- ShmooCon: LastPass design elements create perfect Phishing opportunity – www.csoonline.com
Cassidy’s presentation at ShmooCon on Saturday morning outlined a clever Phishing attack against LastPass users, which is made possible due to design elements within the password manager’s core functions.
- dnstwist – github.com
Domain name permutation engine for detecting typo squatting, phishing and corporate espionage
Recently I’ve been playing with Android’s WebView based vulnerabilities, focusing on how to exploit them using a MITM attack.
- Jailbreak iOS 8.1.2 and Analyze Related Exploits – en.wooyun.io
I wish that you could learn the process of a jailbreak, the exploits required for a jailbreak and some exploitation methods through this article.
- Hot Potato – Windows Privilege Escalation – foxglovesecurity.com
Hot Potato (aka: Potato) takes advantage of known issues in Windows to gain local privilege escalation in default configurations, namely NTLM relay (specifically HTTP->SMB relay) and NBNS spoofing.
- Serious Linux Kernel Vulnerability Patched – threatpost.com
The vulnerability affects versions 3.8 and higher, said researchers at startup Perception Point who discovered the vulnerability. The flaw also extends to two-thirds of Android devices, the company added.
- New Trojan Spies on Linux Users by Taking Screenshots and Recording Audio – news.softpedia.com
Web, a Russian antivirus maker, has detected a new threat against Linux users, the Linux.Ekocms.1 trojan, which includes special features that allow it to take screengrabs and record audio.
- Deliberately hidden backdoor account in several AMX (HARMAN Professional) devices – blog.sec-consult.com
“AMX (www.amx.com) is part of the HARMAN Professional Division, and the leading brand for the business, education, and government markets for the company. As such, AMX is dedicated to integrating AV solutions for an IT World.
- Analysis of iOS & OS X Vulnerability: CVE-2016-1722 – blog.zimperium.com
During our fuzzing attempts in effort to improve the state of security on iOS devices, we investigated one of the crashes that our fuzzer triggered. Our fuzzer was not targeting syslog code, but once we investigated the crash it led to a comprehensive review of the open-source portion of syslogd.
- Worried about cyberattacks on US power grid? Stop taking selfies at work – www.csmonitor.com
Experts warn that malicious hackers gain valuable insight when companies and employees reveal too much information on the Web – especially when they work at sensitive facilities.