DNS Data Exfiltration: The obvious problem with a detection approach that relies on reaching a certain threshold of traffic is that avoiding detection is as simple as slowing down the rate you send data.  For the user that is trying to use the DNS tunnel for an interactive experience, this isn’t practical.  However, if the […]

Google Online Security Blog: New Research: Encouraging trends and emerging threats in email security: We’re constantly working to help make email more secure for everyone. These efforts are reflected in security protections like default HTTPS in Gmail as well as our Safer Email Transparency report, which includes information about email security beyond just Gmail. To […]

Hospital Gear Could Save Your Life Or Hack Your Identity: In the spring of 2014, Rios typed up his findings and sent them to the Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). In his report, he listed the vulnerabilities he had found and suggested that Hospira conduct further analysis to […]

Incredible! Someone Just Hacked 10,000 Routers to Make them More Secure: Reportedly, someone is hacking thousands unprotected Wi-Fi routers everywhere and apparently forcing owners to make them more Secure. Security firm Symantec has discovered a new malware, dubbed “Linux.Wifatch” a.k.a “Ifwatch,” infected more than 10,000 vulnerable ‘Internet of Things’ devices, and spreading quickly. However, Linux.Wifatch […]

Bypassing Windows Security by modifying 1 Bit Only: Among several vulnerabilities, Microsoft on Tuesday patched a critical vulnerability that could be exploited by hackers to bypass security measures on all versions of Windows operating systems from XP to Windows 10, just by modifying a single bit. The local privilege escalation vulnerability (CVE-2015-0057) could give attackers […]

40,000 UnProtected MongoDB Databases Found on the Internet: Nearly 40,000 organisations running MongoDB, a NoSQL high performance and cross-platform document-oriented database, are found to be unprotected and vulnerable to hackers. Three students from University of Saarland in Germany at the Centre for IT Security – Kai Greshake, Eric Petryka and Jens Heyens – discovered that […]

Major Internet Explorer Vulnerability: Universal Cross Site Scripting(XSS) with Same Origin Policy (SOP) bypass. Attackers can steal anything from another domain, and inject anything into another domain. Working on Internet Explorer 11 Windows 7. seclists.org/fulldisclosure/2015/Feb/0 http://www.deusen.co.uk/items/insider3show.3362009741042107/ <iframe style=”display:none;” width=300 height=300 id=i name=i src=”1.php”></iframe><br> <iframe width=300 height=100 frameBorder=0 src=”http://www.dailymail.co.uk/robots.txt”></iframe><br> <script> function go() { w=window.frames[0]; w.setTimeout(“alert(eval(‘x=top.frames[1];r=confirm(\\’Close this window […]

Bug 1183461: A heap-based buffer overflow was found in __nss_hostname_digits_dots(), which is used by the gethostbyname() and gethostbyname2() glibc function call. A remote attacker could use this flaw to execute arbitary code with the permissions of the user running the application. https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-0235 http://www.frsag.org/pipermail/frsag/2015-January/005722.html https://sourceware.org/git/?p=glibc.git;a=commit;h=d5dd6189d506068ed11c8bfa1e1e9bffde04decd

Google Drive Information Leak: Google drive leaks the full name of a target email address when said email address is associated with an uploaded file. The full name is displayed whether or not the target has made that information publicly accessible by creating a google plus account. In some cases, full name disclosure isn’t limited […]

Bypassing OpenSSL Certificate Pinning in iOS Apps: When mobile applications communicate with an API or web service, this should generally happen via TLS/SSL (e.g., HTTPS). In order to verify the identity of the server and to prevent man-in-the-middle attacks, TLS relies on certificates which prove the identity of the web server. Browsers and mobile operating […]