Project Zero: Exploiting the DRAM rowhammer bug to gain kernel privileges: “Rowhammer” is a problem with some recent DRAM devices in which repeatedly accessing a row of memory can cause bit flips in adjacent rows. We tested a selection of laptops and found that a subset of them exhibited the problem. We built two working […]

faber03/AndroidMalwareEvaluatingTools: In order to accomplish a deep antimalwares’ detection algorithms analysis, we developed two different tools, both coded in Java. The first tool, named Alan, through a simple UI, provides the application of eight different smali code transformations (detailed informations about these transformations can be found into the paper attached with the project). This tool […]

Full Disclosure: MikroTik RouterOS Admin Password Change CSRF: # Exploit Title: MikroTik RouterOS Admin Password Change CSRF # Google Dork: N/A # Date: 23-2-2015 # Exploit Author: Mohamed Abdelbaset Elnoby (@SymbianSyMoh) # Vendor Homepage: http://www.mikrotik.com <http://s.bl-1.com/h/mPRbq77?url=http://www.mikrotik.com/>/ # Software Link: http://www.mikrotik.com/download <http://s.bl-1.com/h/mPRbvX9?url=http://www.mikrotik.com/download> # Version: All versions < 5.0 # Tested on: All OS # CVE : […]

Thoughts and Concerns about Operation Onymous: Recently it was announced that a coalition of government agencies took control of many Tor hidden services. We were as surprised as most of you. Unfortunately, we have very little information about how this was accomplished, but we do have some thoughts which we want to share.

Yosemite infested by nasty ‘Rootpipe’ vuln: A Swedish security researcher has turned up a serious vulnerability in OS X “Yosemite”, but details are to be withheld until January, giving Apple time to prepare a patch. The vuln was first described in mid-October, when Truesec posted a YouTube video below that sketchily described the existence of […]

Over 17000 Mac Machines Affected by ‘iWorm’ Botnet Malware: A newly discovered zombie network that exclusively targets Apple computers running Mac OS X across the globe has compromised roughly 17,000 machines so far, giving hackers backdoor access to infected computers, researchers at Russian antivirus firm Dr.Web warned. According to a survey of traffic conducted in […]

EncFS Security Audit: This report is the result of a paid 10-hour security audit of EncFS. It has been posted to the EncFS mailing list, so check there for follow-up. I feel that full disclosure is the best approach for disclosing these vulnerabilities, since some of the issues have already been disclosed but haven’t been […]

Ken Shirriff’s blog: Mining Bitcoin with pencil and paper: 0.67 hashes per day: I decided to see how practical it would be to mine Bitcoin with pencil and paper. It turns out that the SHA-256 algorithm used for mining is pretty simple and can in fact be done by hand. Not surprisingly, the process is […]

Yahoo Quickly Fixes SQL Injection Vulnerability Escalated to Remote Code Execution: Yahoo! was recently impacted by a critical web application vulnerabilities which left website’s database and server vulnerable to hackers. A cyber security expert and penetration tester, Ebrahim Hegazy a.k.a Zigoo from Egypt, has found a serious SQL injection vulnerability in Yahoo’s website that allows […]