News • Insights • Analysis
Technical documentation and proof-of-concept exploit (PoC) code is available for a high-severity vulnerability in Microsoft Exchange Server that could let remote attackers execute code on unpatched machines. The flaw is for one of the four that the National Security Agency Read More …
Google has released a proof of concept (PoC) code to demonstrate the practicality of Spectre side-channel attacks against a browser’s JavaScript engine to leak information from its memory. Google in 2018 detailed two variants of Spectre, one of which – Read More …
Researchers have spotted malicious packages targeting internal applications for Amazon, Lyft, Slack and Zillow (among others) inside the npm public code repository — all of which exfiltrate sensitive information. The packages weaponize a proof-of-concept (PoC) code dependency-confusion exploit that was Read More …
Povlsomware (Ransom.MSIL.POVLSOM.THBAOBA) is a proof-of-concept (POC) ransomware first released in November 2020 which, according to their Github page, is used to “securely” test the ransomware protection capabilities of security vendor products. Povlsomware has not garnered much attention at the moment, Read More …
This week, over 150 new packages have been published to the npm open-source repository named after private components being internally used by major companies. These npm packages are identical to the proof-of-concept packages created by Alex Birsan, the researcher who Read More …
Imagine someone hacking into an Amazon Alexa device using a laser beam and then doing some online shopping using that person account. This is a scenario presented by a group of researchers who are exploring why digital home assistants and Read More …
Researchers have uncovered a new attack that lets bad actors snoop in on homeowners’ private conversations – through their robot vacuums. The vacuums, which utilize smart sensors in order to autonomously operate, have gained traction over the past few years. Read More …
Proof-of-concept (PoC) exploit code has been released for a Windows flaw, which could allow attackers to infiltrate enterprises by gaining administrative privileges, giving them access to companies’ Active Directory domain controllers (DCs). The vulnerability, dubbed “Zerologon,” is a privilege-escalation glitch Read More …
Chinese security researchers said they can alter the firmware of fast chargers to cause damage to connected (charging) systems, such as melt components, or even set devices on fire. The technique, named BadPower, was detailed last week in a report Read More …
It’s the kind of thinking you expect from someone who lives in a volcano lair: exfiltrating data from remote screen pixel values. The idea comes from Pen Test Partners’ Alan Monie, taking a break from sex toy hacks and wondering how to get Read More …
