Server-Side Spreadsheet Injection - Formula Injection to Remote Code Execution
https://ift.tt/2t7qkNa
Submitted June 14, 2018 at 08:31PM by theBumbleSec
via reddit https://ift.tt/2JBtmUZ
https://ift.tt/2t7qkNa
Submitted June 14, 2018 at 08:31PM by theBumbleSec
via reddit https://ift.tt/2JBtmUZ
Bishop Fox
Server-Side Spreadsheet Injection - Formula Injection to Remote Code Execution - Bishop Fox
Bishop Fox's Jake Miller explains server-side spreadsheet injection, an attack vector based on CSV injection, in this technical write-up based off his Empire Hacking Meetup presentation.
Android Malware Worm that mines Cryptocurrency is infecting Amazon Fire TV and Fire TV Stick devices
https://ift.tt/2HFbT8x
Submitted June 15, 2018 at 07:15AM by Prav123
via reddit https://ift.tt/2JPy1lJ
https://ift.tt/2HFbT8x
Submitted June 15, 2018 at 07:15AM by Prav123
via reddit https://ift.tt/2JPy1lJ
AFTVnews
Android Malware Worm that mines Cryptocurrency is infecting Amazon Fire TV and Fire TV Stick devices
An Android virus, specifically a malware worm variant, has been spreading across Android devices and has started appearing on Amazon Fire TVs and Fire TV Sticks. The worm is not specifically targeting Fire TV devices, but they are vulnerable because of their…
Revised Emotet Downloader - A Technical Analysis
https://ift.tt/2Mr9YrD
Submitted June 15, 2018 at 06:49AM by RookieJoey
via reddit https://ift.tt/2t6D0E8
https://ift.tt/2Mr9YrD
Submitted June 15, 2018 at 06:49AM by RookieJoey
via reddit https://ift.tt/2t6D0E8
0ffset
Post 0x10: A Revised Emotet Downloader
You may remember I wrote a post where I took apart an Emotet Downloader that used Macros and Powershell commands to download Emotet from compromised websites. Well they’ve revised how their d…
Zabbix Threat Control: Transform your monitoring into vulnerability assessment system. "Fix it!" button included. #sorrynessus
https://ift.tt/2tbML3I
Submitted June 15, 2018 at 02:47PM by isox_xx
via reddit https://ift.tt/2yco795
https://ift.tt/2tbML3I
Submitted June 15, 2018 at 02:47PM by isox_xx
via reddit https://ift.tt/2yco795
GitHub
vulnersCom/zabbix-threat-control
zabbix-threat-control - Zabbix vulnerability assessment plugin
Firebird Security Patch: Replacement of use of SHA-1 in the SRP Client Proof with SHA-256
https://ift.tt/2LSp88b
Submitted June 15, 2018 at 03:05PM by mariuz
via reddit https://ift.tt/2yaiKqZ
https://ift.tt/2LSp88b
Submitted June 15, 2018 at 03:05PM by mariuz
via reddit https://ift.tt/2yaiKqZ
reddit
r/netsec - Firebird Security Patch: Replacement of use of SHA-1 in the SRP Client Proof with SHA-256
2 votes and 0 so far on reddit
Creating signed and customized backdoored macOS applications
https://ift.tt/2MsW6Np
Submitted June 15, 2018 at 05:22PM by wootock
via reddit https://ift.tt/2sYQZN8
https://ift.tt/2MsW6Np
Submitted June 15, 2018 at 05:22PM by wootock
via reddit https://ift.tt/2sYQZN8
Medium
Response to
This post will show you the steps necessary to embed an Empire payload within a trusted PKG installer, using Apple’s own Developer Tools…
Betabot still alive with multi-stage packing
https://ift.tt/2LTIeec
Submitted June 15, 2018 at 09:32PM by Mysterii8
via reddit https://ift.tt/2t7r5Ws
https://ift.tt/2LTIeec
Submitted June 15, 2018 at 09:32PM by Mysterii8
via reddit https://ift.tt/2t7r5Ws
Medium
Betabot still alive with multi-stage packing.
