HackDig : Dig high-quality web security articles for hacker

Episode 2.3 – Flash Exploits, PowerShell Hacking, Investigating the Elections, Expedia Hacker, Android Malware, a

Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. This episode features the following members: Dave Kennedy, Justin Elze, Geoff Walton, Rob Simon, Ben Ten Special thanks to Dual Core Music for the intro music!! Show links: http://www.infoworld.com/article/3148145/security
Publish At:2016-12-10 06:10 | Read:24 | Comments:0 | Tags:December 2016 exploit

Mirai - now with DGA, (Fri, Dec 9th)

Shortly after Miraiwas attributed to massive DDOS on OVH and Brian Krebsthe source code for Mirai was released on Github. This was a double edged sword. It gave security researchers insight into the code, but it also made it more available to those who may want to use it for nefarious purposes. Within days Mirai variants were detected. Now chinese researcher
Publish At:2016-12-10 00:30 | Read:65 | Comments:0 | Tags:No Tag

CVE-2015-1730: MSIE jscript9 Java­Script­Stack­Walker memory corruption details and PoC

Since November I have been releasing details on all vulnerabilities Ifound in web-browsers that I had not released before. I will try tocontinue to publish all my old vulnerabilities, including those not inweb-browser, as long as I can find some time to do so. If you find thisinformation useful, you can help me make more time available by donatingbitcoin to
Publish At:2016-12-09 23:30 | Read:78 | Comments:0 | Tags:No Tag

Splunk Enterprise Server-Side Request Forgery

( , ) (, . '.' ) ('. ', ). , ('. ( ) ( (_,) .'), ) _ _, / _____/ / _ ____ ____ _____ ____ ==/ /_ _/ ___/ _ / / / | \ __( <_> ) Y Y /______ /___|__ / ___ >____/|__|_| / / /.-. / /:wq (x.0) '=.|w|.=&
Publish At:2016-12-09 23:30 | Read:33 | Comments:0 | Tags:No Tag

Gstreamer ID3v2 v1.0 - Out of Bounds Read

Gstreamer ID3v2 v1.0 - Out of Bounds ReadA maliciously crafted ID3v2-tagged file enables an out-of-bounds memory read against Gstreamer 1.0.The Gstreamer ID3v2 implementation uses arbitrarily supplied data to generate buffers for the ID3v2 object and frames. By providing a maliciously crafted file with a null length in the ID3v2 header and an arbitrarily set
Publish At:2016-12-09 23:30 | Read:71 | Comments:0 | Tags:No Tag

Roundcube 1.2.2: Command Execution via Email

Roundcube 1.2.2: Command Execution via Email============================================You can find the online version of the advisory here:https://blog.ripstech.com/2016/roundcube-command-execution-via-email/Found by Robin Peraglie with RIPSIntroduction------------Roundcube is a widely distributed open-source webmail software used bymany organizations and
Publish At:2016-12-09 23:30 | Read:90 | Comments:0 | Tags:No Tag

Dual DHCP DNS Server 7.29 Buffer Overflow (Dos)

# Date : 07/12/2016# Author : R-73eN# Tested on: Dual DHCP DNS Server 7.29 on Windows 7 SP1 (32bit)# Vendor : http://dhcp-dns-server.sourceforge.net/# Software :https://sourceforge.net/projects/dhcp-dns-server/files/Dual%20DHCP%20DNS%20Server/DualServerInstallerV7.29.exe/download# Vulnerability Description:# The software crashes when it tries to write to an
Publish At:2016-12-09 23:30 | Read:92 | Comments:0 | Tags:No Tag

[ESNC-2041217] Critical Security Vulnerability in PwC ACE Software for SAP Security

*[ESNC-2041217] Critical Security Vulnerability in PwC ACE Software for SAPSecurity*Please refer to https://www.esnc.de for the original security advisory,updates, and additional information.*----------------------------------------------------------------------**1. Business Impact**----------------------------------------------------------------------*Accor
Publish At:2016-12-09 23:30 | Read:108 | Comments:0 | Tags: Vulnerability

