Exploit This

Security News, Exploits, and Vulnerabilities.

Critical Flaws in Apple, Samsung Devices

Normally, I don’t cover vulnerabilities about which the user can do little or nothing to prevent, but two newly detailed flaws affecting hundreds of millions of Android, iOS and Apple products probably deserve special exceptions.

The Spring Dragon APT

Let’s examine a couple of interesting delivery techniques from an APT active for the past several years, the Spring Dragon APT. A paper released today by our colleagues at Palo Alto Networks presented a portion of data on this crew under the label… Read Full Article

Password Manager LastPass Warns of Breach

LastPass, a company that offers users a way to centrally manage all of their passwords online with a single master password, disclosed Monday that intruders had broken into its databases and made off with user email addresses and password reminders, among other data.

How to install Metasploit on Macbook Pro Yosemite 10.10.3

I recently installed Metasploit on a MacBook Pro running Yosemite 10.10.3. Most of the information I found online was outdated so I thought it would be a good idea to create this post. Before you can begin the installation of metasploit you need to have the Xcode Command line tools installed. xcode-select —install You also need […]

Catching Up on the OPM Breach

I heard from many readers last week who were curious why I had not weighed in on the massive (and apparently still unfolding) data breach at the U.S. Office of Personnel Management (OPM). Turns out, the easiest way for a reporter to make sure everything hits the fan from a cybersecurity perspective is to take a two week vacation to the other end of the world. What follows is a timeline that helped me get my head on straight about the events the preceded this breach, followed by some analysis and links to other perspectives on the matter.

The Duqu 2.0 persistence module

We have described how Duqu 2.0 does not have a normal “persistence” mechanism. This can lead users to conclude that flushing out the malware is as simple as rebooting all the infected machines. In reality, things are a bit more complicated.

Discount Chain Fred’s Inc. Probes Card Breach

Fred’s Inc., a discount general merchandise and pharmacy chain that operates 650 stores in more than a dozen states, disclosed today that it is investigating a potential credit card breach.

Breach at Winery Card Processor Missing Link

Missing Link Networks Inc., a credit card processor and point-of-sale vendor that serves a number of wineries in Northern California and elsewhere, disclosed today that a breach of its networks exposed card data for transactions it processed in the month of April 2015.

The Mystery of Duqu 2.0:a sophisticated cyberespionage actor returns

Kaspersky Lab uncovers Duqu 2.0 – a highly sophisticated malware platform exploiting up to three zero-day vulnerabilities.

Adobe, Microsoft Issue Critical Security Fixes

Adobe today released software updates to plug at least 13 security holes in its Flash Player software. Separately, Microsoft pushed out fixes for at least three dozen flaws in Windows and associated software.

%d bloggers like this: