Dark_Nexus Botnet Compromises Thousands of ASUS, D-Link Routers
Threatpost - 8 April 2020, 6:46 pm
Researchers say the botnet has emerged over the past three months and shares aspects with Mirai and Qbot.Read More
ThreatList: Skype-Themed Apps Hide a Raft of Malware
Threatpost - 8 April 2020, 4:23 pm
Hundreds of thousands of malware files are disguised as well-known social conferencing and collaboration apps.Read More
Slack in the security spotlight – lessons for collaboration servers
Naked Security - 8 April 2020, 4:02 pm
Interested in WFH collaboration tools right now? Lots of people are – so here’s a history lesson to learn from…Read More
WhatsApp Axes COVID-19 Mass Message Forwarding
Threatpost - 8 April 2020, 1:24 pm
Amid rampant misinformation, users of the Facebook-owned messaging platform can no longer send coronavirus messages to more than one user at a time.Read More
‘Fake Fingerprints’ Bypass Scanners with 3D Printing
Threatpost - 8 April 2020, 1:00 pm
New research used 3D printing technology to bypass fingerprint scanners, and tested it against Apple, Samsung and Microsoft mobile products.Read More
COVID-19 CISO Checklist for Securing a Remote Workforce
Threatpost - 8 April 2020, 1:00 pm
The CISO Checklist for Secure Remote Working was built to assist CISOs in navigating through COVID-19, providing them with a concise, high-level list of the absolute essentials needed to ensure their organization is well protected in these challenging times.Read More
Update Firefox again – more RCEs and an Android “takeover” bug too
Naked Security - 8 April 2020, 11:17 am
Hot on the heels of Firefox’s emergency update over the weekend are the four-weekly fixes that Mozilla had in train already. Get ’em now!Read More
Microsoft project proposed to aid Linux IoT code integrity
Naked Security - 8 April 2020, 11:10 am
Imagine a computer user from 2010 dreaming of a world in which Microsoft is not only an enthusiastic proponent of open source software but actively contributes to it with its own ideas. The time is now.Read More
As if the world couldn’t get any weirder, this AI toilet scans your anus to identify you
Naked Security - 8 April 2020, 10:52 am
It’s what the researchers call “A mountable toilet system for personalized health monitoring via the analysis of excreta.”Read More
Serious Exchange Flaw Still Plagues 350K Servers
Threatpost - 7 April 2020, 9:19 pm
The Microsoft Exchange vulnerability was patched in February and has been targeted by several threat groups.Read More
xHelper: The Russian Nesting Doll of Android Malware
Threatpost - 7 April 2020, 5:06 pm
Ultimately delivering the Triada payload, xHelper goes to great lengths to become virtually indestructible once installed on a smartphone.Read More
FIN6 and TrickBot Combine Forces in ‘Anchor’ Attacks
Threatpost - 7 April 2020, 4:57 pm
FIN6 fingerprints were spotted in recent cyberattacks that initially infected victims with the TrickBot trojan, and then eventually downloaded the Anchor backdoor malware.Read More
Official Government COVID-19 Apps Hide a Raft of Threats
Threatpost - 7 April 2020, 1:55 pm
Android apps launched for citizens in Iran, Colombia and Italy offer cyberattackers new attack vectors.Read More
Twitter warns users – Firefox might retain private messages
Naked Security - 7 April 2020, 12:11 pm
Whose fault was it – Twitter or Firefox? (It’s fixed now, to be clear.)Read More
Two schoolkids sue Google for collecting biometrics
Naked Security - 7 April 2020, 11:24 am
The suit is about biometrics and children’s privacy in Google’s education apps, which are suddenly, wildly popular now due to COVID-19.Read More
Thousands of Android apps contain undocumented backdoors, study finds
Naked Security - 7 April 2020, 10:21 am
A study has found that thousands of legitimate Android apps are taking liberties or installing with capabilities that users wouldn’t expect to exist.Read More
A Brisk Private Trade in Zero-Days Widens Their Use
Threatpost - 6 April 2020, 9:05 pm
More zero-day exploits coming up for sale by NSO Group and others is democratizing the attack vector and placing them within reach of less sophisticated attackers.Read More
Will Apple’s “microphone switch” stop your iPad getting bugged?
Naked Security - 6 April 2020, 3:23 pm
A microphone switch! What will they think of next?Read More
Rights groups appeal to governments over COVID-19 surveillance
Naked Security - 6 April 2020, 12:34 pm
Digital and human rights groups have joined in a rare worldwide appeal to governments to respect privacy when handling the COVID-19 crisis.Read More
Hackers’ forum hacked, OGUsers database dumped (again)
Naked Security - 6 April 2020, 11:12 am
A rival hacking forum has yet again hacked OGUsers and doxxed its database for one and all to grab.Read More

