Monthly archives: August 2015

Browsefox aka Sambreel aka Yontoo is a family of browser hijackers. When advertised they promise to “customize and enhance your interaction with the websites you visit”, but in reality they are almost never a users choice install. They come bundled with other software at many major download sites and at […]

BrowserFox variant High Stairs

25 Aug, 2015 in News tagged Browsefox / hacking / high stairs / iframe / javascript / malwarebytes / pup by admin

This is the second “critical” out-of-band patch issued in as many months. It’s all Internet Explorer’s fault — again. Microsoft has released an emergency out-of-band patch for a “critical”-rated security vulnerability, affecting all supported versions of Windows. The software giant said in an advisory Tuesday that users visiting a specially-crafted website […]

CVE-2015-2502 Microsoft issues emergency patch for all versions of Windows

19 Aug, 2015 in News tagged CVE-2015-2502 / exploit / internet explorer / MS15-093 / news / Windows by admin

For 2 years VW tried to hide the exploits that made its cars hack-able . Now, many might be getting quite paranoid about the recent spate of stories revolving around wireless hacks, nifty devices like ‘Rolljam’ and inherent vulnerabilities in connected vehicles that leave them exposed to enterprising hackers. Well, […]

VW tried to hide hacking exploits on its cars

18 Aug, 2015 in News tagged car / exploit / hacking / hacks / rolljam / volkswagen / vw by admin

Lenovo has sold laptops bundled with irremovable software that features a bonus exploitable security vulnerability. If the crapware is deleted, or the hard drive wiped and Windows reinstalled from scratch, the laptop’s firmware will quietly and automatically reinstall Lenovo’s software on the next boot-up. Built into the firmware on the […]

Lenovo stuffs laptops with a rootkit in the BIOS

14 Aug, 2015 in News tagged bios. spy / crapware / lenovo / LSE / news / OEM by admin

Update flawed, new one needed for countless gadgets Google’s security update to fix the Stagefright vulnerability in millions of Android smartphones is buggy – and a new patch is needed. The Stagefright flaw is named after a component within the Android operating system that, among other things, processes incoming text […]

Androids still vulnerable, even after Google patch

14 Aug, 2015 in News tagged android / bug / exploiit / flaw / google / hacking / mobile / news / Security / stagefright by admin

A team of European security researchers has published a paper analyzing how the battery life of mobile devices could be used to track web browsing habits of Firefox users on Linux, using the HTML5 Battery Status API (via The Guardian). The specific method they expose in their paper has been fixed by Firefox as of June […]

Are you being tracked by your battery power levels.

13 Aug, 2015 in News tagged analytics / battery / news / tracking / web by admin

We’re still buzzing and recovering from the Black Hat and DEF CON conferences where we finished presenting our new Kali Linux Dojo, which was a blast. With the help of a few good people, the Dojo rooms were set up ready for the masses – where many generated their very […]

Kali Linux 2.0 upgrade to Sana now available

11 Aug, 2015 in News tagged hacking / kali / kali 2.0 / Kali fu / linux / metasploit by admin

Same origin violation and local file stealing via PDF reader Security researcher Cody Crews reported on a way to violate the same origin policy and inject script into a non-privileged part of the built-in PDF Viewer. This would allow an attacker to read and steal sensitive local files on the […]

Firefox 0day – CVE-2015-4495

10 Aug, 2015 in News tagged 0day / CVE-2015-4495 / firefox / hacking / iceweasel / mozilla by admin

Six WordPress security bugs fixed in version 4.2.4 WordPress, the darling CMS of the open source community, has released moments ago version 4.2.4, which contains lots of security fixes addressing a wide range of issues. Ten bugs have been fixed with this release, six of them being security-related, and quite […]

WordPress 4.2.4 Fixes Three XSS Vulnerabilities and One Potential SQL ...

4 Aug, 2015 in News tagged CMS / hacking / injection / sql / vulnerabilities / wordpress / XSS by admin

BitDefender has compromised the details of around 250 users after a data breach revealed that it doesn’t encrypt details of certain customers. First reported by Forbes, the DetoxRansome group behind the hack showed that the usernames and passwords they pilfered were completely encrypted. The passwords would have been incredibly hard […]

BitDefender fails to encrypt usernames and passwords

3 Aug, 2015 in News tagged bitdefender / DetoxRansome / encryption / hack / hacking / Security / unencrypted by admin