MSIE 9 MSHTML CElement::Has­Flag memory corruption

Since November I have been releasing details on all vulnerabilities Ifound that I have not released before. This is the twenty-ninth entryin the series. This information is available in more detail on my blogat http://blog.skylined.nl/20161209001.html. There you can find a reprothat triggered this issue in addition to the information below.If you find these
Publish At:2016-12-09 23:30 | Read:53 | Comments:0 | Tags:No Tag

Broken access control on bluemix containers

# Date : 09/12/2016# Author : Oscar Martinez# Tested on:cf version 6.22.1+6b7af9c-2016-09-24 / Docker version 1.12.3,build 6b644ec / API endpoint: https://api.ng.bluemix.net (API version:2.54.0)API endpoint: https://api.ng.bluemix.net (API version: 2.54.0)# Vendor : IBM# Software : bluemix https://www.ibm.com/cloud-computing/bluemix/# Vulnerability Descr
Publish At:2016-12-09 23:30 | Read:49 | Comments:0 | Tags:No Tag

Hackers targeted the heavy industry ThyssenKrupp and stole industrial secrets

Alleged Asian hackers have targeted the German heavy industry giant ThyssenKrupp to steal company secrets. Hackers from Southeast Asia targeted the German heavy industry giant ThyssenKrupp in the attempt of obtaining “technological know-how and research results.” The news was announced on Thursday by a company spokesman that confirmed a report in
Publish At:2016-12-09 23:15 | Read:136 | Comments:0 | Tags:Breaking News Cyber Crime Hacking Security cyber espionage T

Hacker Interviews – Gabriel Bergel

Enjoy the interview with Gabriel Bergel  (@gbergel), one of the most talented hackers in the wild. Gabriel is an Infosec Rockstar and Viking-Cyborg (he loves Vikings and has had 2 chips inserted in his hands). He is the Founder & organizer of @8dot8, He’s CSO and owner of ‪@hacking4def, He’s CSA of‪ @ElevenPaths, He’s coordinator of ‪@i
Publish At:2016-12-09 23:15 | Read:36 | Comments:0 | Tags:Breaking News Hacking

Surface Defense DDoS platform – Gamification of attacks

A Turkish hacker is advertising into the hacking underground a new DDoS platform, dubbed Surface Defense (Translation to English). According to the security firm Forcepoint the hacker started prompting the DDoS platform in Turkey. He was offering a tool known as Balyoz, the Turkish word for Sledgehammer, that can be exploited by hackers to launch powerful DD
Publish At:2016-12-09 23:15 | Read:113 | Comments:0 | Tags:Breaking News Cyber Crime Hacking backdoor DDoS DDoS platfor

Popcorn Time ransomware, pay up the ransom or spread it to decrypt the files

Malware researchers from the MalwareHunterTeam have discovered a new strain of ransomware dubbed Popcorn Time on the Dark Web. Malware researchers from MalwareHunterTeam have spotted a new ransomware, dubbed Popcorn Time, that appears to be still under development. The researchers at MalwareHunterTeam found the Popcorn Time ransomware code on the Dark Web. T
Publish At:2016-12-09 23:15 | Read:62 | Comments:0 | Tags:Breaking News Cyber Crime Deep Web Malware Cybercrime Dark W

The U.S. Federal CISO and His First 100 Days

In September 2016, the White House announced the appointment of retired Brig. Gen. Gregory J. Touhill as the first federal chief information security officer (CISO). Touhill’s job is to drive cybersecurity, planning and implementation across the government. This announcement is presented as the culmination of several actions undertaken by the executive
Publish At:2016-12-09 22:10 | Read:90 | Comments:0 | Tags:CISO Government and Federal Chief Information Security Offic


Share high-quality web security related articles with you:)


Tag Cloud