This analysis was done in cooperation with Thomas (@securityimpacts). Check out his blog, he does awesome stuff there securityimpact.net
510 Million Password Hashes in 1GB of RAM
https://ift.tt/2yiudoC
Submitted June 15, 2018 at 10:10PM by woobeewho
via reddit https://ift.tt/2JGsvTc
https://ift.tt/2yiudoC
Submitted June 15, 2018 at 10:10PM by woobeewho
via reddit https://ift.tt/2JGsvTc
Totally Pwning the Tapplock Smart Lock (the API way)
https://ift.tt/2HRSPnr
Submitted June 15, 2018 at 10:42PM by soullessredhead
via reddit https://ift.tt/2LSbiTf
https://ift.tt/2HRSPnr
Submitted June 15, 2018 at 10:42PM by soullessredhead
via reddit https://ift.tt/2LSbiTf
Medium
Totally Pwning the Tapplock Smart Lock (the API way)
tl:dr: Tapplocks api endpoints had no security checks other than a valid token to access any data.This
Who's up for BeanSec next Wednesday 6/20? (NetSec meetup in Cambridge, MA)
https://ift.tt/2JHTo9l
Submitted June 15, 2018 at 11:45PM by Kv603
via reddit https://ift.tt/2JRlbQu
https://ift.tt/2JHTo9l
Submitted June 15, 2018 at 11:45PM by Kv603
via reddit https://ift.tt/2JRlbQu
reddit
r/boston - Who's up for BeanSec next week? (6/20, Free NetSec meetup in Cambridge)
2 votes and 0 so far on reddit
MysteryBot; a new Android banking Trojan ready for Android 7 and 8
https://ift.tt/2sZiPsn
Submitted June 16, 2018 at 01:41AM by EvanConover
via reddit https://ift.tt/2HWeLhc
https://ift.tt/2sZiPsn
Submitted June 16, 2018 at 01:41AM by EvanConover
via reddit https://ift.tt/2HWeLhc
Threatfabric
MysteryBot; a new Android banking Trojan ready for Android 7 and 8
New Android banking Trojan and ransomware MysteryBot has been successful in finding a way to log user keystrokes on Android 7 and 8.
Show r/netsec: Reflected Client XSS at Amazon.com
https://ift.tt/2yccL4M
Submitted June 15, 2018 at 10:39PM by MeProtozoan
via reddit https://ift.tt/2tgpo9A
https://ift.tt/2yccL4M
Submitted June 15, 2018 at 10:39PM by MeProtozoan
via reddit https://ift.tt/2tgpo9A
Medium
Reflected Client XSS at Amazon.com
Bug that allows to steal cookies from all Amazon domains and redirect visitors to a phishing login screen.
A runtime mobile application analysis toolkit with a Web GUI, powered by Frida, written in Python.
https://ift.tt/2MtV3Ni
Submitted June 15, 2018 at 10:52PM by 0x90_n0ps
via reddit https://ift.tt/2JFKWY1
https://ift.tt/2MtV3Ni
Submitted June 15, 2018 at 10:52PM by 0x90_n0ps
via reddit https://ift.tt/2JFKWY1
GitHub
GitHub - nccgroup/house: A runtime mobile application analysis toolkit with a Web GUI, powered by Frida, written in Python.
A runtime mobile application analysis toolkit with a Web GUI, powered by Frida, written in Python. - GitHub - nccgroup/house: A runtime mobile application analysis toolkit with a Web GUI, powered b...
Open Source Plugin for Kubernetes Security
https://ift.tt/2HQy6QW
Submitted June 16, 2018 at 01:09AM by Simple_End
via reddit https://ift.tt/2LTs04D
https://ift.tt/2HQy6QW
Submitted June 16, 2018 at 01:09AM by Simple_End
via reddit https://ift.tt/2LTs04D
GitHub
octarinesec/kubectl-rbac
Contribute to kubectl-rbac development by creating an account on GitHub.
