securityXspace: a blog about cyber-philosophy.
-
Don’t Trust OAuth: Why The Google Docs Worm Was So Convincing
Source: Don’t Trust OAuth: Why The Google Docs Worm Was So Convincing
-
Intel Patches Nine-Year-Old Critical CPU Vulnerability
Intel warns business PC customers of a critical vulnerability found in its Active Management Technology that allows for escalation of privilege attacks. Source: Intel Patches Nine-Year-Old Critical CPU Vulnerability
-
IBM has been shipping malware-infected USB sticks
We tend to trust companies like IBM to take greater care over what they ship to their customers and assume it to be uncompromised and squeaky-clean. Clearly that trust is sometimes misplaced. Source: IBM has been shipping malware-infected USB sticks
-
Greenbug’s DNS-isms
Over the past few months there has been a lot of research and press coverage on the Shamoon campaigns. These have been the attacks on Saudi Arabian companies where a destructive malware known as Disttrack was deployed. The malware, using stolen credentials, spreads throughout the […] Source: Greenbug’s DNS-isms
-
Google And Facebook Duped Out Of $100 Million In Phishing Scam
Source: Google And Facebook Duped Out Of $100 Million In Phishing Scam
-
Use of DNS Tunneling for C&C Communications
– Say my name. – 127.0.0.1! – You are goddamn right. Network communication is a key function for any malicious program. Yes, there are exceptions, such as cryptors and ransomware Trojans that can do their job just fine without using the Internet. Source: Use of DNS Tunneling for C&C Communications
-
New MacOS Malware, Signed With Legit Apple ID, Found Spying On HTTPS Traffic
Many people believe that they are much less likely to be bothered by malware if they use a Mac computer, but is it really true? Unfortunately, No. According to the McAfee Labs, malware attacks on Apple’s Mac computers were up 744% in 2016, and its researchers have discovered nearly 460,000 Mac malware samples, which is…
-
Deep-dive into XEE
XML External Entity is a problem faced by many web applications. This site offers an interesting deep dive into the technique and methods of protection: XEE
-
Mimipenguin
Useful looking tool for dump Linux passwords: Mimipenguin
-
New OWASP Top 10 Reveals Critical Weakness in Application Defenses
It’s time to move from a dependence on the flawed process of vulnerability identification and remediation to a two-pronged approach that also protects organizations from attacks. Source: New OWASP Top 10 Reveals Critical Weakness in Application Defenses
securityXspace 