Introduction

KringleCon is a virtual conference for security-minded people and hackers from around the world, hosted by Santa and his team at the North Pole mid-December, 2018. Santa's goal for KringleCon is to help improve the state of cyber security world-wide, protecting…

Facebook is having to yet again apologise for another flaw which affects millions of their users - this time exposing unpublished, private photos...

We analyzed samples of EMOTET, URSNIF, DRIDEX and BitPaymer and found similar payload loaders and internal data structures, possibly implying that these different groups are familiar with and are working closely together.

# Happy 16shop hunting ## What is 16shop? 16shop is an infamous phishing kit targets Apple users.

Windows Sandbox is a new lightweight desktop environment tailored for safely running applications in isolation.   How many times have you downloaded an executable file, but were afraid to run it? Have you ever been in a situation which required a clean installation…

Discover our new RDP man-in-the-middle tool. It features clipboard and file stealing, as well as the ability to see connections live or after the fact.

Microservices written in Golang versions earlier than 1.10.6 and 1.11.3 using mutual TLS authentication are vulnerable to CPU denial of service (DoS) attack

keybase-redirector is a setuid root binary. keybase-redirector calls the fusermount binary using a relative path and the application trusts the value of $PATH. This allows a local, unprivileged...

Introduction So first of all I know that there are many tutorials published about buffer overflow and binary exploitation but I decided to write this article because most of these tutorials and articles don’t really talk about the basic fundmentals needed…

2 votes and 0 comments so far on Reddit

Microsoft has released an out-of-band security update that fixes an actively exploited vulnerability in Internet Explorer.  This vulnerability has been assigned ID CVE-2018-8653 and was discovered by Google's Threat Analysis Group when they saw the vulnerability being…

It's the C version of https://github.com/mthbernardes/sshLooter - mthbernardes/sshLooterC

3 votes and 3 comments so far on Reddit

In this article, I would like to share a remote code execution vulnerability details of MailCleaner Community Edition product. Advisory Informations Remotely Exploitable: YesAuthentication Required: NOVendor URL: https://www.mailcleaner.net/Date of found: 19…

Due to an internal error, Amazon recently sent 1,700 Alexa voice files to an unauthorized customer. German computer magazine c't details what happened.

Amazon's Ring dominates the growing video doorbell market. But little is known about the company's secretive R&D lab in Kiev, Ukraine. Here's the story of how customer video footage is sent there for image recognition purposes, despite internal concerns.…

14 votes and 2 comments so far on Reddit