blog trackingRealtime Web Statistics exploits Archives - Gregory D. Evans | Worlds No. 1 Security Consultant

Posts Tagged ‘exploits’

Snapchat exploits published by snubbed researchers

  After months of being ignored by the company behind the popular instant messaging app Snapchat, Australian hackers Gibson Security has finally published exploits that they discovered. The exploits could be used to match names and phone numbers on Snapchat. Additionally, unscrupulous hackers could also use the exploits to create thousands of fake Snapchat accounts en masse. […]

View full post on Gregory d. evans

CDI 2012 – SEC504 – Hacker Techniques, Exploits & Incident Handling

SANS is offering 1 course(s) at this training event being held in 201212 – SEC504, DC US starting on December 9, 2012. Please visit http://www.sans.org/event/29165 for complete information and to register for this event. View full post on SANS Institute – ALL Training Events

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

View full post on National Cyber Security

Trend Micro ‘virtual shield’ protects against unpatched exploits

Trend Micro has broadened its cloud-based security infrastructure so that its products can receive actionable threat intelligence that lets the security software act like a “virtual shield” against many web-based threats. View full post on Techworld.com security

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

View full post on National Cyber Security

Black Hat: Most Java malware exploits “type confusion” vulnerability

A researcher investigated Java exploits, and drew on one well-know example, to explain how one of the most common classes of attack spreads. View full post on Latest articles from SC Magazine News

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

View full post on National Cyber Security

Cross-platform malware exploits Java to attack PCs and Macs

The same Java vulnerability used in the infamous Flashback malware is now being used as an attack vector for a single piece of malware that can infect both Windows and Mac OS X computers.

View full post on malware – Yahoo! News Search Results

View full post on National Cyber Security » Virus/Malware/Worms

Researchers Release New Exploits to Hijack Critical Infrastructure

New attack code that can be used to take over the control systems of refineries, power plants and factories has been released into the wild. The purpose? To push vendors to take security seriously.

View full post on computer worm – Yahoo! News Search Results

View full post on National Cyber Security » Virus/Malware/Worms

Mac malware exploits unpatched drive-by Java vulnerability

Malware striking Mac computers is making the headlines again, this time exploiting a drive-by vulnerability in Java that has left Apple users dangerously exposed to attack.

The new Mac malware exploits a Java vulnerability (known as CVE-2012-0507), that Apple users are still not patched against.

Apple users won’t feel any consolation at all in the knowledge that their Windows cousins have been protected against the flaw since February.

Sophos security products identify the various components of the Mac malware attack as Exp/20120507-A, Troj/JavaDl-JI, OSX/Dloadr-DMU and OSX/Flshplyr-B – intercepting the threat before it can compromise Mac owners’ computers.

Once again, you’re left to ponder whether having Java installed on your computer is really worth it. Having Java on your PC or Mac may help you run some archaic applications, but it can also dramatically widen the attack surface which hackers can exploit.

My advice is that if you have no real need for Java, remove it.

The latest version of Mac OS X (known as Lion), unlike earlier editions, does not include Java by default, meaning users are not at risk *unless* they have subsequently installed the software.

If you’re not already doing so, run anti-virus software on your Macs. If you’re a home user, there really is no excuse at all as we offer a free anti-virus for Mac consumers.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/1R-sq3qNJGU/

View full post on National Cyber Security

Google Offers $1 Million in Hacker Bounties for Exploits Against Chrome

It may be hard out there for a pimp, but it just got a little bit more lucrative for a hacker.

Google announced on Monday that it would pay $1 million in cash awards to anyone who can hack its Chrome browser during its Pwnium security challenge next week in Vancouver at the CanSecWest conference.

Google has pledged to pay multiple awards in the amounts of $60,000, $40,000 and $20,000, depending on the severity of the exploits, up to $1 million. Winners will also receive a Chromebook.

“We require each set of exploit bugs to be reliable, fully functional end to end, disjoint, of critical impact, present in the latest versions and genuinely ’0-day,’ i.e. not known to us or previously shared with third parties,” Google wrote on its blog.

The exploits must work against Windows 7 machines running the Chrome browser.

$60,000 – “Full Chrome exploit”: Chrome / Win7 local OS user account persistence using only bugs in Chrome itself.

$40,000 – “Partial Chrome exploit”: Chrome / Win7 local OS user account persistence using at least one bug in Chrome itself, plus other bugs. For example, a WebKit bug combined with a Windows sandbox bug.

$20,000 – “Consolation reward, Flash / Windows / other”: Chrome / Win7 local OS user account persistence that does not use bugs in Chrome. For example, bugs in one or more of Flash, Windows or a driver. These exploits are not specific to Chrome and will be a threat to users of any web browser. Although not specifically Chrome’s issue, we’ve decided to offer consolation prizes because these findings still help us toward our mission of making the entire web safer.

Google’s hack challenge will run alongside the $15,000 Pwn2Own contest that runs each year at CanSecWest, which challenges researchers to exploit vulnerabilities in fully patched browsers and other software.

Last year, Google offered a $20,000 bounty, on top of the base $15,000 Pwn2Own prize, for anyone who successfully downed Chrome, but there were no takers. Chrome is currently the only browser eligible for the Pwn2Own contest that has never been brought down, Ars Technica notes. Contestants have indicated that difficulties bypassing Google’s security sandbox is the reason they’ve avoided the browser and focused on Internet Explorer and Safari.

Article source: http://www.wired.com/threatlevel/2012/02/google-1-million-dollar-hack-contest/

View full post on National Cyber Security » Computer Hacking

Trojan Exploits Known Hole in Microsoft Office (February 9, 2012)

Wow! It’s an incident handler’s Christmas morning, tools, tools, tools. Very Applicable!
-Todd Davis, Symantec

Article source: http://www.sans.org/newsletters/newsbites/newsbites.php?vol=14&issue=13&rss=Y#sID309

View full post on National Cyber Security

2012-01-30 – SANS Mentor Program partners with Lorain County Community College to offer Hacker Techniques, Exploits and Incident Handling courses

SANS Mentor Program partners with Lorain County Community College to offer Hacker Techniques, Exploits and Incident Handling courses

View full post on SANS Press Room

View full post on National Cyber Security » Announcements

Page 1 of 212»

Get The New Book By Gregory Evans

Everyone Is Talking About!

Are You Hacker Proof?
$15.95

Find Out More, Click Here!