Article: Android Browser Same Origin Policy Bypass < 4.4 - CVE-2014-6041 - published over 10 years ago.
Content: IntroductionSame Origin Policy (SOP) is one of the most important security mechanisms that are applied in modern browsers, the basic idea behind the SOP is the javaScript from one origin should not be able to access the properties of a website on another origin. The origin is formed by the combination of Scheme, domain and port with the port being an excepti...
Copy Link: http://www.rafayhackingarticles.net/2014/08/android-browser-same-origin-policy.html   
Published: 2014 08 31 09:33:00
Received: 2021 06 06 09:04:44
Feed: Ethical Hacking - Rafayhackingarticles
Source: Ethical Hacking - Rafayhackingarticles
Category: Cyber Security
Topic: Cyber Security

Article: Connecting the Dots: Syrian Malware Team Uses BlackWorm for Attacks - published over 10 years ago.
Content: The Syrian Electronic Army has made news for its recent attacks on major communications websites, Forbes, and an alleged attack on CENTCOM. While these attacks garnered public attention, the activities of another group - The Syrian Malware Team - have gone largely unnoticed. The group’s activities prompted us to take a closer look. We discovere...
Copy Link: https://www.fireeye.com/blog/threat-research/2014/08/connecting-the-dots-syrian-malware-team-uses-blackworm-for-attacks.html   
Published: 2014 08 29 08:00:00
Received: 2022 05 23 16:06:47
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Free Score Certificate

Article: Smashing The Browser: From Vulnerability Discovery To Exploit - published over 10 years ago.
Content: submitted by /u/demi6od [link] [comments]
Copy Link: https://www.reddit.com/r/vrd/comments/2evme2/smashing_the_browser_from_vulnerability_discovery/   
Published: 2014 08 29 01:16:01
Received: 2021 06 06 11:29:11
Feed: Vulnerability Research and Development
Source: Vulnerability Research and Development
Category: Alerts
Topic: Vulnerabilities

Article: Attacking financial malware botnet panels - SpyEye - published over 10 years ago.
Content: This is the second blog post in the "Attacking financial malware botnet panels" series. After playing with Zeus, my attention turned to another old (and dead) botnet, SpyEye. From an ITSEC perspective, SpyEye shares a lot of vulnerabilities with Zeus.  The following report is based on SpyEye 1.3.45, which is old, and if we are lucky, the whole SpyEye bra...
Copy Link: https://jumpespjump.blogspot.com/2014/08/attacking-financial-malware-botnet.html   
Published: 2014 08 22 17:09:00
Received: 2024 03 12 23:22:35
Feed: Jump ESP, jump!
Source: Jump ESP, jump!
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Score Summary

Article: Vulnerability Summary for the Week of August 11, 2014 - published over 10 years ago.
Content:
Copy Link: https://www.cisa.gov/news-events/bulletins/sb14-230   
Published: 2014 08 18 21:11:23
Received: 2023 03 17 18:04:35
Feed: CISA Bulletins
Source: Cybersecurity and Infrastructure Security Agency (CISA)
Category: Bulletins
Topic: Cyber Security

Article: 最近、雑誌やネットでやけにバストアップ商品をみませんか？ - published over 10 years ago.
Content: 最近、女性誌やネットをみていると、やけにバストアップ商品の広告をよく見るような気がします。 「夏は、薄着になったり、水着を着る機会が増えるので、バストアップ商品はよく売れる」という話はよく聞きます。 けれど、昨年より明らかに多い気がします。   ちょっと調べてみたところ、今年に入って、かなりの数のバストアップ製品が発売されているようです。 そして、中でも多いのが、プエラリアミリフィカを主成分とする、バストアップサプリメント。   このプエラリア・ミリフィカという成分は、タイの植物の成分なのですが、女性ホルモンに近い成分なので、食べれば、ムネが大きくなったり、生理痛が改善されたりするとされています。 このプエラリア・ミリフィカは、世界各国で、「実際にバストアップに効果がある」との臨床データがぞくぞくと出てきており...
Copy Link: http://www.hackus.org/%e6%9c%80%e8%bf%91%e3%80%81%e9%9b%91%e8%aa%8c%e3%82%84%e3%83%8d%e3%83%83%e3%83%88%e3%81%a7%e3%82%84%e3%81%91%e3%81%ab%e3%83%90%e3%82%b9%e3%83%88%e3%82%a2%e3%83%83%e3%83%97%e5%95%86%e5%93%81%e3%82%92/   
Published: 2014 08 18 20:12:27
Received: 2021 06 06 09:04:52
Feed: Hackus
Source: Hackus
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Your Score Explained

