Cyber criminals behind the Retefe banking Trojan have improved it by adding a new component that uses the NSA exploit EternalBlue. ETERNALBLUE is the alleged NSA exploit that made the headlines with DOUBLEPULSAR in the WannaCry attack and NotPetya massive attacks. ETERNALBLUE targets the SMBv1 protocol and it has become widely adopted in the community of mal

Over the last two articles of this series, we have come a long way around kernel exploitation. We started with finding a buffer overflow in driver code to parsing of different structures to steal the token. In the final part of this series, we will combine the whole parts plus provide some finishing touches to complete the exploit.In last part of this

Kaspersky researchers discovered a new attack technique leveraging an undocumented Word feature to gather information on users. Kaspersky researchers discovered a new attack technique leveraging Microsoft Word documents to gather information on users. The technique is innovative because it doesn’t use active content such as macros or exploits, it exploits an

Hackers have exploited security weaknesses in SS7 protocol to break into a GMail account, take control of a bitcoin wallet and steal funds. In June 2016, researchers with Positive Technologies demonstrated that it is possible to hack Facebook accounts by knowing phone numbers by exploiting a flaw in the SS7 protocol. The technique allows bypassing any securi

In Part 1 of this article series, we had reverse engineered the driver and identified buffer overflow vulnerability in it. In this part, we will cover the next step of developing the exploit, and for that, we will have to go through various structures and offset. Since this a kernel land exploitation, a typical MSFvenom shellcode will not work.The expl

In this article series, we will learn about kernel exploitation using a driver HackSysExtremeVulnerableDriver built by Ashfaq Ansari. The driver has many vulnerabilities built into it, and we will try and exploit all of them in this series. In this part, we will work on identifying the buffer overflow vulnerability present in the driver and try to expl

The IBM X-Force Vulnerability Database (XFDB), which holds over 100,000 publicly disclosed vulnerabilities, is chock-full of insights concerning the cybersecurity threat landscape. Much of the data is publicly available directly on the IBM X-Force Exchange platform and can be accessed by users anytime. In reviewing the database on an ongoing basis, the IBM

The company ZERODIUM announced it will pay up to $1 million for fully working zero day exploits for Tor Browser on Tails Linux and Windows OSs. The zero-day broker Zerodium offers $1 million for Tor Browser exploits with the intent to unmask Tor users. The controversial firm will then resell the zero-day exploit for Tor browser to law enforcement and governm

Media and experts speculate Equifax Hack was the result of the exploitation of the recently discovered critical vulnerability CVE-2017-9805 in Apache Struts. Last week Equifax reported a huge data breach, hackers accessed its systems between mid-May and late July. The incident affected roughly 143 million U.S. consumers and some customers in the U.K. and Can

Hackers are exploiting in the wild a critical remote code execution vulnerability in Apache Struts 2, tracked as CVE-2017-9805, that was patched a few days ago. The vulnerability tracked as CVE-2017-9805 is related to the way Struts deserializes untrusted data, it affects all versions of Apache Struts since 2008, from Struts 2.5 to Struts 2.5.12. The experts

A design flaw within the Windows kernel could be exploited by attackers to evade antivirus and stop them from recognizing malware. A design flaw within the Windows kernel is the root cause for antivirus stopping from recognizing malware, and the bad news is that Microsoft won’t fix it because the tech giant doesn’t consider it as a security issue

Critical vulnerability CVE-2017-9805 in Apache Struts could be exploited by attackers to take over affected web servers. Security researchers at LGTM (lgtm.com) have discovered a critical remote code execution vulnerability in the Apache Struts that could be exploited by a remote attacker to run malicious code on the vulnerable servers. “Security rese

Recently the The FDA and Homeland Security have issued alerts about vulnerabilities in 4,65,000 pacemakers. The devices can be remotely “hacked” to increase activity or reduce battery life, potentially endangering patients. Feasible vulnerabilities: Absence of memory and encryption: In such embedded devices there is a lack to support proper cryptographic e

An Instagram flaw allowed hackers to access profile information for high-profile users, the incident was confirmed by the company. Instagram has recently suffered a possibly serious data breach with hackers gaining access to the phone numbers and email addresses for many “high-profile” users. Hackers recently accessed personal information of R

Zimperium Researcher Adam Donenfeld released an iOS Kernel Exploit PoC that can be used to gain full control of iOS mobile devices. Researcher Adam Donenfeld of mobile security firm Zimperium published a Proof-of-concept (PoC) for recently patched iOS vulnerabilities that can be chained to gain full control of iOS mobile devices. The expert called the PoC ex