WordPress Sirv plugin version 1.3.1 suffers from a remote SQL injection vulnerability.
Monthly Archives: November 2016
Google Removing SHA-1 Support in Chrome 56
Google released its final SHA-1 deprecation deadlines, and crypto services provider Venafi said that 35 percent of the web is still running weak SHA-1 certificates.
WhatsApp to offer encrypted video calling
WhatsApp is to add encrypted video calling to its service on Monday, as it continues to bolsters security on the app.
The post WhatsApp to offer encrypted video calling appeared first on WeLiveSecurity.
python-tornado-4.4.2-1.fc25
Update to 4.4.2:
Security fixes
* A difference in cookie parsing between Tornado and web browsers (especially when combined with Google Analytics) could allow an attacker to set arbitrary cookies and bypass XSRF protection. The cookie parser has been rewritten to fix this attack.
Backwards-compatibility notes
* Cookies containing certain special characters (in particular semicolon and square brackets) are now parsed differently.
* If the cookie header contains a combination of valid and invalid cookies, the valid ones will be returned (older versions of Tornado would reject the entire header for a single invalid cookie).
Vote for an update!
PoisonTap Backdoor Network Sniffer
PoisonTap exploits locked/password protected computers over USB, drops a persistent WebSocket-based backdoor, exposes an internal router, and siphons cookies using Raspberry Pi Zero and Node.js.
USBKill Anti-Forensic Kill Switch
USBKill is an anti-forensic kill-switch that waits for a change on your USB ports and then immediately shuts down your computer.
The NSA Chief Says Russia Hacked The 2016 Election. Congress Must Investigate.
Wireshark Analyzer 2.2.2
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.
Authenticated WMI Exec Via Powershell
This Metasploit module uses WMI execution to launch a payload instance on a remote machine. In order to avoid AV detection, all execution is performed in memory via psh-net encoded payload. Persistence option can be set to keep the payload looping while a handler is present to receive it. By default the module runs as the current process owner. The module can be configured with credentials for the remote host with which to launch the process.