Article: Analyzing heap objects with mona.py - published over 10 years ago.
Content:
Copy Link: https://www.corelan.be/index.php/2014/08/16/analyzing-heap-objects-with-mona-py/?utm_source=rss&utm_medium=rss&utm_campaign=analyzing-heap-objects-with-mona-py   
Published: 2014 08 16 15:09:22
Received: 2023 01 18 09:44:47
Feed: Corelan Team
Source: Corelan Team
Category: News
Topic: Hacking

Article: DEFCON 22 Badge Challenge - published over 10 years ago.
Content:
Copy Link: https://potatohatsecurity.tumblr.com/post/94565729529   
Published: 2014 08 12 21:23:00
Received: 2021 06 06 09:04:58
Feed: Team PotatoSec
Source: Team PotatoSec
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Gold Score Certificate

Article: 2915720 - Changes in Windows Authenticode Signature Verification - Version: 1.4 - published over 10 years ago.
Content: Revision Note: V1.4 (July 29, 2014): Revised advisory to announce that Microsoft no longer plans to enforce the stricter verification behavior as a default functionality on supported releases of Microsoft Windows. It remains available as an opt-in feature. See the Advisory FAQ section for more information.Summary: Microsoft is announcing the availability of ...
Copy Link: https://technet.microsoft.com/en-us/library/security/2915720   
Published: 2014 07 29 17:00:00
Received: 2022 04 14 18:03:38
Feed: Latest Security Advisories
Source: Latest Security Advisories
Category: Alerts
Topic: Vulnerabilities

Article: Advanced Exploitation of VirtualBox 3D Acceleration VM Escape Vulnerability / Exploit (CVE-2014-0983), VUPEN (July 2014) - published over 10 years ago.
Content: submitted by /u/stormehh [link] [comments]
Copy Link: https://www.reddit.com/r/vrd/comments/2bp9v7/advanced_exploitation_of_virtualbox_3d/   
Published: 2014 07 25 16:08:47
Received: 2021 06 06 11:29:11
Feed: Vulnerability Research and Development
Source: Vulnerability Research and Development
Category: Alerts
Topic: Vulnerabilities

Article: CZ Solution Ltd. signed samples of Xtreme Rat, Zeus, Spy-Net, Gh0st, BozokRAT and other - published over 10 years ago.
Content: Here are all samples (+ more) mentioned in this post by Fireeye : The Little Signature That Could: The Curious Case of CZ Solution"All files are digitally signed with a "CZ Solutions" certificate making it easy to create a Yara or ClamAV signature. A few Zeus samples seem to be still beaconing. Most are sinkholed.The certificate is now revoked by VeriSign.En...
Copy Link: http://contagiodump.blogspot.com/2014/07/cz-solution-ltd-signed-samples-of.html   
Published: 2014 07 21 04:57:00
Received: 2022 07 04 22:08:53
Feed: contagio
Source: contagio
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Score Analysis

Article: 2982792 - Improperly Issued Digital Certificates Could Allow Spoofing - Version: 2.0 - published over 10 years ago.
Content: Revision Note: V2.0 (July 17, 2014): Advisory revised to announce the availability of update 2982792 for supported editions of Windows Server 2003. For more information, see the Suggested Actions section of this advisory.Summary: Microsoft is aware of improperly issued SSL certificates that could be used in attempts to spoof content, perform phishing attacks...
Copy Link: https://technet.microsoft.com/en-us/library/security/2982792   
Published: 2014 07 17 17:00:00
Received: 2022 04 14 18:03:38
Feed: Latest Security Advisories
Source: Latest Security Advisories
Category: Alerts
Topic: Vulnerabilities

Article: Havex, It’s Down With OPC - published over 10 years ago.
Content: FireEye recently analyzed the capabilities of a variant of Havex (referred to by FireEye as “Fertger” or “PEACEPIPE”), the first publicized malware reported to actively scan OPC servers used for controlling SCADA (Supervisory Control and Data Acquisition) devices in critical infrastructure (e.g., water and electric utilities), energy, and manufactu...
Copy Link: https://www.fireeye.com/blog/threat-research/2014/07/havex-its-down-with-opc.html   
Published: 2014 07 17 14:00:00
Received: 2022 05 23 16:06:45
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Risk Impact Distribution

Article: Oracle Critical Patch Update Advisory - July 2014 - published over 10 years ago.
Content:
Copy Link: http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html   
Published: 2014 07 15 19:30:54
Received: 2021 06 06 09:03:27
Feed: Oracle Security Alerts
Source: Oracle Security Alerts
Category: Alerts
Topic: Vulnerabilities

