PoC – Page 16 – WindowsTechs.com

Malicious macros can trigger RCE in LibreOffice, OpenOffice

Posted on February 7, 2019 by Zeljka Zorz

Achieving remote code execution on systems running LibreOffice or Apache OpenOffice might be as easy as tricking users into opening a malicious ODT (OpenDocument) file and moving their mouse over it, a security researcher has found. About CVE-2018-1685… Continue reading Malicious macros can trigger RCE in LibreOffice, OpenOffice→

The problem with vulnerable IoT companion apps

Posted on February 7, 2019 by Zeljka Zorz

There’s no shortage of exploitable security holes in widely used Internet of Things devices, so it shouldn’t come as a surprise that the communication between many of those devices and their companion apps is not encrypted. The research A g… Continue reading The problem with vulnerable IoT companion apps→

Researcher Releases Jailbreak PoC for iOS 12 on iPhone X

Posted on January 25, 2019 by Filip Truta

After tinkering with the latest iteration of Apple’s mobile operating system, a Chinese researcher has published a proof-of-concept of what he claims is a working exploit that can jailbreak iOS 12 on an iPhone X – and remotely, at that. Cri… Continue reading Researcher Releases Jailbreak PoC for iOS 12 on iPhone X→

Researcher releases PoC for Windows VCF file RCE vulnerability

Posted on January 16, 2019 by Zeljka Zorz

A vulnerability that exists in the way Windows processes VCard files (.vcf) can be exploited by remote attackers to achieve execute arbitrary code on vulnerable systems, security researcher John Page has shared. What’s a VCard? VCF is a standard … Continue reading Researcher releases PoC for Windows VCF file RCE vulnerability→

Serverless botnets could soon become reality

Posted on October 23, 2018 by Zeljka Zorz

We have been accustomed to think about botnets as a network of compromised machines – personal devices, IoT devices, servers – waiting for their masters’ orders to begin their attack, but Protego researchers say that many compromised … Continue reading Serverless botnets could soon become reality→

PoC exploit for Windows Shell RCE released

Posted on October 12, 2018 by Zeljka Zorz

Here’s one more reason to hurry with the implementation of the latest Microsoft patches: a PoC exploit for a remote code execution vulnerability that can be exploited via Microsoft Edge has been published and can be easily adapted by attackers. A… Continue reading PoC exploit for Windows Shell RCE released→

How Do You Establish Credibility?

Posted on October 2, 2018 by Jane Grafton

Earlier this month, we met with our Executive Advisory Board. These are seasoned Chief Information Security Officers commanding enterprise security teams in various industries. In short, they are incredibly smart leaders who know exactly who they are a… Continue reading How Do You Establish Credibility?→

Windows zero-day flaw and PoC unveiled via Twitter

Posted on August 28, 2018 by Zeljka Zorz

A Windows zero-day local privilege escalation flaw and a Proof-of-Concept exploit for it have been revealed on Monday by someone who goes by SandboxEscaper on Twitter. The user in question deleted the account soon after, but not before sharp-eyed secur… Continue reading Windows zero-day flaw and PoC unveiled via Twitter→

PoC exploit for critical Apache Struts flaw found online

Posted on August 27, 2018 by Zeljka Zorz

The Apache Software Foundation revealed last week the existence of a critical Apache Struts flaw (CVE-2018-11776) similar to the one exploited in the Equifax breach and urged organizations and developers to upgrade their installations to versions 2.3.3… Continue reading PoC exploit for critical Apache Struts flaw found online→

PoC Code Surfaces to Exploit Apache Struts 2 Vulnerability

Posted on August 24, 2018 by Tom Spring

Researchers find proof-of-concept code that can take advantage of the recently identified Apache Struts framework (CVE-2018-11776) vulnerability. Continue reading PoC Code Surfaces to Exploit Apache Struts 2 Vulnerability→