DHS cybersecurity agency warns of coronavirus phishing attacks
Fifth Domain - 8 April 2020, 4:55 pm
The U.S. and British governments have joined forces to warn against pandemic-themed attacks.Read More
Cyber operators deploy to the Pacific with USS America
Fifth Domain - 7 April 2020, 7:39 pm
Defensive cyber operators with the 31st Marine Expeditionary Unit embarked aboard the USS America for the first time.Read More
Don’t just put the latest cybersecurity report on a shelf because of the pandemic
Fifth Domain - 6 April 2020, 10:50 pm
A new report to Congress made roughly 75 recommendations for how the United States can better protect and defend against cyberattacks, but this list may be too much as the administration and Congress…Read More
Telework forces unexpected cybersecurity changes at TSA
Fifth Domain - 3 April 2020, 2:12 pm
The Transportation Security Administration has taken security measures to accommodate telework.Read More
What early air warfare can tell us about protecting cloud workloads
Fifth Domain - 2 April 2020, 9:11 pm
An old saying should be updated for modern warfare to read: “the hacker will always get through.” There’s no such thing as an impregnable computer defense.Read More
Agencies to get more insight into their cybersecurity posture this month
Fifth Domain - 1 April 2020, 7:55 pm
The new Continuous Diagnostics and Mitigation dashboard is set to be deployed this month.Read More
Government meeting? Work call? Virtual happy hour? How to better secure that meetup
Fifth Domain - 31 March 2020, 9:00 pm
In this age of telework, dangers continue to lurk at home in digital meetups. But there are steps you can take to ensure privacy.Read More
The most resilient organizations follow outcome-based cybersecurity
Fifth Domain - 31 March 2020, 2:15 am
Compliance-based cyber is a comforting checklist of determining a risk profile, setting controls, and measuring compliance to controls. That’s become foundational to cyber security programs, but it’s…Read More
How businesses can view the Pentagon’s new cybersecurity standards
Fifth Domain - 30 March 2020, 7:41 pm
What level of cyber hygiene makes the most sense for businesses to aspire to as part of the Cybersecurity Maturity Model Certification, the Department of Defense-mandated security framework? Here’s…Read More
Pentagon seeks to classify future year defense spending plans
Fifth Domain - 30 March 2020, 3:16 pm
The Future Year Defense Program spending projections have been unclassified since 1989.Read More
Will coronavirus stall DoD’s Silicon Valley outreach efforts?
Fifth Domain - 27 March 2020, 4:05 pm
The Pentagon has been making inroads into the Silicon Valley-based venture capital community. Will COVID-19 force them to hit pause?Read More
Commission suggests creating reserve force of civilian cybersecurity experts
Fifth Domain - 26 March 2020, 6:52 pm
A new commission suggests several changes to address the government’s cybersecurity workforce problemsRead More
Who should be responsible for critical infrastructure’s cybersecurity?
Fifth Domain - 26 March 2020, 5:34 pm
A new survey asked IT professionals who they think should be tasked with securing critical infrastructure.Read More
Should government pay the ransom from digital hijacking?
Fifth Domain - 26 March 2020, 2:45 pm
The best protection against ransomware is prevention. But when it happens, how should the government deal with it?Read More
Amid pandemic, Pentagon urges ‘hyper-vigilance’ against foreign investment
Fifth Domain - 25 March 2020, 6:17 pm
The economic situation creates “greater attack surface” for foreign investment in key American companies, a top Defense Department official warned.Read More
One senator wants vendors to ensure their internet connectivity devices are secure
Fifth Domain - 25 March 2020, 4:39 pm
The senator also called on vendors to notify users of available security updates.Read More
Amazon opposes Pentagon’s proposal to reevaluate parts of its JEDI award
Fifth Domain - 24 March 2020, 9:26 pm
Amazon Web Services said the DoD’s proposal isn’t “fair and rational.”Read More
Trump administration must produce 5G security strategy under new law
Fifth Domain - 24 March 2020, 4:10 pm
The law requires the president to send a report to Congress on how the administration will address several 5G security challenges.Read More
How to protect sensitive military information in the age of COVID-19 teleworking
Fifth Domain - 24 March 2020, 2:29 pm
On Monday, officials at the U.S. Army Test and Evaluation Command in Maryland issued guidelines for how personnel should protect information.Read More
Europe eyes smartphone location data to stem virus spread
Fifth Domain - 24 March 2020, 1:30 pm
Several European nations are evaluating powerful but potentially intrusive tools for fighting the new coronavirus pandemic, a move that could put public health at odds with individual privacy.Read More
What COVID-19 can teach us about cyber resilience
Fifth Domain - 24 March 2020, 1:40 am
COVID-19 has created increased stress on our logistic, digital, public, and financial systems and this could in fact resemble what a major cyber conflict would mean to the general public.Read More
White House urges agencies to implement new authentication methods amid telework
Fifth Domain - 23 March 2020, 8:35 pm
Extended telework could mean agencies can’t hand out new identity verification cards.Read More
Pentagon loosens cash flow for industry, more measures likely coming
Fifth Domain - 23 March 2020, 2:45 pm
Industry will be getting more cash up front to help combat the impacts of the coronavirus.Read More
Pentagon declares defense contractors ‘critical infrastructure,’ must continue work
Fifth Domain - 20 March 2020, 10:47 pm
Defense contractors need to keep working, despite the viral outbreak, the department says.Read More
The battle against disinformation is global
Fifth Domain - 20 March 2020, 3:03 pm
Disinformation-spewing online bots and trolls from halfway around the world are continuing to shape local and national debates by spreading lies online on a massive scale.Read More

