Samsung printer having secret admin account Backdoor

US CERT warn about Some Samsung printers, including models the Korean company made for Dell, have a backdoor administrator account coded into their firmware. Continue reading

Advertisements

UG Market News :Java zero-day exploit sold in underground Market

Once again a zero day vulnerability exploit is sold by cyber criminals in the underground, once again a the flaw is related to Oracle’s Java software that could allow to gain remote control over victim’s machine.The news has been reported by KrebsOnSecurity blog that announced that the exploit being sold on an Underweb forum. Continue reading

New OSX/Imuler Variant Targeting Tibetan Activists

Researchers over at Intego have recently discovered a new variant of  OSX/Imuler the data-stealing Mac malware, detected as OSX/Imuler.E which is believed to be targeting Tibetan rights activists.

This backdoor Trojan family was first discovered in September 2011 as a Mac PDF Trojan horse and has been targeting activist organizations with emails containing what appear to be pictures. Each variant has tried different tactics, either trying to scare or entice their target into opening the file.” explained.
Variant+Targeting+Tibetan+Activists
The cyber criminals behind the campaign are relying on the fact that by default, Mac OS X doesn’t display full file extensions, and therefore are attempting to trick end and corporate users into thinking that they’re about the view a JPG image file. Continue reading

Exploiting Google persistent XSS vulnerability for phishing

google-hack

Yesterday we have reported that How Bug Bounty programs can play unfair with hackers and researchers, where hackers are submitting their legitimate findings to companies and no surprise if they are getting replies that “Someone else already reported this, you are not eligible for Bounty“. But the main issue is, if companies are really aware about the issue, then why they have not fixed it yet ?

Today we are going to Talk about Google, that How a ignored vulnerability can be brilliantly crafted and exploited by Hackers for phishing users. Continue reading