Hacker hijacked more than 150,000 printers
2017-02-11
For many of us hacking of printers seems to be next to impossible thing. But, a hacker has hacked more than 150,000 printers via the internet. The attack affected allRead More →
2 thoughts on “Code Execution in SQL Server via Fileless CLR-based Custom Stored Procedures”
2017-02-11
Recently I was given the task of performing command execution on a compromised MSSQL server with the following restrictions: No use of the xp_cmdshell stored procedure. No writing anything toRead More →
WhatsApp Brings Two-step Verification For 1.2 Billion Users, Here’s How To Enable It
2017-02-11
Short Bytes: WhatsApp has enabled two-step verification option for all its 1.2 billion users. After enabling this optional feature, any attempt to verify your phone on a smartphone will needRead More →
Quickly Add an .onion URL to Your Site with the Enterprise Onion Toolkit (EOTK)
2017-02-10
Security researcher and software engineer Alec Muffett has created a new project called the Enterprise Onion Toolkit (EOTK), which can help website owners add a .onion URL for their site’sRead More →
The next generation of cyber attacks — PDoS, TDoS, and others
2017-02-10
2016 was a landmark year in cyber security. The cyber landscape was rocked as Internet of Things (IoT) threats became a reality and unleashed the first 1TB DDoS attacks —Read More →
Every website that uses jQuery Mobile, and has any open redirect is vulnerable to XSS
2017-02-10
Every website that uses jQuery Mobile, and has any open redirect anywhere is vulnerable to cross-site scripting (XSS) attacks. The jQuery Foundation’s jQuery Mobile project is an HTML5-based framework that allowsRead More →
Ticketbleed flaw in F5 Networks BIG-IP appliances exposed to remote attacks
2017-02-10
F5 Networks BIG-IP appliances are affected by a serious vulnerability, tracked as CVE-2016-9244 and dubbed ‘Ticketbleed’ that exposes it to remote attacks The F5 Networks BIG-IP appliances are affected by aRead More →
DynA-Crypt not only Encrypts Your Files, but Also Steals Your Info
2017-02-10
A new ransomware called DynA-Crypt was discovered by GData malware analyst Karsten Hahn that not only encrypts your data, but also tries to steal a ton of information from a victim’s computer. Ransomware andRead More →
Owning a Locked OnePlus 3/3T: Bootloader Vulnerabilities
2017-02-09
In this blog post I disclose two vulnerabilities in the OnePlus 3/3T bootloader. The first one, CVE-2017-5626, is a critical severity vulnerability affecting OxygenOS 3.2-4.0.1 (4.0.2 is patched). The vulnerabilityRead More →
Fileless attacks against enterprise networks
2017-02-09
During incident response, a team of security specialists needs to follow the artefacts that attackers have left in the network. Artefacts are stored in logs, memories and hard drives. Unfortunately,Read More →
