Exploit And Attacks

Magecart campaign -card stealer, online shopping no more secured

Card Skimming Threat to e-commerce platforms According to RiskIQ, Magecart has been attacking online companies since 2016. Its modus operandi is to insert malicious code in the websites of these companies in order to steal their customers’ data when they make a purchase. This technique is called digital skimming. RiskIQ has identified so far, at …

Magecart campaign -card stealer, online shopping no more secured Read More »

SupportAssist Flaw Exposes Dell Computers to Remote Hacking.

Dell Users beware – your systems can be compromised remotely. CVE-ID-2019-3719 Dell SupportAssist vulnerability. A 17-year-old independent security researcher – Bill Demirkapi , has discovered a critical remote code execution vulnerability in one of the pre-installed Dell tools, Dell SupportAssist utility which comes pre-installed on most of all Dell laptops, desktops and tablets. What is …

SupportAssist Flaw Exposes Dell Computers to Remote Hacking. Read More »

WordPress Version 5.1.1 Patch Solves Remote Code execution flaw

Upgrade your wordpress sites to latest version of 5.1.1, before any hacker takes advantage of remote code execution vulnerability to take control of your sites and blogs. Simon Scannell a researcher from RIPS Technologies GmbH , known for disclosing multiple vulnerabilities in wordPress in past, has now revealed new RCE vulnerability. “Considering that comments are …

WordPress Version 5.1.1 Patch Solves Remote Code execution flaw Read More »

Using GPON Routers, Are you safe ?

Over 1 Million GPON Users Are Unsafe, Be Aware Of New Zero Day Vulnerability – Security@Speaks Vulnerability: Dassan / GPON routers Remote Code Execution ExploitThere is a way to bypass all authentication on the devices (CVE-2018-10561), was found by VPNMentor. With this authentication bypass, it’s also possible to unveil another command injection vulnerability (CVE-2018-10562) and …

Using GPON Routers, Are you safe ? Read More »

google Chrome New Zero-Day Vulnerability

CVE : 2019-5786 Remote Code Execution Vulnerability in Google Chrome Browser. The vulnerability was discovered late February by Clement Lecigne, a security researcher at the Google Threat Analysis Group. According to an update to its original announcement and a tweet from Google Chrome’s security lead, the patched bug was under active attacks at the time …

google Chrome New Zero-Day Vulnerability Read More »

Microsoft IIS Remote Code Execution Vulnerability

CVE-2017-7269 Affected Product:  IIS 6.0 for Microsoft Windows Server 2003 R2 This vulnerability was discovered by Zhiniang Peng and Chen Wu. (Information Security Lab & School of Computer Science & Engineering, South China University of Technology Guangzhou), China around July or August 2016. Description: Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in …

Microsoft IIS Remote Code Execution Vulnerability Read More »

CVE-ID : 2019-0686 Elevated Privileges Exploit

Technical findings: CVE-2019-0686 Relatable CVE-2019-0724 Affected Prdoucts:Microsoft Exchange Server 2010 SP3 UR26Microsoft Exchange Server 2013 CU22Microsoft Exchange Server 2016 CU12Microsoft Exchange Server 2019 CU1 Description: -Microsoft Exchange Server is affected by a elevation of privilege vulnerabilities. An attacker who successfully exploits the vulnerability may impersonate any other user of the Exchange server.-To exploit this vulnerability, …

CVE-ID : 2019-0686 Elevated Privileges Exploit Read More »