exploit   3282

« earlier    

CCleaner malware hack: What it is and how to avoid it | PCWorld Sep 2017
"On Sept. 13, Cisco Talos found that the official download of the free versions of CCleaner 5.33 and CCleaner Cloud 1.07.3191 also contained “a malicious payload that featured a Domain Generation Algorithm as well as hardcoded Command and Control functionality.” What that means is that a hacker infiltrated Avast Piriform’s official build somewhere in the development process build to plant malware designed to steal users’ data."

"Yung says the attack was limited to CCleaner and CCleaner Cloud on 32-bit Windows systems—fortunately, most modern PCs will likely be running the 64-bit version. "

"Cisco Talos also studied the malware’s command server and reports that it was attempting to infiltrate PCs in technology organizations, including Intel, Samsung, HTC, VMWare, Cisco itself, and others. "
PCWorld  CCleaner  cybersecurity  hacks  exploit 
4 days ago by pierredv
PowerPoint File Armed with CVE-2017-0199 and UAC Bypass | Fortinet Blog
This exploit targets a vulnerability identified as CVE-2017-0199, which was disclosed and patched last April 2017. It triggers a remote code execution in Microsoft Office or WordPad when parsing specially crafted files. Attackers who successfully exploit this flaw in the Windows Object Linking and Embedding (OLE) interface of Microsoft Office can take control of the affected system.
uac  cybersecurity  exploit 
5 days ago by bwiese
Mailsploit: The Undetectable Spoofing Attack
Mailsploit easily passes through email servers and circumvents established spoofing protection tools like DMARC and spam filters. Emails sent with Mailsploit appear to come from totally legitimate senders. In most cases, unless email headers are inspected by technicians, emails sent using Mailsploit are undetectable.
email  security  exploit 
8 days ago by whip_lash
RT : Leveraging VMware's RPC Interface for Fun and Profit
Exploit  VMWare  ExploitDev  Vuln  from twitter
19 days ago by blackthorne

« earlier    

related tags

0day  0daytoday  2017  5yrsago  a-2017  academic  active  activedirectory  ad  address  agent  amt  analysis  android  ansi  antivirus  apache  app  apple  applocker  archive  arm  arstechnica  article  atom  attack  audit  backdoor  best_practice  binary  bitcoin  blog  blueborne  bluetooth  bmc  bounty  browser  brute  bsd  buffer  bug  bypass  ccleaner  champion  check  checker  chrome  cloud  code  coded  com  cpe  crack  cryptography  csv  ctf  cve  cybersecurity  database  dde  detection  dev  directory  domains  doooomed  dragonfly  dvrf  edge  egghunter  electron  email  encryption  engine  escape  eternal  exchange  expired-domains  exploitation  exploitdev  exploits  extension  fail  firmware  force  framework  generator  git  glibc  google  hack  hacker  hacking  hacks  hard  hardware  hash  heap  heapexploit  hijacking  hole  ilo  imagemagick  infineon  information  infosec  injection  intel  interface  internet  ios  iot  iphone  ipmi  javascript  kernel  key  keygen  krack  length  lfi  library  linux  list  local  mac  machine  macos  mailsploit  malloc  malware  management  me  metasploit  microsoft  mips  mongodb  msoffice  mta  network  news  objective-c  osx  overflow  password  patch  payload  pcworld  pdf  pentest  pentesting  phishing  phone  pickle  pin  poc  privacy  privilege-escalation  ps4  ptest  public  python  red-team  reference  reinstallation  remote  research  reverse-engineering  rfc-1342  rfc  rfc1342  root  rop  router  routers  rowhammer  rsa  ruby  safari  sandbox  search  security  seed  sender  server-side  shelcode  shellcode  smartbear  smb  smbv1  software  spoofing  struts  swift  sysadmin  tanium  test  tester  testing  tools  tpm  trezor  trick  tutorial  uac  ui  unix  unrooted  update  utilities  ux  uxss  version  virtual  vm  vmware  vuln  vulnerability  weak  webapp  webappsec  whitelist  wifi  windows  wonderhowto  worm  wpa2  writeup  x9.31  xss  yaml 

Copy this bookmark: