The Android Security Bulletin for March 2017 contains a bugfix for a unique security flaw exploitable via the headphones audio connector that could be leveraged to leak data from theRead More →
For many years, MAC Address Randomization was slated as the next big thing for protecting user privacy on the modern Internet. The standard, which works by deploying a new MACRead More →
Shorebreak Security penetration testers discovered seven serious vulnerabilities in the dnaLIMS web application during the course of a blackbox penetration test for a customer. Shorebreak notified the vendor, who appears toRead More →
Last month at the RSA 2017 conference, we ran a live demo of Cylance’s UEFI Ransomware proof of concept at our ‘Hacking Exposed Next-Gen’ talk. In the demo, we targetedRead More →
Sometimes at Exploitee.rs, we look for fun devices to hack and sometimes the devices find us. Today we’re going to talk about a recent time where we found ourselves inRead More →
A new service launched on the Dark Web this week simplifies the process of tricking victims whose card details have been exposed into revealing their card’s PIN. The service, whichRead More →
Delivered by “secure” Word doc, pure PowerShell malware fetches commands from DNS TXT records. Researchers at Cisco’s Talos threat research group are publishing research today on a targeted attack deliveredRead More →
Zscaler has fixed persistent XSS vulnerabilities affecting Zscaler Cloud management software that allow logged attackers to hack coworkers. Serious cross-site scripting (XSS) flaws in the Zscaler Cloud management software could be exploitedRead More →
A few words about caching and reactions Websites often tend to use web cache functionality (for example over a CDN, a load balancer, or simply a reverse proxy). The purposeRead More →
EHR data are precious commodities in the cyber criminal underground because of the lack of cyber security of healthcare industry. Electronic health record databases are becoming the most precious commoditiesRead More →
