HackDig : Dig high-quality web security articles for hacker

[SANS ISC] Simple Analysis of an Obfuscated JAR File

I published the following diary on isc.sans.org: “Simple Analysis of an Obfuscated JAR File“. Yesterday, I found in my spam trap a file named ‘0.19238000 1509447305.zip’ (SHA256: 7bddf3bf47293b4ad8ae64b8b770e0805402b487a4d025e31ef586e9a52add91). The ZIP archive contained a Java archive named ‘0.19238000 1509447305.jar’ (SHA256: b161c7
Publish At:2017-11-03 16:40 | Read:4189 | Comments:0 | Tags:Malware SANS Internet Storm Center Security Java JRAT SANS I

Java Key Store (JKS) format is weak and insecure

While preparing my talk for the marvelous BSides Zurich I noticed again how nearly nobody on the Internet warns you that Java’s JKS file format is weak and insecure. While users only need to use very strong passwords and keep the Key Store file secret to be on the safe side (for now!), I think it is important to tell people when a technology is weak. P
Publish At:2017-09-19 16:25 | Read:2626 | Comments:0 | Tags:Password cracking encryption Java Java Key Store JKS

Cracking Java’s weak encryption – Nail in the JKS coffin

POC||GTFO journal edition 0x15 came out a while ago and I’m happy to have contributed the article “Nail in the JKS coffin”. You should really read the article, I’m not going to repeat myself here. I’ve also made the code available on my “JKS private key cracker hashcat” github repository. For those who really need a
Publish At:2017-07-07 05:55 | Read:2625 | Comments:0 | Tags:Password cracking Android encryption hashcat Hashes Java JKS

FTP Injection flaws in Java and Python allows firewall bypass

The two programming languages, Java and Python, are affected by serious FTP Injection flaws that can be exploited by hackers to bypass any firewall. Attackers can trick Java and Python applications to execute rogue FTP commands that would open ports in firewalls The unpatched flaws reside in the way the two programming languages handle File Transfer Protocol
Publish At:2017-02-22 21:30 | Read:4339 | Comments:0 | Tags:Breaking News Hacking firewall FTP Injection Java Python sec

Keeping Adobe Flash Player

Years ago, Java exploits were a primary attack vector for many attackers looking to infect systems, but more recently, Adobe Flash Player took that mantle. After accounting for almost half of object detections during some quarters in 2014, Java applets on malicious pages decreased to negligible levels by the end of 2015, owing to a number of changes that hav
Publish At:2016-10-03 20:40 | Read:4220 | Comments:0 | Tags:Cybersecurity Adobe Adobe Flash Player Java Security

Enterprise NPM users to get help with security, licensing

NPM Inc, which oversees the popular NPM registry of JavaScript modules is enlisting outside help to provide guidance on security, code analysis, and licensing issues.Under an expansion of NPM Enterprise to be detailed today, NPM Inc. will partner with third parties to take care of auditing of modules via its NPM Enterprise add-ons service. The cu
Publish At:2016-07-05 09:20 | Read:2672 | Comments:0 | Tags:Application Development Development Tools Security Java Ente

Jenkins Remoting RCE II – The return of the ysoserial

Jenkins is a continuous integration server, widely used in Java environments for building automation and deployment. The project recently disclosed an unauthenticated remote code execution vulnerability discovered by Moritz Bechler. Depending on the development environment, a Jenkins server can be a critical part of the infrastructure: It often creates the
Publish At:2016-07-01 21:50 | Read:5176 | Comments:0 | Tags:Security Java jenkins serialization vulnerabilities

Patch Java immediately or attackers can hack you

The CVE-2016-0636 flaw affects Java SE running in web browsers on desktops, attackers can trigger it remotely to takeover your PC. Once again a serious security vulnerability affects the Java Oracle software, the new flaw coded as CVE-2016-0636 scored a 9.3 on the Common Vulnerability Scoring System bug severity rating. The CVE-2016-0636 vulnerability affect
Publish At:2016-03-24 13:55 | Read:3707 | Comments:0 | Tags:Breaking News Security CVE-2016-0636 Hacking Java Oracle Pie

Two-year-old Java flaw re-emerges due to broken patch

A patch for a critical Java flaw released by Oracle in 2013 is ineffective and can be easily bypassed, security researchers warn. This makes the vulnerability exploitable again, paving the way for attacks against PCs and servers running the latest versions of Java.The flaw, tracked as CVE-2013-5838 in the Common Vulnerabilities and Exposures (CVE) databa
Publish At:2016-03-11 10:35 | Read:3692 | Comments:0 | Tags:Security Patches Java

The return of HackingTeam with new implants for OS X

Last week, Patrick Wardle published a nice analysis of a new Backdoor and Dropper used by HackingTeam, which is apparently alive and well. Since HackingTeam implants are built on-demand for each target, and it appears that the samples mentioned in the blog were found in-the-wild, we wanted to take a closer look: to see how it works and what its functionality
Publish At:2016-03-02 14:55 | Read:4043 | Comments:0 | Tags:Blog Featured Research Apple Backdoor Banloader Cyber espion

Adwind: FAQ

Download full report PDF We have become aware of unusual malware that was found in some banks in Singapore. This malware has many names – it is known as Adwind RAT (Remote Access Tool), AlienSpy, Frutas, Unrecom, Sockrat, JSocket, and jRat. It is a backdoor available for purchase, and is written entirely in Java which makes it cross-platform. According to th
Publish At:2016-02-09 00:20 | Read:3306 | Comments:0 | Tags:Blog Featured Research Backdoor Cross-platform malware Cyber

Java “RAT-as-a-Service” backdoor openly sold through website to scammers

A family of Java-based malware that has given attackers a backdoor into Windows, Linux, Mac OS X, and Android devices since 2013 has risen from the dead once again as a "commercial" backdoor-as-a-service. It was recently detected in an attack on a Singapore bank employee. Previously known as AlienSpy or Adawind, the malware was all but shut down in 2015 afte
Publish At:2016-02-08 21:50 | Read:3244 | Comments:0 | Tags:Risk Assessment Technology Lab Java malware RAT remote acces

Java installer flaw shows why you should clear your Downloads folder

On most computers, the default download folder quickly becomes a repository of old and unorganized files that were opened once and then forgotten about. A recently fixed flaw in the Java installer highlights why keeping this folder clean is important.On Friday, Oracle published a security advisory recommending that users delete all the Java installers th
Publish At:2016-02-08 19:00 | Read:2880 | Comments:0 | Tags:Security Java

Oracle is planning to kill an attacker's favorite: The Java browser plug-in

Oracle will retire the Java browser plug-in, frequently the target of Web-based exploits, about a year from now. Remnants, however, will likely linger long after that."Oracle plans to deprecate the Java browser plugin in JDK 9," the Java Platform Group said in a blog post Wednesday. "This technology will be removed from the Oracle JDK and JRE in a future
Publish At:2016-01-28 11:45 | Read:3170 | Comments:0 | Tags:Security Application Development Java

Oracle fixes critical flaws in Java, Database Server

Oracle issued a gargantuan quarterly patch update this week, fixing a whopping 248 vulnerabilities across its product portfolio. Despite its size, Oracle Database, MySQL, and Java accounted for just a third of the fixes in the January Critical Patch Update.The January CPU addressed seven vulnerabilities in the Oracle Database Server, three for the Oracle
Publish At:2016-01-21 17:00 | Read:2828 | Comments:0 | Tags:Security Java Patches


Share high-quality web security related articles with you:)


Tag Cloud