Tag Archives: Exploitation

No, not a Java Zero Day again!

Posted on March 1, 2013 by Prashant
Java_Bullet

For all netizens, I have a simple advice: either disable Java or uninstall it! A brand new Java Zero Day has been identified by security firm FireEye. The constant targets are browsers that have Java v1.6 Update 41 and Java … Continue reading

Tagged , , , , , , , | Leave a comment

APTs and the Red Dragon

Posted on February 20, 2013 by Prashant
apt1

Yesterday following a tweet, I came across a newly published report pointing towards the involvement of the Chinese government and its People’s Liberation Army (PLA) involvement in some long time cyber espionage carried out in the past. A leading security … Continue reading

Tagged , , , , , , , , | Leave a comment

Exploit Diary: Ruby on Rails and Java back with exploits

Posted on January 10, 2013 by Prashant
Java_Bullet

The New Year welcomed Ruby on Rails and Java with exploits and zero days! Talking about Ruby on Rails first, an SQL injection vulnerability was identified on the active record in all versions. Due to the way dynamic finders in … Continue reading

Tagged , , , , , , , | Leave a comment

PCWorld.com XSS

Posted on January 6, 2013 by Prashant
pc1

PCWorld is a leading magazine in the field of Information Technology updating its reader with the modern trends in technology, computers, gadgets etc. The magazine is available in paper back format and has a website as well. A month back … Continue reading

Tagged , , , , , , | Leave a comment

Exploit Diary: Firefox memory leak exploit

Posted on January 3, 2013 by Prashant

We at Secfence keep analyzing day to day threats and exploits to provide better solutions to our customers. Our vulnerability research specialist Mr Vinay Katoch came across one such exploit where he was able to create PoC for the exploit. … Continue reading

Tagged , , , , , | Leave a comment

Cover Story : Internet Explorer zero day used in CFR cyber espionage

Posted on January 3, 2013 by Prashant

First of all, Happy New Year to our all readers! The past year witnessed major cyber attacks, that later turned out to be some state sponsored cyber attacks. An example of one such state sponsored attack was the Russians attacking … Continue reading

Tagged , , , , , , , , , , , | Leave a comment

Weak SSL implementation makes Android apps expose user data

Posted on October 22, 2012 by Prashant

  Android applications have earlier been used to steal user data from their devices. Disguised as trojan or malware, the mobility has possessed serious threats to the users. In a recent new, Researchers from Germany had conducted a review and … Continue reading

Tagged , , , , , , | Leave a comment

Inside story: Firefox 16 eploit code revealed

Posted on October 13, 2012 by Prashant

  Mozzila firefox, one of the most popular browser on planet had two think on its security and withdrew the release of its version 16 after a security researcher had discovered a vulnerability in the release. The new version 16 … Continue reading

Tagged , , , , , , | Leave a comment

BlackHole Exploit kit back with new version 2.0

Posted on September 14, 2012 by Prashant

BlackHole is a famous and widely used exploit kit. Previously we have seen how BlackHole was being used in few malicious campaigns. Few latest exploits and modules give cyber criminal an edge over the victim and hence make them successful … Continue reading

Tagged , , , , , , , | Leave a comment

Java zero day exploitation analysis

Posted on August 30, 2012 by Prashant

Few days back Java zero day was in news. It made it place into metasploit as well as into exploit kits like Blackhole. Here’s a quick analysis of how the attack surfaced and came into action. As seen in earlier … Continue reading

Tagged , , , , , , | Leave a comment