenes? In this postRead More →
The company’s former chief security officer kept the hack a secret. Uber concealed a massive data breach for more than a year, according to a report by Bloomberg. Hackers stole names, emailRead More →
Bugs in Intel’s firmware allow remote code execution, data exfiltration and more. Bugs in the underlying firmware of multiple Intel chip families have left laptops, servers and storage appliances vulnerableRead More →
The Adwind cross-platform, malware-as-a-service Trojan has been around since 2012. Spread by phishing emails claiming to be invoices, purchase orders, and requests for quotations, it’s aimed at high value targetsRead More →
During Penetration testing engagement you are required to backdoor a specific executable with your own shellcode without increasing the size of the executable or altering its intended functionality and hopefullyRead More →
Air-gapped computers are seen as high-value targets, so considerable research has gone into taking data from them — without a network connection. Here’s what you need to know. Researchers haveRead More →
Vulnerability allows to abuse option to restore files from quarantine and then deploy malware in sensitive location. Despite Microsoft making Windows Defender a more advanced security product, third-party antivirus solutionsRead More →
Trove included more than 1.8 billion posts spanning eight years, many from US people. A Pentagon contractor left a vast archive of social-media posts on a publicly accessible Amazon accountRead More →
Join us on YouTube or Facebook to learn how hacking works. Rick Ramgattie is a Security Analyst at Independent Security Evaluators, who will help us assess the security of the D-Link DIR-865LRead More →
Don’t worry, these vulnerabilities have already been patched out. Back in September, Bluetooth-connected device owners got a little scare when security firm Armis disclosed a new hack exploit known as BlueBorne. InRead More →
We discussed the re-emergence of banking malware EMOTET in September and how it has adopted a wider scope since it wasn’t picky about the industries it attacks. We recently discovered that EMOTETRead More →
The US clothes retailer FOREVER 21 announced it has suffered a security breach, hackers stole payment card data at some locations. Another data breach made the headlines, this time theRead More →
Join us on YouTube or Facebook to learn how hacking works. Today we’re going to learn how security researchers work. Adrian Bednarek is a security analyst at Baltimore’s Independent Security Evaluators (ISE),Read More →
