Ethical-hacking training racing against changing security landscape

Providers of security training skills are working overtime to keep their curriculum relevant to new threats while teaching advanced hacking skills in a methodical and manageable way, according to the head of Australia’s largest IT training provider. Instructors “try to adapt the classroom to the contemporary situation,” Mal Shaw, general manager of Dimension Data Learning Services (DDLS), told CSO Australia as the company...

Read More

Dell System Detect RCE vulnerability

Tom Forbes from http://tomforb.es/ recently discovered a serious flaw with Dell System Detect that allowed an attacker to trigger the program to download and execute an arbitrary file without any user interaction. Below is a summary of the issue and the steps taken to bypass the protections Dell put in place. Summary Anyone who has owned a Dell will be familiar with the Dell Support page. You can get all the latest drivers for your...

Read More

At least 700,000 routers given to customers by ISPs are vulnerable to hacking

More than 700,000 ADSL routers provided to customers by ISPs around the world contain serious flaws that allow remote hackers to take control of them. Most of the routers have a “directory traversal” flaw in a firmware component called webproc.cgi that allows hackers to extract sensitive configuration data, including administrative credentials. The flaw isn’t new and has been reported by multiple researchers since 2011 in various...

Read More
Updated: One Hacker, 4 Exploits = $225,000 Bounty – Pwn2Own 2015 results
Mar20

Updated: One Hacker, 4 Exploits = $225,000 Bounty – Pwn2Own 2015 results

Update: After earning $110,000 for his first 3 exploits, JungHoon Lee (lokihardt) took out Apple Safari using a use-after-free (UAF) vulnerability in an uninitialized stack pointer in the browser and bypassed the sandbox for code execution. That netted him another $50,000 USD and brought his daily total to $225,000. This is an amazing accomplishment for anyone, but it’s especially impressive considering he is an individual competitor...

Read More
GHOST Remote Metasploit Code
Mar18

GHOST Remote Metasploit Code

A demonstration of remote code execution of the GHOST vulnerability, delivered as a standalone Metasploit module, is now available. The module remotely exploits CVE-2015-0235 (a.k.a. GHOST, a heap-based buffer overflow in the GNU C Library’s gethostbyname functions) on x86 and x86_64 GNU/Linux systems that run the Exim mail server. Read...

Read More

Broadband routers: SOHOpeless and vendors don’t care

Basic net access device in millions of homes is an insult to IT Feature It is far more common to find routers with critical flaws than without – Craig Young It’s sad that end-user education about strong passwords, password safes, and phishing can be undone by something as innocuous as the blinking box in the corner of your room. – Peter Adkins Read...

Read More