Tag:

penetration testing

How To Exploit Server-Side Request Forgery Vulnerabilities & Hack Servers

By Sunny Hoi February 27, 2020

By Sunny Hoi

In this tutorial, we illustrate how a threat actor could leverage the capabilities of a web server to be the means in the attack itself.
How To Bypass Cloudflare WAF Using Command Injection Attack

By 1337pwn Staff February 16, 2020

By 1337pwn Staff

In this tutorial, we illustrate how a hacker can easily bypass Cloudflare WAF using a Command Injection attack vector that was publicly released by a security engineer.
How Hackers Can Easily Bypass XSS Filters In Web Applications

By 1337pwn Staff January 23, 2020

By 1337pwn Staff

In this tutorial, we will illustrate some of the techniques that hackers may utilize in their malicious code to easily bypass the XSS filters in web applications.
Testing Vulnerable Web Applications For Local File Inclusion, Server Side Request Forgery, Open Redirect, & Path Traversal

By Sunny Hoi November 28, 2019

By Sunny Hoi

In this tutorial, we will illustrate how to test vulnerable web applications for security vulnerabilities such as Local File Inclusion (LFI), Server Side Request Forgery (SSRF), Open Redirect, and Path Traversal.
How To Hack vBulletin v5.0.0-v5.5.4 Using Remote Code Execution Exploit

By 1337pwn Staff September 26, 2019

By 1337pwn Staff

In this tutorial, we illustrate how a hacker can exploit a Remote Code Execution (RCE) vulnerability to hack a vBulletin forum.
How To Phish Users Using HEX Encoded Links & Bypass Office 365 Advanced Threat Protection

By 1337pwn Staff September 26, 2019

By 1337pwn Staff

In this tutorial, we will analyze how potential victims are fooled by convincing phishing emails that state that servers errors are delaying message delivery. The HEX Encoding technique permits hackers to bypass Microsoft Office 365 Advanced Threat Protection.
How To Use Percent-Encoding To Bypass Secure Email Gateways

By 1337pwn Staff September 25, 2019

By 1337pwn Staff

In this tutorial, we will examine how hackers, nation-state actors, and cybercriminals use percent-encoding to deceive and bypass secure email gateways implemented by companies.
How To Hack Webmin <= 1.920 Using Metasploit & Remote Code Execution

By Sunny Hoi August 18, 2019

By Sunny Hoi

In this tutorial, we are going to show you how a hacker can replicate an unauthenticated remote code execution using this exploit. More significantly, we are going to analyze the exploit via the Metasploit module.
How Paige Adele Thompson Hacked Capital One Using A SSRF Attack

By Sunny Hoi August 15, 2019

By Sunny Hoi

In this tutorial, we will illustrate how a hacker can replicate the hacking of Capital One, in the way that Thompson did.
Enabling WordPress File Editors & Installers In wp-config.php After Hacking A Website

By Sunny Hoi August 2, 2019

By Sunny Hoi

In this tutorial, we will show you how a hacker can enable WordPress file editors & installers in wp-config.php after hacking a website, ultimately bypassing the security hardening done by the site administrator.

