The OBi200 by Obihai is a VoIP gateway for home/SOHO that integrates with Google Voice. It supports most standard VoIP features out of the box and can integrate with virtually any “bring your own device” SIP service. I purchased one earlier this year to act…

Now, finally sharing something new again, I present CertReq exfiltration! The Spark It all started one Thursday that I was on the bench with an innocuous looking tweet from subTee. He mentioned that it seemed like certreq.exe could arbitrarily POST … Continue…

As headlines about breaches increase, it becomes clear that the current IR capabilities of SIEM providers are not meeting the needs of today’s security teams

WINspect is part of a larger project for auditing different areas of Windows environments. It focuses on enumerating different parts of a...

Somewhat incredibly I am the first tech writer on the planet to break this story, but even more incredibly the FCC lets you upload any file…

Vault 7 is a series of documents and tools released by WikiLeaks, that gives information about detailed activities and capabilities of the US CIA to perform spying and cyber warfare. Today, 31 August 2017, Wikileaks

A processor is not a trusted black box for running code; on the contrary, modern x86 chips are packed full of secret instructions and hardware bugs. In this talk, we'll demonstrate how page fault analysis and some creative processor fuzzing can be used to…

A blog about general reverse engineering, security research, poking around Windows internals, and messing with the Intel x86/AMD64 architecture.

Hi,

I just discovered that there's a scenario where the Marketo Forms solution being used on www.hackerone.com can actually be abused, using a few fun techniques, to trigger an XSS in the...

Hackers are scanning the Internet for sites using Adminers. If your site uses temporary maintenance or admin noscripts, learn how you can minimize the risks.

0 points and 0 comments so far on reddit

An unknown hacker has stolen personal details of 6 million "High-Profile" Instagram account and made it available for sale on a website, called Doxagram

Whether Vendors Patch Their Products or Not, We Have Your Back by Mitja Kolsek, the 0patch Team Three days ago, Cisco Talos published a...

6 points and 1 comments so far on reddit

Researchers at FortiGaurd had discrovered a new Power Point Presentation File named "ADVANCED DIPLOMATIC PROTOCOL AND ETIQUETTE SUMMIT.ppsx" spreading via E Mail targeting UN agencies, Foreign Ministries, International Organizations, and those who interact…

While both the SYSTEM_ALERT_WINDOW and the BIND_ACCESSIBILITY_SERVICE Android permissions have been abused individually (e.g., in UI redressing attacks, accessibility attacks), previous attacks based on these permissions failed to completely control the UI…

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing…