This post is aimed at those new to exploit development and wanting to understand the end-to-end process and types of techniques that need to be employed in order to realiseRead More →
written by Bob Baldwin who works at Facebook. This note was about Facebook launching it’s new feature of commenting using videos. eg. Now, users were allowed to upload a videoRead More →
The DUBNIUM campaign in December involved one exploit in-the-wild that affected Adobe Flash Player. In this blog, we’re going to examine the technical details of the exploit that targeted vulnerabilityRead More →
Advantech has published a new version of its WebAccess product to address vulnerabilities that put installations at risk to remote code execution attacks. Exploiting the vulnerabilities would be a challenge,Read More →
There’s something fishy about this botnet. Social media and advertising fraud investigations firm Sadbottrue has discovered a botnet of three million Twitter accounts, along with two smaller botnets of 100,000 botsRead More →
We came across a family of mobile malware called Godless (detected as ANDROIDOS_GODLESS.HRX) that has a set of rooting exploits in its pockets. By having multiple exploits to use, GodlessRead More →
Users are now prompted to update to the latest version. Apple is now blocking older versions of Adobe’s Flash Player because of security vulnerabilities that were patched in the most recentRead More →
On June 1st, I reported an arbitrary recursion bug in the Linux kernel that can be triggered by a local user on Ubuntu if the system was installed with homeRead More →
An unnamed hacker hacked the video conferencing software used by the Quebec Liberal Party and shared the news with the media. Politicians are a privileged target of hackers, in manyRead More →
Selfrando is an alternative to ASLR memory randomization. At the start of June, the Tor Project released version 6.5a1 of the Tor Browser, but compared to previous releases, this one alsoRead More →
Today the federal Government Accountability Office (GAO) finally published its exhaustive report on the FBI’s face recognition capabilities. The takeaway: FBI has access to hundreds of millions more photos thanRead More →
Python’s built-in URL library (“urllib2” in 2.x and “urllib” in 3.x) is vulnerable to protocol stream injection attacks (a.k.a. “smuggling” attacks) via the http scheme. If an attacker could convinceRead More →
Users of the TeamViewer remote-access service have beencomplaining in recent weeks about how their systems have been hacked into, unauthorized purchases made on their cards, their bank accounts emptied. Initially itRead More →
A researcher in China has discovered a design flaw in Microsoft Windows that affects all versions of the operating system—including Windows 10—and lets an attacker hijack a victim organization’s networkRead More →
Even where users have chosen strong passwords and taken extrasecurity measures, their Facebook FB -0.29% accounts are not safe from hackers. Researchers have proven just that by taking control of a FacebookRead More →
Vpon is one of many mobile ad SDKs marketed towards mainland Chinese and Taiwanese developers and app users. Recently, FireEye mobile security researchers identified a branch of Vpon ad SDKRead More →
Hackers contracted by the DoD under the Hack the Pentagon initiative have found more than 100 vulnerabilities exceeding Government’s expectations. Do you remember the ‘Hack the Pentagon‘ initiative? ‘Hack the Pentagon’ isRead More →
A DODGY new device can clone up to 15 contactless bank cards every second. Crooks use the hi-tech hacking unit to fund shopping sprees using stolen details. The scanner skims detailsRead More →
Fake Twitter account for Pulse nightclub asks for “contributions” through scam site. The vultures have already begun to descend on the tragedy in Orlando, Florida. A fake Twitter account claimingRead More →
A short while ago, slipstream/RoL dropped an exploit for the ASUS memory mapping driver (ASMMAP/ASMMAP64) which was vulnerable to complete physical memory access (read/write) to unprivileged users, allowing for localRead More →
