With a little attention, as it turns out, one can spoof fake DNS responses using fragmented datagrams. How is it done? To match authentic DNS responses to their corresponding queries, resolvers and operating system check: Name of the query Type of the query Source/destination address Destination port (16 bits) DNS transaction ID (16 bits) The […]
What is a Fileless or non-malware attack A non-malware attack is one in which an attacker uses existing software, allowed applications and authorized protocols to carry out malicious activities. Non-malware attacks are capable of gaining control of computers without downloading any malicious files, hence the name. Non-malware attacks are also referred to as fileless, memory-based […]
Sometime in May last year the world woke up to the menace Ransomware can cause. Corporations were caught unaware of something as dangerous as ransomware could strike them and rake up millions of dollars in damages at multiple levels. There is no question vulnerabilities remain given the penetration of different technologies in our lives and […]
Network storage devices (NAS), are critical for small and medium businesses as it adds to the extra storage space when these business are running out of space. Critical shortcomings have been discovered in the NAS devices such as WD my book, SeaGate home, Medion Lifecloud, Netgear Stora. This critical vulnerability allows actors to exploit the […]
The worries for facebook do not seem to stop with cambridge analytica and this time around it’s a massive data breach of almost 50 million user accounts and another 40 million which are at risk, the vulnerability allowed hackers to take direct access to all these accounts information. As per Facebook, the bugs that enabled […]
What is a DNS Rebinding Attack? DNS Rebinding Attacks are where the attacker tricks the user into binding with malicious websites and then making the user browser or device access unintended domains. Such attacks are normally used to compromise the system and exploit it as proxy for attacking the internal network. How DNS Rebinding Attacks […]
Felixroot Backdoor was first spotted in September 2017 in Ukraine spreading through pernicious banking documents with macros downloading the back door of C&C server. Felixroot Backdoor malware campaign has resurfaced using Microsft Office vulnerabilities CVE-2017-0199 and CVE-2017-11882 to compromise the victim’s windows computers. It is being distributed by the file name “Seminal.rtf” claiming to provide information on […]
Always be cautious while opening email attachments. Recently, hackers have been sending weaponized PDFs containing malicious SettingContent-ms files containing FlawedAmmyy RAT, reported by researchers at SecurityOps. SettingContent-ms file opens the Control Panel for the user. The interesting aspect of this file is the <DeepLink> element in the schema. This element takes any binary with parameters and executes […]
A bypass found in third party developers’ interpretation of code signing API allowed for unsigned malicious code to appear to be signed by Apple. All the third-party vendors have issued patch once they realized that their software was not interacting correctly with the Apple’s code-signing API. Without the patch, attackers can craft malicious code and […]
Every architect, builder and designer knows that the right tool can solve the most difficult problems in a jiffy but at the same time, that tool cannot be right for all the situations. There are a lot of confusions running around regarding Blockchain. Many consider it equivalent to bitcoins although both are different, bitcoin being […]
Thanks for
When someone writes an article he/she maintains the plan of (...)
Yes True, Responsive web designs is must for all
