PoC – Page 18 – WindowsTechs.com

QRLJacking: A new attack vector for hijacking online accounts

Posted on August 1, 2016 by Zeljka Zorz

We all know that scanning random QR codes is a risky proposition, but a newly detailed social engineering attack vector dubbed QRLJacking adds another risk layer to their use. Many web apps and services offer the option of using QR codes for logging into the service: chat apps like WhatsApp and Weibo, email service QQ Mail, e-commerce services like Alibaba and Aliexpress, and others. As detailed by Seekurity Labs researcher Mohamed Abdelbasset Elnouby, QRLJacking (i.e. … More → Continue reading QRLJacking: A new attack vector for hijacking online accounts→

UAC bypass attack on Windows 10 allows malicious DLL loading

Posted on July 26, 2016 by Zeljka Zorz

Security researchers Matt Graeber and Matt Nelson have discovered a way to run a malicious DLL on Windows 10 without the User Account Control (UAC) springing into action and alerting users of the potential danger. What is User Account Control (UAC)? UAC is a technology that’s meant to improve the security of the OS by preventing software – or, more importantly, malware – to run with administrative privileges unless explicitly authorized to do so by … More → Continue reading UAC bypass attack on Windows 10 allows malicious DLL loading→

BMW ConnectedDrive flaws could be misused to tamper with car settings

Posted on July 8, 2016 by Zeljka Zorz

Security researcher Benjamin Kunz Mejri has found two vulnerabilities in the BMW ConnectedDrive web portal/web application. About the vulnerabilities in BMW ConnectedDrive The first one is a client-side cross site scripting web vulnerability that could be exploited by a remote attacker without a privileged account to inject his own malicious script codes to the client-side of the affected module context. Minimal user interaction is needed for this attack to work. “Successful exploitation of the vulnerability … More → Continue reading BMW ConnectedDrive flaws could be misused to tamper with car settings→

How attackers can hijack your Facebook account

Posted on June 16, 2016 by Zeljka Zorz

Positive Technologies researchers have demonstrated that knowing a user’s phone number and how to exploit a vulnerability in the SS7 network is enough to hijack that user’s Facebook account. As demonstrated in the above video, attackers can take advantage of the social network’s password recovery functionality to make it send a one-time password via SMS to the user. In the meantime, they can exploit vulnerabilities in the SS7 network to acquire details about the victim’s … More → Continue reading How attackers can hijack your Facebook account→