Collaborate Disseminate
A high-severity vulnerability affecting Cisco ASA and Firepower security appliances is being exploited in the wild after an exploit has been released online on Friday. “Cisco PSIRT has become aware of a public proof-of-concept exploit and is awar… Continue reading Cisco ASA and Firepower flaw exploited in the wild
How soon will we see our home, office or industrial robots being hijacked and held ransom by attackers? If they dedicate their efforts to research, that day may come sooner rather than later. Attack demonstration IOActive researchers Lucas Apa and Cesa… Continue reading Robots hijacked by ransomware may soon become a reality
A flaw in the widely used Hotspot Shield VPN utility can be exploited by attackers to obtain sensitive information that could be used to discover users’ location and, possibly and ultimately, their real-world identity. About the vulnerability Acc… Continue reading Hotspot Shield VPN flaw can betray users’ location
Vendors, especially in the over crowded security space, often must help buyers justify their investment. But what happens when there isn’t a real problem during the test period? This can make it difficult to properly assess. Some security ve… Continue reading Getting the Most out of a Security Product POC
TeamViewer says it has issued a hotfix to address a bug that allows users sharing a desktop session to gain control of the other’s computer without permission. Continue reading TeamViewer Rushes Fix for Permissions Bug
TeamViewer says it has issued a hotfix to address a bug that allows users sharing a desktop session to gain control of the other’s computer without permission. Continue reading TeamViewer Rushes Fix for Permissions Bug
A proof of concept attack developed by researchers target users of the development platforms for Android and Java. Continue reading Developers Targeted in ‘ParseDroid’ PoC Attack
A group of researchers from Florida International University and Bloomberg LP have created Pixie, a camera-based two-factor authentication system that could end up being a good alternative to passwords and biometrics-based 2FA options. About Pixie “Pixie authentication is based on what the user has (the trinket) and what the user knows (the particular trinket among all the other objects that the user readily has access to, angle and viewpoint used to register the trinket),” the … More → Continue reading Camera-based, single-step two-factor authentication resilient to pictionary, shoulder surfing attacks
Independent security researcher Dawid Golunski has released a proof-of-concept exploit code for an unauthenticated remote code execution vulnerability in WordPress 4.6 (CVE-2016-10033), and information about an unauthorized password reset zero-day vulnerability (CVE-2017-8295) in the latest version of the popular CMS. CVE-2016-10033 The vulnerability exists in the PHPMailer library, and can be exploited by unauthenticated remote attackers to gain access to and compromise an target application server on which a vulnerable WordPress Core version is installed … More → Continue reading WordPress admins, take note: RCE and password reset vulnerabilities revealed
Did you know that by using built-in command line tools, any user with system rights and permissions (usually a local administrator) can hijack the session of any logged-in Windows user without knowing that user’s password? He or she can perform the action if they have physical access to the target’s machine, but also remotely via Remote Desktop Protocol (RDP). The capability is not exactly secret, as it has been pointed out by a French security … More → Continue reading Hijacking Windows user sessions with built-in command line tools