Oracle on Wednesday announced specific plans to kill the Java browser plugin and has advised users to start migrating to other technologies. In the old days, advanced Web features were only available in browsers via plugins leveraging the Netscape Plugin Application Programming Interface (NPAPI), the most popular applications being Java, […]
News
2229 posts
LG today released a security update for some of its latest smartphones to resolve a severe vulnerability found in the Smart Notice application. Introduced by LG in 2014, along with the flagship LG G3, the Smart Notice application comes pre-loaded on all new LG smartphones, and was designed to display notifications […]
Welcome back to the RedPacket Security website. An important milestone for Offensive Security has come with the first public release of Kali Linux rolling distribution. Kali switched to a rolling release model back when they hit version 2.0 (codename “sana”), however the rolling release was only available via an upgrade from 2.0 […]
A security researcher has claimed that Mikey-Sakke, the security protocol behind the GCHQ-developed Secure Voice encryption standard, has a built-in backdoor that allows the UK spy agency to intercept and snoop on phone calls. The findings come from Dr Steven Murdoch of University College London, who published a […]
So we have all heard about the recent DDoS attack on ProtonMail over the last week or so, but that hasn’t stopped them cracking on with things. I have been with ProtonMail since I heard about them opening it up for a limited amount […]
ProtonMail, the secure encrypted email service in Switzerland have been having bad time recently. ProtonMail, an encrypted email provider, has been coerced into forking over 15 bitcoin (the equivalent of $6000) by hackers who targeted the provider with a sustained DDoS attack that started on Nov. 3. ProtonMail was launched […]
In total 4% of the customer base had personal data compromised. The cyber-attack on TalkTalk was successful on a much smaller scale than the company initially estimated, according to the latest update on the matter. When the story initially broke, it was reported that millions of customers were affected […]
So it seems there is a Fitbit vulnerability involving the BlueTooth implementation that can be used to embed self replicating malware onto the wearable fitness tracker. Fitbit trackers may have a vulnerability that can let somebody within Bluetooth range quickly hack them, according to security company Fortinet. Worse yet, once […]
Recently, enSilo found an Advanced Persistent Threat (APT) residing in a sensitive network of a customer. This APT appears to be a Remote Access Trojan (RAT) that is capable of taking complete control of the victim’s computer. To date, this APT is unknown and does not appear in VirusTotal. Moker […]
A malicious DLL was able to read & log passwords in clear text An attack exploiting the Microsoft Outlook Web Application (OWA) allowed hackers to record authentication credentials via a malicious DLL file placed on the server itself. The attack was uncovered by security vendor Cybereason, when a company asked […]
SYMANTEC is reporting about Linux.Wifatch They are suggesting that it might be a good guy type of internet threat that wants to solve problems with the Internet of Things. I know that this sounds a little strange, and not your usual computer infection, It’s like a cyber Batman helping people out. […]
The XOR DDoS botnet can generate attacks more powerful than most businesses can withstand A Linux botnet has grown so powerful that it can generate crippling distributed denial-of-service attacks at over 150 Gbps, many times greater than a typical company’s infrastructure can withstand. The malware behind the botnet is known as […]
Kippo! Great honeypot….. But there are problems, i mean 2 seconds with metasploit and BAM! honeypot detected! Then there are other ways to detect it, once logged in. Its a dead giveaway. So i have been reading up about other ways to detect kippo, in an aim to make […]
Sleepy Puppy is a XSS payload management framework that enables security engineers to simplify the process of capturing, managing, and tracking XSS propagation over long periods of time and numerous assessments. We will use the following terminology throughout the rest of the discussion: Assessments describe […]
Browsefox aka Sambreel aka Yontoo is a family of browser hijackers. When advertised they promise to “customize and enhance your interaction with the websites you visit”, but in reality they are almost never a users choice install. They come bundled with other software at many major download sites and at […]
This is the second “critical” out-of-band patch issued in as many months. It’s all Internet Explorer’s fault — again. Microsoft has released an emergency out-of-band patch for a “critical”-rated security vulnerability, affecting all supported versions of Windows. The software giant said in an advisory Tuesday that users visiting a specially-crafted website […]
For 2 years VW tried to hide the exploits that made its cars hack-able . Now, many might be getting quite paranoid about the recent spate of stories revolving around wireless hacks, nifty devices like ‘Rolljam’ and inherent vulnerabilities in connected vehicles that leave them exposed to enterprising hackers. Well, […]
Lenovo has sold laptops bundled with irremovable software that features a bonus exploitable security vulnerability. If the crapware is deleted, or the hard drive wiped and Windows reinstalled from scratch, the laptop’s firmware will quietly and automatically reinstall Lenovo’s software on the next boot-up. Built into the firmware on the […]
Update flawed, new one needed for countless gadgets Google’s security update to fix the Stagefright vulnerability in millions of Android smartphones is buggy – and a new patch is needed. The Stagefright flaw is named after a component within the Android operating system that, among other things, processes incoming text […]
A team of European security researchers has published a paper analyzing how the battery life of mobile devices could be used to track web browsing habits of Firefox users on Linux, using the HTML5 Battery Status API (via The Guardian). The specific method they expose in their paper has been fixed by Firefox as of June […]
We’re still buzzing and recovering from the Black Hat and DEF CON conferences where we finished presenting our new Kali Linux Dojo, which was a blast. With the help of a few good people, the Dojo rooms were set up ready for the masses – where many generated their very […]