Resources
- BSides Cleveland 2014 Videos – irongeek.com
These are the videos from the Bsides Cleveland conference. You can watch and download the videos from here. - Dispelling Confusion and Myths: iOS Proof-of-Concept – zdziarski.com
A quick POC demonstrating how File Relay and other services can be abused to dump a significant amount of personal data from an iOS device wirelessly, and bypassing user backup encryption.- iOS File Relay POC – youtube.com
A quick POC demonstrating how File Relay and other services can be abused to dump a significant amount of personal data from an iOS device wirelessly, and bypassing user backup encryption.
- iOS File Relay POC – youtube.com
Tools
- New Tool: web2intel – github.com
web2intel is a script to fetch malicious domain and URL lists from sites that publish RSS feeds or raw HTML pages. download the associated files from here. - [joern-users] Version 0.3 released! – listserv.gwdg.de
Joern-0.3 has just been released! This release fixes bugs and introduces a lot of new code analysis tools in joern-tools. You can download the new version here.Techniques
- Proxmark Low Frequency HOWTO – hackerwarehouse.com
In this post, Hacker warehouse is going to review the update procedure just in case you want a little refresh on this and then They’re going to move into the world of Low Frequency RFID, sniffing, cloning, emulating, EM4X tags, and the fabulous T55x7 card. - Upload a web.config File for Fun & Profit – soroush.secproject.com
The web.config file plays an important role in storing IIS7 (and higher) settings. It is very similar to a .htaccess file in Apache web server. Uploading a .htaccess file to bypass protections around the uploaded files is a known technique.
Vulnerabilities
- Mass exploit of WordPress plugin backdoors sites running Joomla, Magento, too – arstechnica.com As many as 50,000 websites have been remotely commandeered by attackers exploiting a recently patched vulnerability in a popular plugin for the WordPress content management system, security researchers said Wednesday.
- European Central Bank suffers security breach, personal data stolen – www.vupen.com
In this blog, Vupen research team share their exploitation technique to achieve a reliable VM escape on a 64bit Windows 8 host using just one vulnerability (CVE-2014-0983), and without crashing the VirtualBox process (aka process continuation).
Other News
- Ars editor learns feds have his old IP addresses, full credit card numbers – arstechnica.com
The 76 new pages of data, covering 2005 through 2013, show that CBP retains massive amounts of data on us when we travel internationally. - How Thieves Can Hack and Disable Your Home Alarm System – wired.com
Two researchers say that top-selling home alarm setups can be easily subverted to either suppress the alarms or create multiple false alarms that would render them unreliable. - Hackers Find Way to Outwit Tough Security at Banking Sites – bits.blogs.nytimes.com
Researchers at the computer security company Trend Micro have named a new attack on online banking Emmental. Why? Like the Swiss cheese, the researchers said, online banking protections may be “full of holes.” - Content Security Policy Mitigates XSS, Breaks Websites – threatpost.com
Content Security Policy (CSP) is an effective, browser-based deterrent against cross-site scripting attacks. Despite this, the vast majority of websites do not deploy the standard, and the majority of those that do, deploy it improperly.
- Proxmark Low Frequency HOWTO – hackerwarehouse.com
Leave A Comment