Article: Episode #179: The Check is in the Mail - published over 10 years ago.
Content: Tim mails one in: Bob Meckle writes in: I have recently come across a situation where it would be greatly beneficial to build a script to check revocation dates on certificates issued using a certain template, and send an email to our certificate staff letting them know which certificates will expire within the next 6 weeks. I am wondering if you guys hav...
Copy Link: http://blog.commandlinekungfu.com/2014/06/episode-179-check-is-in-mail.html   
Published: 2014 06 30 21:51:00
Received: 2023 03 31 08:44:32
Feed: Command Line Kung Fu
Source: Command Line Kung Fu
Category: News
Topic: Security Tooling

Cyber Tzar Risk Impact Assesment

Article: 2974294 - Vulnerability in Microsoft Malware Protection Engine Could Allow Denial of Service - Version: 1.0 - published over 10 years ago.
Content: Revision Note: V1.0 (June 17, 2014): Advisory publishedSummary: Microsoft is releasing this security advisory to inform customers that an update to the Microsoft Malware Protection Engine addresses a security vulnerability that was reported to Microsoft. The vulnerability could allow denial of service if the Microsoft Malware Protection Engine scans a specia...
Copy Link: https://technet.microsoft.com/en-us/library/security/2974294   
Published: 2014 06 17 17:00:00
Received: 2022 04 14 18:03:38
Feed: Latest Security Advisories
Source: Latest Security Advisories
Category: Alerts
Topic: Vulnerabilities

Article: A Not-So Civic Duty: Asprox Botnet Campaign Spreads Court Dates and Malware - published over 10 years ago.
Content: Executive Summary FireEye Labs has been tracking a recent spike in malicious email detections that we attribute to a campaign that began in 2013. While malicious email campaigns are nothing new, this one is significant in that we are observing mass-targeting attackers adopting the malware evasion methods pioneered by the stealthier APT attackers....
Copy Link: https://www.fireeye.com/blog/threat-research/2014/06/a-not-so-civic-duty-asprox-botnet-campaign-spreads-court-dates-and-malware.html   
Published: 2014 06 16 14:00:00
Received: 2022 05 23 16:06:45
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Your Score Explained

Article: 2962824 - Update Rollup of Revoked Non-Compliant UEFI Modules - Version: 1.1 - published almost 11 years ago.
Content: Revision Note: V1.1 (June 10, 2014): Advisory revised to announce a detection change for the update rollup (updates 2920189 and 2961908). This is a detection change only. There were no changes to the update files. Customers who have already successfully updated their systems do not need to take any action.Summary: With this advisory, Microsoft is revoking th...
Copy Link: https://technet.microsoft.com/en-us/library/security/2962824   
Published: 2014 06 10 17:00:00
Received: 2022 04 14 18:03:38
Feed: Latest Security Advisories
Source: Latest Security Advisories
Category: Alerts
Topic: Vulnerabilities

Article: 2862973 - Update for Deprecation of MD5 Hashing Algorithm for Microsoft Root Certificate Program - Version: 3.0 - published almost 11 years ago.
Content: Revision Note: V3.0 (June 10, 2014): Revised advisory to rerelease the 2862973 update for Windows 8 and Windows Server 2012. This rerelease only applies to systems running Windows Embedded 8 and Windows Server 2012 for Embedded Systems. See the Advisory FAQ for more information.Summary: Microsoft is announcing the availability of an update for supported edit...
Copy Link: https://technet.microsoft.com/en-us/library/security/2862973   
Published: 2014 06 10 17:00:00
Received: 2022 04 14 18:03:38
Feed: Latest Security Advisories
Source: Latest Security Advisories
Category: Alerts
Topic: Vulnerabilities

Article: CSO : Common Sense Operator/Operations - published almost 11 years ago.
Content:
Copy Link: https://www.corelan.be/index.php/2014/06/03/cso-common-sense-operatoroperations/?utm_source=rss&utm_medium=rss&utm_campaign=cso-common-sense-operatoroperations   
Published: 2014 06 03 08:05:09
Received: 2023 01 18 09:44:47
Feed: Corelan Team
Source: Corelan Team
Category: News
Topic: Hacking

Cyber Tzar Risk Groups Explained

Article: How Much Would a Cyberattack Cost Your Enterprise? - published almost 11 years ago.
Content:
Copy Link: https://www.securitymagazine.com/articles/85556-how-much-would-a-cyberattack-cost-your-enterprise   
Published: 2014 06 01 04:00:00
Received: 2021 04 25 02:14:07
Feed: Security Magazine – Reports
Source: Security Magazine
Category: Reports
Topic: Cyber Security

