Security

Home / Security

Install YAWAST – The Antecedent Web Application Security Toolkit

YAWAST is an application meant to simplify initial analysis and information gathering for penetration testers and security auditors. It performs basic checks in these categories: TLS/SSL - Versions and cipher suites supported; common issues. Information Disclosure - Checks for common information leaks. Presence of Files or Directories - Checks for files or directories that could [...]

By | October 24th, 2016|Pentest|

QRLJacker – QRLJacking Exploitation Framework

QRLJacker is a python framework which is used to exploit services that rely on QR code authentication. #QRLJacker is a customizable framework to demonstrate "QRLJacking Attack Vector" and shows how easy to hijack services that relies on QR Code Authentication. Installation Installation on Windows After downloading the framework and Python: cd QrlJacking-Framework pip install -r [...]

By | October 24th, 2016|Pentest|

DDoS Attack on Dyn DNS and Level3 Outages

Twitter, Reddit, Spotify, PSN, XBox, Netflix, Github, PayPal and bunch of other websites were offline earlier today. That’s because someone conducted a massive distributed denial of service (DDoS) attack on the Dyn DNS, a world renowned Domain Name Servers (DNS) service provider. You can read the most recent status messages at DynDNS. So far there [...]

By | October 21st, 2016|Attacks, Security|

How To Patch Linux Kernel Zero Day DirtyCow Vulnerability CVE-2016-5195

A zero-day local privilege escalation vulnerability has been found in the Linux kernel that has existed since 2005, being called DirtyCow. This bug affects a large number of popular Linux distros as well as Android devices. By exploiting the DirtyCow vulnerability, any user can become root (admin) in less than 5 seconds. The vulnerability has [...]

By | October 21st, 2016|Linux, Security, System Administration, Zero-Day|

New Cerber Ransomware Switches To A Random Extension And Ends Database Processes

A new variant of the Cerber ransomware kills common database-related processes like those of the MySQL, Oracle and Microsoft SQL servers to encrypt files. The most notable change is the switch from the static .Cerber3 extension for encrypted files to a random 4 character extension, the use of a HTA file as the ransom note, [...]

By | October 6th, 2016|Ransomware, Security|

How to Enable Encryption (Secret Conversations) on Facebook Messenger

As of yesterday, all of Facebook's 900 million Messenger users should be able to choose to have specific chat threads use end-to-end encryption, protecting a message from all eyes except the sender and recipient. Called Secret Conversations, the feature also allows users to set messages to self-destruct anywhere between five seconds to one day. Once [...]

By | October 6th, 2016|Apps, Security|

CVE-2016-1453 Cisco Nexus 7000 and 7700 Series Switches Buffer Overflow Vulnerability

Earlier today, Cisco released a critical security advisory affecting its Nexus 7000 and Nexus 7700 Series Switches, CVE-2016-1453. A vulnerability in the Overlay Transport Virtualization (OTV) generic routing encapsulation (GRE) implementation of the Cisco Nexus 7000 and 7700 Series Switches could allow an attacker to cause a reload of the affected system or to remotely [...]

By | October 5th, 2016|Cisco, Security, System Administration|

CVE-2016-8332 – OpenJPEG Zero-Day Bug Allows Remote Code Execution

Cisco Talos researchers have uncovered a severe zero-day flaw in the OpenJPEG JPEG 2000 codec which could lead to remote code execution on compromised systems. This flaw has been given the code name CVE-2016-8332, with a CVSS score of 7.5 and it is being regarded as an out-of-bounds vulnerability. This means, this vulnerability can heap [...]

By | October 4th, 2016|Security, Zero-Day|
Load More Posts