Dec. 2, 2020
Earlier this year, Apple patched one of the most breathtaking iPhone vulnerabilities ever: a memory corruption bug in the iOS kernel that gave attackers remote access to the entire device—over Wi-Fi, with no user interaction required at all. Oh, and exploits were wormable—meaning radio-proximity exploits could spread from one nearby device to another, once again, with no user interaction needed. This Wi-Fi packet of death exploit was devised by Ian Beer, a researcher at Project Zero, Google’s vulnerability research arm.
Jan. 23, 2020
Motherboard has obtained the report made by FTI Consulting into how Crown Prince Mohammad Bin Salman allegedly hacked Amazon CEO Jeff Bezos’s phone. A report investigating the potential hack of Jeff Bezos’ iPhone indicates that forensic investigators found a suspicious file but no evidence of any malware on the phone. It also says that investigators had to reset Bezos’s iTunes backup password because investigators didn’t have it to access the backup of his phone.
Jan. 23, 2020
The United Nations is at odds with the world’s most notorious spyware company over an age-old question: Who built the tech that hacked Amazon CEO Jeff Bezos’s cell phone, allegedly by sending him a poisoned WhatsApp message from the Crown Prince of Saudi Arabia? Bezos has a conflicted relationship with the Saudi royal family. As the owner of the Washington Post, he’s called for justice for Khashoggi, who wrote for the paper, and who was assassinated by Saudi agents the CIA believes were acting on bin Salman’s orders, though bin Salman denies involvement.
May. 15, 2018
Late in March 2018, ESET researchers identified an interesting malicious PDF sample. A closer look revealed that the sample exploits two previously unknown vulnerabilities: a remote-code execution vulnerability in Adobe Reader and a privilege escalation vulnerability in Microsoft Windows. The use of the combined vulnerabilities is extremely powerful, as it allows an attacker to execute arbitrary code with the highest possible privileges on the vulnerable target, and with only the most minimal of user interaction.
May. 10, 2018
For the first time, researchers have exploited the Rowhammer memory-chip weakness using nothing more than network packets sent over a local area network. The advance is likely to further lower the bar for triggering bit flips that change critical pieces of data stored on vulnerable computers and servers. Until now, Rowhammer exploits had to execute code on targeted machines.
May. 10, 2018
Within just 10 days of the disclosure of two critical vulnerabilities in GPON router at least 5 botnet families have been found exploiting the flaws to build an army of million devices. Security researchers from Chinese-based cybersecurity firm Qihoo 360 Netlab have spotted 5 botnet families, including Mettle, Muhstik, Mirai, Hajime, and Satori, making use of the GPON exploit in the wild. As detailed in our previous post, Gigabit-capable Passive Optical Network (GPON) routers manufacturer by South Korea-based DASAN Zhone Solutions have been found vulnerable to an authentication bypass (CVE-2018-10561) and a root-RCE (CVE-2018-10562) flaws that eventually allow remote attackers to take full control of the device.
May. 10, 2018
It’s been a year since the WannaCryptor. D ransomware (aka WannaCry and WCrypt) caused one of the largest cyber-disruptions the world has ever seen. And while the threat itself is no longer wreaking havoc around the world, the exploit that enabled the outbreak, known as EternalBlue, is still threatening unpatched and unprotected systems.
And as ESET’s telemetry data shows, its popularity has been growing over the past few months and a recent spike even surpassed the greatest peaks from 2017.
Apr. 30, 2018
In one video uploaded to Vimeo, Gleg shows an exploit being used against a hospital health information management system (HHIMS). A list of MedPack updates includes a zero-day to replace files in a piece of software from a company called MediTEX. MediTEX makes scheduling software as well as a platform for documenting therapy and quality assurance for reproductive medicine, according to the company’s website.
Apr. 19, 2018
An arbitrary file write vulnerability is where a user can create or modify a file in a location they could not normally access. This might be due to a privileged service incorrectly sanitizing information passed by the user or due to a symbolic link planting attack where the user can write a link into a location which is subsequently used by the privileged service. The ideal vulnerability is one where the attacking user not only controls the location of the file being written but also the entire contents.
Mar. 10, 2018
Facebook has a GraphQL endpoint which can only be used by some of their own first-party applications. Generally, you need a user (or page) access_token to query the GraphQL endpoint.
I have decided to try using Facebook for Android application’s client token, but the endpoint returned an error message:
Source: josipfranjkovic.com
Mar. 5, 2018
One of the coolest things about Chrome is the silent, automatic updates that always ensure that users are always running the latest version. While Chrome itself is updated automatically by Google, that update process also includes Chrome’s extensions, which are updated by the extension owners. This means that it’s up to the user to decide if the owner of an extension is trustworthy or not, since you are basically giving them permission to push new code out to your browser whenever they feel like it.
Mar. 3, 2018
Developers of Ethereum, the world’s No. 2 digital currency by market capitalization, have closed a serious security hole that allowed virtually anyone with an Internet connection to manipulate individual users’ access to the publicly accessible ledger.
Source: arstechnica.com
Mar. 3, 2018
The proof of concept for this exploit can be found on the Chromium bug page. This bug was reported by lokihardt from Google Project Zer0. The bug can be found in Element::setAttributeNodeNS().
Let’s take a look at a code snippet:
Source: github.com
Mar. 3, 2018
Often, the best way to get something is to simply ask for it. That’s probably what the Israeli government thought when it sent an email to several American researchers and firms who make so-called zero-days, tools that take advantage of vulnerabilities in software that are unknown to the company that makes the software.
Source: vice.com
Mar. 3, 2018
Two weeks ago, in a little-noticed presentation at the Offensive Con security conference in Berlin, security researchers Markus Vervier and Michele Orrù detailed a method that exploits a new and obscure feature of Google’s Chrome browser to potentially bypass the account protections of any victim using the Yubikey Neo, one of the most popular of the so-called Universal Two-Factor, or U2F, tokens that security experts recommend as the strongest form of protection against phishing attacks.
Mar. 2, 2018
Attackers have generated $3,900 so far in an ongoing campaign that’s exploiting the popular rTorrent application to install currency-mining software on computers running Unix-like operating systems, researchers said Thursday.
Source: arstechnica.com
Mar. 2, 2018
In this demo, we will dump user data without reading it. If you translate the code into Javascript, you could dump IE browser data.
Source: github.com
Mar. 1, 2018
In this project you will find a full implementation of the “bpf” kernel exploit for the PlayStation 4 on 4.55. It will allow you to run arbitrary code as kernel, to allow jailbreaking and kernel-level modifications to the system. This release however, does not contain any code related to defeating anti-piracy mechanisms or running homebrew.
This exploit does include a loader that listens for payloads on port 9020 and will execute them upon receival.