Article: HITB2014AMS – Day 2 – On Her Majesty’s Secret Service: GRX & A Spy Agency - published almost 11 years ago.
Content:
Copy Link: https://www.corelan.be/index.php/2014/05/30/hitb2014ams-day-2-on-her-majestys-secret-service-grx-a-spy-agency/?utm_source=rss&utm_medium=rss&utm_campaign=hitb2014ams-day-2-on-her-majestys-secret-service-grx-a-spy-agency   
Published: 2014 05 30 13:13:22
Received: 2023 01 18 09:44:47
Feed: Corelan Team
Source: Corelan Team
Category: News
Topic: Hacking

Cyber Tzar Change Over Time (Extended)

Article: HITB2014AMS – Day 2 – Exploring and Exploiting iOS Web Browsers - published almost 11 years ago.
Content:
Copy Link: https://www.corelan.be/index.php/2014/05/30/hitb2014ams-day-2-exploring-and-exploiting-ios-web-browsers/?utm_source=rss&utm_medium=rss&utm_campaign=hitb2014ams-day-2-exploring-and-exploiting-ios-web-browsers   
Published: 2014 05 30 10:19:05
Received: 2023 01 18 09:44:48
Feed: Corelan Team
Source: Corelan Team
Category: News
Topic: Hacking

Cyber Tzar Change Over Time (Extended)

Article: HITB2014AMS – Day 2 – Keynote 4: Hack It Forward - published almost 11 years ago.
Content:
Copy Link: https://www.corelan.be/index.php/2014/05/30/hitb2014ams-day-2-keynote-4-hack-it-forward/?utm_source=rss&utm_medium=rss&utm_campaign=hitb2014ams-day-2-keynote-4-hack-it-forward   
Published: 2014 05 30 08:32:09
Received: 2023 01 18 09:44:48
Feed: Corelan Team
Source: Corelan Team
Category: News
Topic: Hacking

Article: Episode #178: Luhn-acy - published almost 11 years ago.
Content: Hal limbers up in the dojo To maintain our fighting trim here in the Command Line Kung Fu dojo, we like to set little challenges for ourselves from time to time. Of course, we prefer it when our loyal readers send us ideas, so keep those emails coming! Really... please oh please oh please keep those emails coming... please, please, please... ahem, but I d...
Copy Link: http://blog.commandlinekungfu.com/2014/05/not-ready-yet-episode-178-luhn-acy.html   
Published: 2014 05 26 09:00:00
Received: 2023 03 31 08:44:32
Feed: Command Line Kung Fu
Source: Command Line Kung Fu
Category: News
Topic: Security Tooling

Cyber Tzar Change Over Time (Extended)

Article: Hacking Windows 95, part 2 - published almost 11 years ago.
Content: In the Hacking Windows 95, part 1 blog post, we covered that through a nasty bug affecting Windows 95/98/ME, the share password can be guessed in no time. In this article, I'm going to try to use this vulnerability to achieve remote code execution (with the help of publicly available tools only). The first thing we can do when we have read access to the Wi...
Copy Link: https://jumpespjump.blogspot.com/2014/05/hacking-windows-95-part-2.html   
Published: 2014 05 23 15:29:00
Received: 2024 03 12 23:22:35
Feed: Jump ESP, jump!
Source: Jump ESP, jump!
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Change Over Time (Extended)

Article: Owning the Database with SQLMAP and METASPLOIT - published almost 11 years ago.
Content: Today I will be trying to teach you how to use it from Linux platform to take advantage of all that it has to offer. We will begin by booting up our favorite Linux distro of choice; I will be using BackTrack 4R2 for purposes of this tutorial - it is not required but helps because everything is mostly setup already (mostly Metasploit). Once you have you...
Copy Link: http://hacking-share.blogspot.com/2014/05/owning-database-with-sqlmap-and.html   
Published: 2014 05 06 16:00:00
Received: 2023 04 02 10:42:09
Feed: Hacking Share
Source: Hacking Share
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Change Over Time (Extended)

Article: KLEE used to find NULL pointer dereference in OpenSSL - published almost 11 years ago.
Content: submitted by /u/turnersr [link] [comments]
Copy Link: https://www.reddit.com/r/vrd/comments/24i2zh/klee_used_to_find_null_pointer_dereference_in/   
Published: 2014 05 02 00:25:08
Received: 2021 06 06 11:29:11
Feed: Vulnerability Research and Development
Source: Vulnerability Research and Development
Category: Alerts
Topic: Vulnerabilities

