Hacker hijacked more than 150,000 printers
2017-02-11
For many of us hacking of printers seems to be next to impossible thing. But, a hacker has hacked more than 150,000 printers via the internet. The attack affected allRead More →
2 thoughts on “Code Execution in SQL Server via Fileless CLR-based Custom Stored Procedures”
2017-02-11
Recently I was given the task of performing command execution on a compromised MSSQL server with the following restrictions: No use of the xp_cmdshell stored procedure. No writing anything toRead More →
WhatsApp Brings Two-step Verification For 1.2 Billion Users, Here’s How To Enable It
2017-02-11
Short Bytes: WhatsApp has enabled two-step verification option for all its 1.2 billion users. After enabling this optional feature, any attempt to verify your phone on a smartphone will needRead More →
Quickly Add an .onion URL to Your Site with the Enterprise Onion Toolkit (EOTK)
2017-02-10
Security researcher and software engineer Alec Muffett has created a new project called the Enterprise Onion Toolkit (EOTK), which can help website owners add a .onion URL for their site’sRead More →
The next generation of cyber attacks — PDoS, TDoS, and others
2017-02-10
2016 was a landmark year in cyber security. The cyber landscape was rocked as Internet of Things (IoT) threats became a reality and unleashed the first 1TB DDoS attacks —Read More →
Every website that uses jQuery Mobile, and has any open redirect is vulnerable to XSS
2017-02-10
Every website that uses jQuery Mobile, and has any open redirect anywhere is vulnerable to cross-site scripting (XSS) attacks. The jQuery Foundation’s jQuery Mobile project is an HTML5-based framework that allowsRead More →
Ticketbleed flaw in F5 Networks BIG-IP appliances exposed to remote attacks
2017-02-10
F5 Networks BIG-IP appliances are affected by a serious vulnerability, tracked as CVE-2016-9244 and dubbed ‘Ticketbleed’ that exposes it to remote attacks The F5 Networks BIG-IP appliances are affected by aRead More →
DynA-Crypt not only Encrypts Your Files, but Also Steals Your Info
2017-02-10
A new ransomware called DynA-Crypt was discovered by GData malware analyst Karsten Hahn that not only encrypts your data, but also tries to steal a ton of information from a victim’s computer. Ransomware andRead More →
Owning a Locked OnePlus 3/3T: Bootloader Vulnerabilities
2017-02-09
In this blog post I disclose two vulnerabilities in the OnePlus 3/3T bootloader. The first one, CVE-2017-5626, is a critical severity vulnerability affecting OxygenOS 3.2-4.0.1 (4.0.2 is patched). The vulnerabilityRead More →
Fileless attacks against enterprise networks
2017-02-09
During incident response, a team of security specialists needs to follow the artefacts that attackers have left in the network. Artefacts are stored in logs, memories and hard drives. Unfortunately,Read More →
Windows 10 Cloud already hacked to run Win32 programs
2017-02-09
Windows 10 Cloud, Microsoft’s new (and likely free) operating system hasn’t been officially announced yet, but the first build of it leaked over the weekend, giving people a chance toRead More →
Detailed threat analysis of Shamoon 2.0 Malware
2017-02-09
Our Previous post talked about the initial overview of the Shamoon 2.0 sample .This analysis is a continuation of our last post but with a more insight on the workingRead More →
Valve is going to fix a serious vulnerability in Steam online gaming platform
2017-02-09
The online game platform Steam is fixing a serious bug that could be exploited to redirect users to malicious websites and take over their profile. The popular online game platform Steam isRead More →
ATTACKERS CAPITALIZING ON UNPATCHED WORDPRESS SITES
2017-02-08
Attackers didn’t wait long to capitalize on laggards slow in updating their WordPress sites to patch a critical content injection vulnerability addressed in WordPress 4.7.2. The update was made publicRead More →
A rash of invisible, fileless malware is infecting banks around the globe
2017-02-08
Once the province of nation-sponsored hackers, in-memory malware goes mainstream. Two years ago, researchers at Moscow-based Kaspersky Lab discovered their corporate network was infected with malware that was unlike anythingRead More →
Iranian hackers are back with the MACDOWNLOADER MAC malware
2017-02-08
An Iranian espionage group has been using an unsophisticated strain of malware, dubbed MacDownloader, to steal credentials and other data from Mac users. A cyber espionage group linked to theRead More →
Erebus Ransomware Utilizes a UAC Bypass and Request a $90 Ransom Payment
2017-02-08
A sample of a potentially new ransomware called Erebus has been discovered by MalwareHunterTeam on VirusTotal. I say that this is a potentially new ransomware because TrendMicro had reported another ransomware usingRead More →
High-End Phishing Kit Automates Attacks on PayPal Accounts
2017-02-08
While many financial phishing schemes require development of bank- and region-specific phishing pages, PayPal’s international reach and widespread popularity mean that attackers can develop phishing pages once and attack inRead More →
New BSOD Devil Comes From The Internet And Crashes Your Windows 10, 8, 7, XP
2017-02-07
Short Bytes: A security researcher, who goes by the username lgandx, reported a severe vulnerability affecting Windows versions ranging from Windows XP to Windows 10. Due to the bug, an attackerRead More →
Android Ransomware Borrows One More Trick from Desktop Counterparts
2017-02-07
The infamous Lockdroid ransomware has gained a new feature, a banality among desktop malware, but a never-before-seen trick for Android ransomware. This new feature is the usage of a dropperRead More →
