High Critical Remote Command Execution vulnerability – Apache Struts 2.x OGNL Vulnerability CVE-2013-2251 explianed

The Remote Code Execution vulnerability Apache Structs 2.x which was discovered July 17th appears to be seen more often as reported by sans last week. A bulletin detailing exploit attempts targeting this vulnerability has  been seen lately by sans. The CVE identified for this issue is  CVE-2013-2251.  It’s a high critical remote code execution which […]
Share Button
Continue reading →

New Fake DHL Notification phishing email with ‘Shipment not delivered’ – goes around on Gmail

                                              DHL fake phishing email has been around for a while. A new set of emails has been going around since last week. Arun from Mobilesecurityrearch received a email from DHL which almost […]
Share Button
Continue reading →

Vulnerability in Windows Phone wifi can lead to theft of sensitive information

Hacker could use the known vulnerability to pose as a known Wi-Fi access point, thereby causing  WindowsPhone 7.8 or Windows Phone 8 devices to automatically attempt to authenticate with it. During this process it will be handing over encrypted domain credentials (password) to the attackers. Microsoft has issued an advisory warning concerning a Windows Phone […]
Share Button
Continue reading →

SSL, gone in 30 seconds – A BREACH beyond CRIME,” presented by Angelo Prado and Neal Harris

The new attack plucks secrets from HTTPS-protected pages was demonstrated on Blackhat last Thursday. The well known “HTTPS” which protects millions of sites across the world is prone to attack. The exploit called BREACH bypasses the SSL crypto scheme protecting millions of sites. It decodes encrypted data that online banks and e-commerce sites send in […]
Share Button
Continue reading →

Malware infects from Iphone Charger

Not long ago one of my friend was skeptical of using any airport “quick phone chargers”. It was a scary concept but as technology is turning towards mobile it comes with no surprise that attackers are targeting power points.The bogus chargers which charges the phone also has transformers. The Iphone treats this as a computer […]
Share Button
Continue reading →

Twitter users get increasing spam and possibly compromising user accounts

Its yet another day for twitter lost the battle for spammers. Mobile Security research  saw a increased number of spam emails sent from twitter accounts to anyone from their contact list. When one of researcher found spam email in his personal box, he was surprised.  Even I received a spam email from one our researchers. […]
Share Button
Continue reading →

McCafe identifies Trojanized Android app with unusual behavior – comments on NSA surveillance

McAfee identified a unusual behavior of a Android app that was set to go on for July 4th. The app. As per Netsec , “The app in question is Jay Z Magna Carta, which has ben recently made available on Google Play, and allows users of certain Samsung devices to listen to the rapper’s new […]
Share Button
Continue reading →

Why loyal Yahoo mail users switched to other email providers

Yahoo was one of the hottest business couple of years back. They had a great frontend, paid services for extra storage and tons of small business tools. As business grows they lost focus on their core business. Overt the time, spam increased exponentially, yahoo messenger was screaming of spam links all the time, spammers used […]
Share Button
Continue reading →

6 million email addresses and phone numbers were exposed due to weak Facebook Security.

An alarming news broke from Facebook security last Friday on 21st at 7.50pm EST.  Its not the hack that exposed this information but it was because of a bug. Its scary that facebook doesn’t even test their code when going to production.  This clearly shows the ignorance of facebook and their security team putting users […]
Share Button
Continue reading →

Microsoft disrupts Shadowservers ability to inform network owners about Citadel botnet – Abuse.ch

Shadowserver is a non-profit organization like abuse.ch,  informs the associated network owners about the infections reported by my sinkhole, in addition to infections reported by their own sinkholes and sinkholes run by other operators. Every Computer Emergency Response Team (CERT), Internet Service Provider (ISP) and network owner can get a feed from Shadowserver for their […]
Share Button
Continue reading →