Article: Episode #177: There and Back Again - published almost 11 years ago.
Content: Hal finds some old mail Way, way back after Episode #170 Tony Reusser sent us a follow-up query. If you recall, Episode #170 showed how to change files named "fileaa", "fileab", "fileac", etc to files named "file.001", "file.002", "file.003". Tony's question was how to go back the other way-- from "file.001" to "fileaa", "file.002" to "fileab", and so on....
Copy Link: http://blog.commandlinekungfu.com/2014/04/episode-177-there-and-back-again.html   
Published: 2014 05 01 01:01:00
Received: 2023 03 31 08:44:32
Feed: Command Line Kung Fu
Source: Command Line Kung Fu
Category: News
Topic: Security Tooling

Cyber Tzar Change Over Time (Extended)

Article: DSploit - published almost 11 years ago.
Content: DSploit After playing with the applications installed on the Pwn Pad, I found that the most important application (at least for me) was missing from the pre-installed apps. Namely, DSploit. Although DSploit has tons of features, I really liked the multiprotocol password sniffing (same as dsniff) and the session hijacking functionality. The DSploit AP...
Copy Link: https://jumpespjump.blogspot.com/2014/04/dsploit.html   
Published: 2014 04 29 21:56:00
Received: 2024 03 12 23:22:35
Feed: Jump ESP, jump!
Source: Jump ESP, jump!
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Re-Score Report

Article: New Zero-Day Exploit targeting Internet Explorer Versions 9 through 11 Identified in Targeted Attacks - published almost 11 years ago.
Content: Summary FireEye Research Labs, the intelligence behind our Mandiant Consultancy services, identified a new Internet Explorer (IE) zero-day exploit used in targeted attacks.  The vulnerability affects IE6 through IE11, but the attack is targeting IE9 through IE11.  This zero-day bypasses both ASLR and DEP. Microsoft has assigned CVE-2014-1776 to...
Copy Link: https://www.fireeye.com/blog/threat-research/2014/04/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html   
Published: 2014 04 27 02:29:08
Received: 2022 05 23 16:06:45
Feed: FireEye Blog
Source: FireEye Blog
Category: Cyber Security
Topic: Cyber Security

Article: WiFi hacking on tablets - published almost 11 years ago.
Content: Disclaimer: Don't hack anything where you don't have the authorization to do so. Stay legal. Ever since I bought my first Android device, I wanted to use the device for WEP cracking. Not because I need it, but I want it :) After some googling, I read that you can't use your WiFi chipset for packet injection, and I forgot the whole topic. After a while, I ...
Copy Link: https://jumpespjump.blogspot.com/2014/04/wifi-hacking-on-tablets.html   
Published: 2014 04 22 12:16:00
Received: 2024 03 12 23:22:35
Feed: Jump ESP, jump!
Source: Jump ESP, jump!
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Top Ten Vulnerabilities Explained

Article: Oracle Security Alert for CVE-2014-0160 - 18 April 2014 - published almost 11 years ago.
Content:
Copy Link: http://www.oracle.com/technetwork/topics/security/alert-cve-2014-0160-2190703.html   
Published: 2014 04 18 19:30:54
Received: 2021 06 06 09:03:27
Feed: Oracle Security Alerts
Source: Oracle Security Alerts
Category: Alerts
Topic: Vulnerabilities

Cyber Tzar Top Ten Vulnerabilities Explained

Article: Serious Security Vulnerability in Runescape - published almost 11 years ago.
Content: I recently found a serious security issue with Jagex (who owns the worlds most popular MMORP called Runescape). This security issue is caused when a customer wants to cancel their membership. Jagex asks for you to send them PLAINTEXT credit card details via EMAIL. Yes, you read correctly. Plaintext credit card information, potentially the most personal info...
Copy Link: http://trojan7malware.blogspot.com/2014/04/serious-security-vulnerability-in.html   
Published: 2014 04 16 11:22:00
Received: 2024 03 20 04:23:50
Feed: Trojan7Malware
Source: Trojan7Malware
Category: Cyber Security
Topic: Cyber Security

Cyber Tzar Top Ten Vulnerabilities Explained

Article: Oracle Critical Patch Update Advisory - April 2014 - published almost 11 years ago.
Content:
Copy Link: http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html   
Published: 2014 04 15 19:30:54
Received: 2021 06 06 09:03:27
Feed: Oracle Security Alerts
Source: Oracle Security Alerts
Category: Alerts
Topic: Vulnerabilities