Hack the Virtual Memory: malloc, the heap & the program break
2017-05-16
The heap In this chapter we will look at the heap and malloc in order to answer some of the questions we ended with at the end of the previousRead More →
New Shadow Brokers Message Teases Data From Nuke Programs, Windows 10 Exploits
2017-05-16
Today, the Shadow Brokers have published a new message teasing new exploits for people who register for a new membership program the group has announced for next month, June 2017.Read More →
Fake WhatsApp.com URL gets users to install adware
2017-05-16
Next time someone links you to whatsapp.com, make sure you take a second look. There’s some adware currently circulating around the web by tricking users to visit a ‘шһатѕарр.com’ domainRead More →
Virulent WCry ransomware worm may have North Korea’s fingerprints on it
2017-05-16
Identical code ties Friday’s attacks to hacks on Sony Pictures and $1bn bank heist. A researcher has found digital fingerprints that tie the WCry ransomware worm that menaced the worldRead More →
How To Protect Yourself From WannaCry Ransomware?
2017-05-15
Short Bytes: WannaCry 2.0 or WannaDecrypt0r 2.0 ransomware is turning out to be one of the biggest security threats of recent times. It has spread in over 150 countries and affectedRead More →
Why “Just Patch It!” Isn’t as Easy as You Think
2017-05-15
At the Zero Day Initiative (ZDI), we see patches in a way few do. We get the initial report from a researcher, we verify the issue internally, we notify theRead More →
Vault7 – Wikileaks published documentation for AfterMidnight and Assassin malware
2017-05-15
WikiLeaks Reveals two distinct malware platforms codenamed AfterMidnight and Assassin used by the CIA operators to target Windows systems. While critical infrastructure worldwide and private organizations were ridiculed by the WannaCryRead More →
Honeypot Server Gets Infected with WannaCry Ransomware 6 Times in 90 Minutes
2017-05-15
The WannaCry ransomware — also known as WCry, Wana Decrypt0r, WannaCrypt, and WanaCrypt0r — infected a honeypot server made to look like a vulnerable Windows computer six times in theRead More →
NEW JAFF RANSOMWARE PART OF ACTIVE NECURS SPAM BLITZ
2017-05-13
A new malware family called Jaff has been identified by researchers who say they are currently tracking multiple massive spam campaigns distributing the malware via the Necurs botnet. “It cameRead More →
WCry is so mean Microsoft issues patch for 3 unsupported Windows versions
2017-05-13
Decommissioned for years, Windows XP, 8, and Server 2003 get emergency update. A day after a ransomware worm infected 75,000 machines in 100 countries, Microsoft is taking the highly unusualRead More →
An NSA-derived ransomware worm is shutting down computers worldwide
2017-05-13
Wcry uses weapons-grade exploit published by the NSA-leaking Shadow Brokers. A highly virulent new strain of self-replicating ransomware shut down computers all over the world, in part by appropriating aRead More →
New IOT Attack Linked To Iran – Persirai Malware Strikes at IP Cameras in Latest IOT Attack
2017-05-13
Trend Micro has discovered a new attack on internet-based IP cameras and recorders powered by a new Internet of Things (IOT) bot dubbed PERSIRAI. Trend Micro has discovered a newRead More →
Vanilla Forums has a plain-flavoured zero-day
2017-05-12
PHPMailer bug leads to remote code execution via HTTP. Updated The popular Vanilla Forums software needs patching against a remote code execution zero-day first reported to the developers in DecemberRead More →
Major French news sites victim of DDoS attack
2017-05-12
Major news sites in France including Le Monde and Le Figaro went down yesterday in the fallout of a DDoS attack. Many of the biggest French news sites were hitRead More →
Telefonica Tells Employees to Shut Down Computers Amid Massive Ransomware Outbreak
2017-05-12
A ransomware outbreak is wreaking havoc all over the world, but especially in Spain, where Telefonica — one of the country’s biggest telecommunications companies — has fallen victim, and itsRead More →
OnePlus OTAs: Analysis & Exploitation
2017-05-12
In this blog post we present new trivial vulnerabilities found on OnePlus One/X/2/3/3T OxygenOS & HydrogenOS. They affect the latest versions (4.1.3/3.0) and below. The vulnerabilities allow for a Man-in-the-MiddleRead More →
Exploiting the Linux kernel via packet sockets
2017-05-12
Lately I’ve been spending some time fuzzing network-related Linux kernel interfaces with syzkaller. Besides the recently discovered vulnerability in DCCP sockets, I also found another one, this time in packetRead More →
Edge Security Flaw Allows Theft of Facebook and Twitter Credentials
2017-05-11
Argentinean security researcher Manuel Caballero has discovered another vulnerability in Microsoft’s Edge browser that can be exploited to bypass a security protection feature and steal data such as passwords fromRead More →
Linux and Other Open Source Technologies Protect Online Privacy: Snowden
2017-05-11
Short Bytes: At the OpenStack Summit, the ex-NSA contractor talked about the downsides of proprietary software and their threat to people’s privacy. Snowden promotes the use of open source softwareRead More →
Keylogger Found in Audio Driver of HP Laptops
2017-05-11
The audio driver installed on some HP laptops includes a feature that could best be described as a keylogger, which records all the user’s keystrokes and saves the information toRead More →
