Experts of the Project Zero have disclosed a proof-of-concept for the exploitation of a default setting in Windows 7, 8.1 that allow privilege escalation. A new security issue threatens users of Windows 7 and 8.1, this time experts are warning about a default setting in both OSs that could allow local users to elevate privileges […]
A new strain of Vawtrak malware implements capabilities to send and receive data through encrypted favicons distributed over the Tor network. A new powerful variant of the Vawtrak malware, also known as Neverquest or Snifula, appeared in the wild. Vawtrak is considered by malware researchers one of the most dangerous malicious code that is threatening systems worldwide. The […]
Israeli Researchers have defined a new exfiltration technique dubbed BitWhisper that is based on the heat emissions and built-in thermal sensors. According researchers at the Ben Gurion University in Israel, by detecting the heat from one computer to an adjacent computer, is possible to establish a channel that can  claiming can facilitate the spread of keys, malicious […]
A security researcher has discovered a reflected filename download vulnerability affecting the Instagram API that could be exploited to share malicious links. The security researcher David Sopas from WebSegura has discovered a serious vulnerability in the Instagram APIÂ that could be exploited by hackers to post a link to a web resource they manage. By exploiting […]
Experts at Palo Alto Networks discovered the Installer Hijacking vulnerability that exposes half of Android users to attack via Installation Vulnerability. The security researcher Zhi Xu from Palo Alto Networks discovered a critical vulnerability, dubbed Android Installer Hijacking, affecting the Android PackageInstaller system service. By exploiting the flaw, an attacker can gain unlimited permissions on compromised smartphone and data […]
Security experts discovered a CSRF vulnerability in the Hilton website that could be exploited by attackers to take over every Hilton Honors account. Last Monday we discovered that the Hilton’s website was affected by a flaw that allowed for anyone that had an Honors account to hack into another account by just guessing a 9-digit […]
Google security team has recently discovered and blocked fraudulent digital certificates issued for several Google domains by a Chinese CA. On March 20, Google security team has discovered and blocked fraudulent digital certificates issued for several Google domains. The investigation revealed that a Chinese certificate authority was using an intermediate CA, MCS Holdings, that issued the bogus […]
Thousands of routers exposed on the Internet by the ISPs are vulnerable to hacking and consequence of attacks on a large scale could be dramatic. ISPs have provided at least 700,000 ADSL routers to the public and unfortunately these kinds of routers have been really vulnerable to every possible hacker who wants to gain the […]
Security experts discovered that the Adobe CVE-2011-2461 vulnerability is exploitable by at least four years despite the company has issued a patch. Four years ago Adobe released a patch for the vulnerability CVE-2011-2461 that was affecting the Adobe Flex SDK 3.x and 4.x. The flaw was a cross-site scripting (XSS) vulnerability that allowed remote attackers to inject arbitrary […]
Chris Watts discovered a security flaw affecting some models of Cisco IP Phones that could be exploited to eavesdrop on conversations and make phone calls. Some models of Cisco IP phones for small businesses are affected by a vulnerability, coded as CVE-2015-0670 that could be exploited by a remote attacker to eavesdrop on conversations and make phone calls […]