Security by Passion !
After the NSA espionage of US on foreign governments, Indian government is enforcing all its employees to use in house services to main the integrity and confidentiality of data. A senior official in ministry of communications & information technology sent an official notification to approx. 500,000 of its employees to restrict services like Gmail for […]
Facebook security is challenged again to check how weak their security team is and how low they pay for bug hunters. An engineer student Arul Kumar 21 from India discovered a security vulnerability on Facebook which can delete anyone’s pictures. Arul is a security enthusiast who submitted the code with proof of concept yesterday. The […] A critical vulnerability has been discovered in Cisco Secure ACS which allows a remote attacker to gain complete control of a vulnerable device. The successful exploitation of the vulnerability may allow an unauthenticated, remote attacker to execute arbitrary commands and take full control of the operating system that hosts the Cisco Secure Access Control Server […] Researchers from London’s Royal Holloway University designed a tool to fight against phishing using a tool called Uni-IDM(IDSpace). This identity management tool has been introduced to improve security and usability for user authentication. At this point in time, password based authentication has been used all over the world for authentication. As per the university research […] Researchers from Georgia Institute of Tech developed a prototype tool called ExecScent to identify Malware traffic connecting to command and control center. Based on the reports ExecScent discovers hundreds of infected hosts which was not known earlier. The tool uses intelligence to identify bad traffic over the good traffic. If this tool works and is […] A Researcher at Kaspersky Lab published an article about the malicious Andoird Apps using Google Cloud Platform Messaging Service and leverage it as CnC (Control & Command Server) to carry out attacks. Kaspersky Researchers found 1,000,000 different OpFake installers disguised mostly games. The app sends several commands from both the GCM and its own C&C, […] Security researchers from University of Michigan have come up with an amazing tool to scan the internet. As per the reports, the scanner can scan the entire web in 45 minutes which sounds almost a miracle. Often security testers used nmap for their scan which took a long time scanning their targets but this research […] The Remote Code Execution vulnerability Apache Structs 2.x which was discovered July 17th appears to be seen more often as reported by sans last week. A bulletin detailing exploit attempts targeting this vulnerability has been seen lately by sans. The CVE identified for this issue is CVE-2013-2251. It’s a high critical remote code execution which […] DHL fake phishing email has been around for a while. A new set of emails has been going around since last week. Arun from Mobilesecurityrearch received a email from DHL which almost […] Hacker could use the known vulnerability to pose as a known Wi-Fi access point, thereby causing WindowsPhone 7.8 or Windows Phone 8 devices to automatically attempt to authenticate with it. During this process it will be handing over encrypted domain credentials (password) to the attackers. Microsoft has issued an advisory warning concerning a Windows Phone […]