Tuesday, August 29, 2017

Beware : Sarahah App Secretly Spying Your Mobile and Steal Your Email & Contact List

Recently Most Trending Mobile Application “Sarahah” Secretly Spying users Mobile and uploading their contacts list into sarahah database.

Sarahah App uses to receive feedback from friends and employees which are impressed more than 15 million users Download estimated both apple store and google Play Store in world wide.

we GBHackers On Security  also have Investigated with our Lab Enviroment  and we have Found another information that, Sarahah App Transfering the Log in Credentials in Plain Text Apart from Contacts Information that has been Discovered by bishopfox Senior Security Analyst Zach Julian.
Read More at GBHackers On Security
at No comments:

Wednesday, August 23, 2017

Now attackers can Modify Email content- Even after the Email Delivery

We do believe Email is like a physical letter once it dropped it cannot be changed,but it is not true anymore here you can see a new technique called ROPEMAKER.

 ROPEMAKER stands for Remotely Originated Post-delivery Email Manipulation Attacks which allows changing the content of Email after post delivery even if they use S/MIME or PGP for signing.

 Ropemaker originates between the intersection of email and web technologies.Web technologies introduced in Email to make it more dynamic which also leads to this attack vector.

 Read More at GBHackers On Security
at No comments:

Tuesday, August 22, 2017

AccuWeather found Sending User Location Details Even if Location Sharing Turned Off

Security researcher Will Strafach identified that famous Weather App AccuWeather sending geolocation data to third party data mining firm.
He intercepted the traffic with the latest version of AccuWeather from his iPhone and it appears Wi-Fi router name and its unique MAC address to the servers of data monetization even if the App not permitted for sharing location OR even when the user has switched off location sharing.
at No comments:

Thursday, August 17, 2017

New DDoS Attack Pattern to Pin Down Multiple Targets – Pulse wave

A new method of DDOS attack called as Pulse wave emerging as a nightmare for DDOS protection solutions.With this method, attackers can bring down systems that previously thought to be protected.

Generally, DDoS assault pattern can be characterized as a continued wave with a gradual ramp-up that drives to a peak and is accompanied by either a slow or sudden drop. 

Read More at GBHackers On Security
at No comments:

Monday, August 14, 2017

Now Industrial Control Systems (ICS) Become Prime Target for Cyber Attackers

Industrial management systems (ICS/SCADA) are now the prime target for cyber attackers seeking to compromise the production base and public utilities.
The gift of previous embedded Microsoft® operational systems gives attackers a well-protected supported provision to launch their attack and establish “backdoors” to compromise the enterprise systems.
Manufacturing sector firms, despite seeing a reduction in attacks and security incidents in 2016 still experienced a number of the foremost serious and compromising attacks.
at No comments:

Friday, August 11, 2017

Adobe Flash Player Bug that can Leak Windows User Credentials

Adobe published a new version of Flash player in the middle of this week covering the Security issues under CVE-2017-3085 that affects all the platforms of windows(Windows XP, Vista, 7, 8.x and 10).
This flaw was identified by Security researcher Ruytenberg and it was derived from the old vulnerability(CVE-2016-4271) which Adobe patched on September 2016.
The previous flaw occurs in handling the input validation which leads to exfiltrate data and disclose them through SMB, and Adobe fixed the same with version 23 by dropping local-with-file-system sandbox and rejects UNC and File-style paths schemes (\\10.0.0.1\some\file.txt file://///10.0.0.1/some/file.txt.).
at No comments:
Subscribe to: Posts (Atom)