Collaborate Disseminate
Vendors, especially in the over crowded security space, often must help buyers justify their investment. But what happens when there isn’t a real problem during the test period? This can make it difficult to properly assess. Some security ve… Continue reading Getting the Most out of a Security Product POC
TeamViewer says it has issued a hotfix to address a bug that allows users sharing a desktop session to gain control of the other’s computer without permission. Continue reading TeamViewer Rushes Fix for Permissions Bug
TeamViewer says it has issued a hotfix to address a bug that allows users sharing a desktop session to gain control of the other’s computer without permission. Continue reading TeamViewer Rushes Fix for Permissions Bug
A proof of concept attack developed by researchers target users of the development platforms for Android and Java. Continue reading Developers Targeted in ‘ParseDroid’ PoC Attack
A group of researchers from Florida International University and Bloomberg LP have created Pixie, a camera-based two-factor authentication system that could end up being a good alternative to passwords and biometrics-based 2FA options. About Pixie “Pixie authentication is based on what the user has (the trinket) and what the user knows (the particular trinket among all the other objects that the user readily has access to, angle and viewpoint used to register the trinket),” the … More → Continue reading Camera-based, single-step two-factor authentication resilient to pictionary, shoulder surfing attacks
Independent security researcher Dawid Golunski has released a proof-of-concept exploit code for an unauthenticated remote code execution vulnerability in WordPress 4.6 (CVE-2016-10033), and information about an unauthorized password reset zero-day vulnerability (CVE-2017-8295) in the latest version of the popular CMS. CVE-2016-10033 The vulnerability exists in the PHPMailer library, and can be exploited by unauthenticated remote attackers to gain access to and compromise an target application server on which a vulnerable WordPress Core version is installed … More → Continue reading WordPress admins, take note: RCE and password reset vulnerabilities revealed
Did you know that by using built-in command line tools, any user with system rights and permissions (usually a local administrator) can hijack the session of any logged-in Windows user without knowing that user’s password? He or she can perform the action if they have physical access to the target’s machine, but also remotely via Remote Desktop Protocol (RDP). The capability is not exactly secret, as it has been pointed out by a French security … More → Continue reading Hijacking Windows user sessions with built-in command line tools
A critical vulnerability in many of Ubiquiti Networks’ networking devices can be exploited by attackers to take over control of the device and, if that device acts as a router or firewall, to take over the whole network. The vulnerability The command injection flaw was found in the “pingtest_action.cgi” script and, according to SEC Consult’s Thomas Weber (the researcher who unearthed it in November 2016), one of the reason behind the vulnerability is that the … More → Continue reading Unpatched flaw opens Ubiquiti Networks devices to compromise
A generic wireless camera manufactured by a Chinese company and sold around the world under different names and brands can be easily hijacked and/or roped into a botnet. The flaw that allows this to happen is found in a custom version of GoAhead, a lightweight embedded web server that has been fitted into the devices. This and other vulnerabilities have been found by security researcher Pierre Kim, who tested one of the branded cameras – … More → Continue reading 185,000+ vulnerable Wi-Fi cameras just waiting to be hijacked
Western Digital My Cloud NAS devices have again been found wanting in the security department, as two set of researchers have revealed a number of serious flaws in the devices’ firmware. WD My Cloud is meant to be a private cloud environment hosted at home or at a small organization’s office, and can be accessed either from a desktop located on the same network or remotely, with a smartphone, from wherever else in the world. … More → Continue reading Western Digital My Cloud NAS devices wide open to attackers