Microsoft COM for Windows Remote Code Execution Vulnerability (CVE-2018-0824) Analysis and PoC
https://ift.tt/2HTGIq2
Submitted June 15, 2018 at 09:41PM by 0xdea
via reddit https://ift.tt/2t6Rg0D
https://ift.tt/2HTGIq2
Submitted June 15, 2018 at 09:41PM by 0xdea
via reddit https://ift.tt/2t6Rg0D
Blogspot
Marshalling to SYSTEM - An analysis of CVE-2018-0824
In May 2018 Microsoft patched an interesting vulnerability ( CVE-2018-0824 ) which was reported by Nicolas Joly of Microsoft's MSRC: A rem...
” Database hacked of India’s Popular Sports company”-Bypassing Host Header to SQL injection to dumping Database — An unusual case of SQL injection
https://ift.tt/2t0rT0l
Submitted June 15, 2018 at 06:03PM by security_blogs
via reddit https://ift.tt/2tbrF5H
https://ift.tt/2t0rT0l
Submitted June 15, 2018 at 06:03PM by security_blogs
via reddit https://ift.tt/2tbrF5H
Blogspot
#BugBounty —” Database hacked of India’s Popular Sports company”-Bypassing Host Header to SQL injection to dumping Database — An…
Hi Guys, One more interesting blog , one more interesting vulnerability that I managed to found out during my bugbounty hunt and it comes...
Another way to pwn the Tapplock Smart Lock (the API way)
https://ift.tt/2HRSPnr
Submitted June 16, 2018 at 02:11AM by RookieJoey
via reddit https://ift.tt/2tcNqBZ
https://ift.tt/2HRSPnr
Submitted June 16, 2018 at 02:11AM by RookieJoey
via reddit https://ift.tt/2tcNqBZ
Medium
Totally Pwning the Tapplock Smart Lock (the API way)
tl:dr: Tapplocks api endpoints had no security checks other than a valid token to access any data.This
Taking Over Kubernetes Cluster Without RBAC
https://ift.tt/2lfjlOO
Submitted June 16, 2018 at 02:54AM by jekapats
via reddit https://ift.tt/2yfcxKx
https://ift.tt/2lfjlOO
Submitted June 16, 2018 at 02:54AM by jekapats
via reddit https://ift.tt/2yfcxKx
GitHub
octarinesec/kubectl-rbac
Contribute to kubectl-rbac development by creating an account on GitHub.
Prevent Kubernetes Cluster Takeover with Kubectl RBAC Plugin
https://ift.tt/2HQy6QW
Submitted June 16, 2018 at 06:48PM by jekapats
via reddit https://ift.tt/2HTrh1b
https://ift.tt/2HQy6QW
Submitted June 16, 2018 at 06:48PM by jekapats
via reddit https://ift.tt/2HTrh1b
GitHub
octarinesec/kubectl-rbac
Contribute to kubectl-rbac development by creating an account on GitHub.
SafeSpec: Banishing the Spectre of a Meltdown with Leakage-Free Speculation
https://ift.tt/2HWlnfx
Submitted June 16, 2018 at 06:25PM by mttd
via reddit https://ift.tt/2JOW8xn
https://ift.tt/2HWlnfx
Submitted June 16, 2018 at 06:25PM by mttd
via reddit https://ift.tt/2JOW8xn
reddit
SafeSpec: Banishing the Spectre of a Meltdown with... • r/netsec
5 points and 0 comments so far on reddit
SafeSpec: Banishing the Spectre of a Meltdown with Leakage-Free Speculation [PDF Paper]
https://ift.tt/2JKy42K
Submitted June 16, 2018 at 11:16PM by Scene_News
via reddit https://ift.tt/2yg8BsD
https://ift.tt/2JKy42K
Submitted June 16, 2018 at 11:16PM by Scene_News
via reddit https://ift.tt/2yg8BsD
reddit
r/netsec - SafeSpec: Banishing the Spectre of a Meltdown with Leakage-Free Speculation [PDF Paper]
3 votes and 0 so far on reddit