Social engineering plays an important part in a significant number of cyberattacks, however big, small or sophisticated the crime is. However, little is known about this tactic. This feature discusses some key aspects.
The post 5 things you need to know about social engineering appeared first on We Live Security.
The non-profit organization behind TOR – the largest online anonymity network that allows people to hide their real identity online – will soon be launching a “Bug Bounty Program” for researchers who find loopholes in Tor apps.
The bounty program was announced during the recurring ‘State of the Onion’ talk by Tor Project at Chaos Communication Congress held in Hamburg, Germany.
Bug
North Korea has its own homegrown computer operating system that looks remarkably just like Apple’s OS X, which not only prevents potential foreign hacking attempts but also provides extensive surveillance capabilities.
Two German researchers have just conducted an in-depth analysis of the secretive state’s operating system and found that the OS does more than what is known about it.
The file-execution functionality in WinRAR before 5.30 beta 5 allows local users to gain privileges via a Trojan horse file with a name similar to an extensionless filename that was selected by the user.
ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allow remote attackers to discover usernames and password hashes by reading the cgi-bin/webproc HTML source code, a different vulnerability than CVE-2015-8703.
ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allow remote authenticated users to bypass intended access restrictions via a modified request, as demonstrated by leveraging the support account to change a password via a cgi-bin/webproc accountpsd action.
Absolute path traversal vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allows remote attackers to read arbitrary files via a full pathname in the getpage parameter.
ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE have a hardcoded password of root for the root account, which allows remote attackers to obtain administrative access via a TELNET session.
Cross-site scripting (XSS) vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allows remote attackers to inject arbitrary web script or HTML via the errorpage parameter.
Cross-site scripting (XSS) vulnerability in Let’s PHP! Frame high-speed chat before 2015-09-22 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.