Load More Posts

Tentacle - A POC Vulnerability Verification And Exploit Framework
KitPloit - PenTest & Hacking Tools - 8 April 2020, 12:00 pm
Tentacle is a POC vulnerability verification and exploit framework. It…Read More
Tails 4.5 - Live System to Preserve Your Privacy and Anonymity
KitPloit - PenTest & Hacking Tools - 8 April 2020, 12:55 am
The Tails team is happy to publish Tails 4.5, the first…Read More
MSOLSpray - A Password Spraying Tool For Microsoft Online Accounts (Azure/O365)
KitPloit - PenTest & Hacking Tools - 7 April 2020, 9:30 pm
A password spraying tool for Microsoft Online accounts (Azure/O365). The…Read More
Git-Hound v1.1 - GitHound Pinpoints Exposed API Keys On GitHub Using Pattern Matching, Commit History Searching, And A Unique Result Scoring System
KitPloit - PenTest & Hacking Tools - 7 April 2020, 12:00 pm
A batch-catching, pattern-matching, patch-attacking secret snatcher.GitHound pinpoints exposed API keys…Read More
DNSteal v2.0 - DNS Exfiltration Tool For Stealthily Sending Files Over DNS Requests
KitPloit - PenTest & Hacking Tools - 6 April 2020, 10:00 pm
This is a fake DNS server that allows you to…Read More
OSSEM - Open Source Security Events Metadata
KitPloit - PenTest & Hacking Tools - 6 April 2020, 12:00 pm
The Open Source Security Events Metadata (OSSEM) is a community-led…Read More
Angrgdb - Use Angr Inside GDB - Create An Angr State From The Current Debugger State
KitPloit - PenTest & Hacking Tools - 5 April 2020, 10:30 pm
Use angr inside GDB. Create an angr state from the…Read More
SSHPry v2.0 - Spy and Control os SSH Connected client's TTY
KitPloit - PenTest & Hacking Tools - 5 April 2020, 1:30 pm
This is a second release of SSHPry tool, with multiple…Read More
HikPwn - A Simple Scanner For Hikvision Devices
KitPloit - PenTest & Hacking Tools - 4 April 2020, 9:00 pm
HikPwn, a simple scanner for Hikvision devices with basic vulnerability…Read More
Sandcastle - A Python Script For AWS S3 Bucket Enumeration
KitPloit - PenTest & Hacking Tools - 4 April 2020, 12:00 pm
Inspired by a conversation with Instacart’s @nickelser on HackerOne, I’ve…Read More

CVE-2020-11000 April 8, 2020
GreenBrowser before version 1.2 has a vulnerability where apps that rely on URL Parsing to verify that a given URL is pointing to a trust server may be susceptible to many different ways to get URL parsing and verification wrong, which allows an attacker to circumvent the access control. This problem has been patched in […]
CVE-2018-21041 April 8, 2020
An issue was discovered on Samsung mobile devices with O(8.x) software. Access to Gallery in the Secure Folder can occur without authentication. The Samsung ID is SVE-2018-13057 (December 2018).
CVE-2018-21038 April 8, 2020
An issue was discovered on Samsung mobile devices with N(7.x) software. The Secure Folder app's startup logic allows authentication bypass. The Samsung ID is SVE-2018-11628 (December 2018).
CVE-2018-21040 April 8, 2020
An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (Exynos 9810 chipsets) software. There is a race condition with a resultant use-after-free in the g2d driver. The Samsung ID is SVE-2018-12959 (December 2018).
CVE-2018-21039 April 8, 2020
An issue was discovered on Samsung mobile devices with N(7.0) software. With the Location permission for the compass feature in Quick Tools (aka QuickTools), an attacker can bypass the lockscreen. The Samsung ID is SVE-2018-12053 (December 2018).