Tools
- SpiderFoot 2.0.4 released, new module, improvements and bug fixes – spiderfoot.net
- Kautilya 0.4.4 – dump lsa secrets, introduce vulns, improved backdoors and more –labofapenetrationtester.com
Here comes Kautilya 0.4.4. This version adds three new payloads and improves couple of others. - Owasp Broken Web Applications Project VM v1.1 Released – sourceforge.net
Looking for the latest version? Download OWASP_Broken_Web_Apps_VM_1.1.7z.
Techniques
- Porting Existing Security Tools To IronWASP Modules – blog.gdssecurity.com
IronWASP is a high-extendable open source system for web application vulnerability testing. In this blog post Manish Saindane is going to walk through the process of porting existing security tools (with available source code) into IronWASP modules. - Finding Executable Hijacking Opportunities – carnal0wnage.attackresearch.com
DLL Hijacking is nothing new and there are a number of ways to find the issue, but the best way Rob Fuller has found is a bit more forceful method using a network share. See the step by step technique. - IKEEXT Windows Local Privilege Escalation – rewtdance.blogspot.com
High-Tech Bridge posted a notification of an issue affecting Vista to 2008 (the service exists in Windows 8 but rewt dance hadn’t checked it) which leads to a Local Privilege Escalation to System. - The Router Review: From nmap to firmware – codeinsecurity.wordpress.com
The point of this blog post was to show just how much information you can dig out of a device without even touching it with a screwdriver, or opening a manual. Keep in mind that the techniques the author Graham Sutherland shown here should apply to many routers and other small embedded devices.
Vulnerabilities
- Delete any Photo from Facebook by Exploiting Support Dashboard – arulxtronix.blogspot.in
Arul Kumar shared one of Critical Bug in facebook which leads to delete any photo from facebook without user interaction. Facebook Fixed the bug Fully and rewarded Arul for finding this critical bug.
Other News
- The body-worn “IMSI catcher” for all your covert phone snooping needs – arstechnica.com
Recently leaked brochures advertising next generation spy devices give outsiders a glimpse into the high-tech world of government surveillance. And one of the most tantalizing of the must-have gizmos available from a company called GammaGroup is a body-worn device that surreptitiously captures the unique identifier used by cell phones. - 30,000 Web Sites Hacked A Day. How Do You Host Yours? – forbes.com
Today the cyber criminals mostly use websites to distribute their nasty code. On average 30,000 new websites are identified every day distributing malicious code to any users passing by.You might be one of them. James Lyne has given some tips to protect your website. - Over 10% of Alexa TOP Million Websites Found Not Safe – Infographic Report – blog.sucuri.net
Sucuri Lab scan a lot of websites per day. Through their daily work they see all sizes and types of websites compromised, blacklisted, and filled with various security issues. But, they don’t often aggregate the results to provide a public report of what they are seeing.They have put together a cool infographic tallying up all the numbers. - NSA has cracked encryption protecting your bank account, Gmail, and smartphone – digitaltrends.com
Encryption technologies used across the Web to keep transactions protected from snoops of all kinds, have been cracked by government-owned supercomputers. Through their decryption program, codenamed “Bullrun,” NSA and U.K. Counterpart GCHQ has also compromised virtual private networks (VPNs) and encryption used to protect 4G wireless signals.- Revealed: The NSA’s Secret Campaign to Crack, Undermine Internet Security – propublica.org
- N.S.A. Able to Foil Basic Safeguards of Privacy on Web – nytimes.com
- Revealed: how US and UK spy agencies defeat internet privacy and security – theguardian.com
Leave A Comment