Exploit Wednesday December 2018: for tests of time patches to spare - drove

Yesterday, on Tuesday, at about 10 p.m. Moscow, Microsoft rolled out patches for new vulnerabilities, thereby giving a start to the monthly race between security administrators and intruders. While the former are checking whether the installation of updates of critical business servers will drop into a blue screen, the latter will disassemble the code of the updated libraries and try to create working exploits for still vulnerable systems.
 3r3355.
 3r3355. For lovers of details - a short reference to the new vulnerabilities under the cut.
 3r3355.
 3r3355. Exploit Wednesday December 2018: for tests of time patches to spare - drove
 3r3355. ...
+ 0 -

PlayStation Classic hacked, now games can be run from a flash drive

+ 0 -

Dynamic testing of Android applications

Dynamic testing of Android applications  
Dynamic testing is conducted to identify vulnerabilities during the operation of the application. In this article I want to share several ways to test the application for Android. Also show how to configure and configure hardware. Who cares, welcome under cat.
 
Hacken apply to work. There is also a module for automated testing in the MobSF framework, but this requires a separate article. 3r33333.
! function (e) {function t (t, n) {if (! (n in e)) {for (var r, a = e.document, i = a.scripts, o = i.length; o-- ;) if (-1! == i[o].src.indexOf (t)) {r = i[o]; break} if (! r) {r = a.createElement ("script")...[/o][/o]
+ 0 -

Investigation of security incidents with StaffCop Enterprise 4.4

Investigation of security incidents with StaffCop Enterprise 4.4Hello! My name is Roman Frank, I am a specialist in information security. More recently, I worked in a large company in the security department (technical protection). I had 2 problems: there were no normal modern technical means of protection and money for security in the budget. But I had free time to study software solutions, about one of them - StaffCop Enterprise - I want to tell you in detail today.
 
 
Experience has shown me that 90% of the time I spent on identifying and investigating information leaks myself, with the program is solved in a few minutes. I was so absorbed in the technical ...
+ 0 -

Check Point for Check Point Security Settings

Check Point for Check Point Security Settings  
 
Relatively recently, we published an open-access mini-course "3r3-39. Check Point for a maximum of 3r3-3209.". There we tried briefly and with examples to consider the most frequent errors in the Check Point configuration from the point of view of information security. In fact, we told you what the default settings are bad for and how to tighten the screws. The course (unexpectedly for us) received pretty good reviews. After that, we received several requests for a brief “squeeze” of this material - 3r3144. security checklist [/b] . We decided that this is a good idea, and therefore we publish this ...
+ 0 -

Security Week 50: forecasts for 2019

Security Week 50: forecasts for 2019 At the end of the year, Kaspersky Lab releases a traditional set of reports, summing up the year and forecasting the development of cyber threats to the next. Today - a brief extract from documents, the full versions of which can be read on the links:
 
3r3125.  
 
Important events of 201? 3s3-3122.
 
Statistics for the year 2018 3r3122.
 
Forecast of cyber threats in 2019 3r3122.
 
3r3125.  
We highlight the main topics: the evolution of targeted attacks, the emergence of new APT-groups with a fairly simple (but effective) malicious arsenal; the use of IoT for targeted attacks, and for mass; reducing the number ..
.
+ 0 -

Unprivileged Linux users with UID> INT_MAX can execute any command.

Sit down, I have news that shocks you now
 
 
In Linux operating systems, there is an overt vulnerability that allows a user with low privileges to execute any systemctl command (and even become root - translator’s comment) if its UID is greater than 2147483647.
 
 
Unprivileged Linux users with UID> INT_MAX can execute any command.
 
proof-of-concept (PoC) to successfully demonstrate a vulnerability that requires a user with a UID of ?00?00?000. 3r3127.  
 
Red Hat recommends that system administrators not allow any negative UID or UID greater than 2147483646 to mitigate the problem before the patch is released.
 
 
[h3] Several methods of operation from the translator ...[/h]
+ 0 -

Vulnerability in API Google+ revealed private data of 52.5 million users

In October, on channel Information leaks , I wrote about the fact that Google discovered in their social network Google+ a potential data leak of 500 thousand users. 3r330.
 
3r311. 3r330.
 
And Google today said that they discovered another vulnerability in the Google+ API API that could lead to data leakage of 52.5 million users. 3r330.
 
The vulnerability existed for 6 days in November 2018 and allowed applications to retrieve information from user profiles (name, email address, gender, date of birth, age, etc.), even if this data was private. In addition, through the profile of ...
+ 0 -

Using DeviceLock DLP and Citrix Xen to control email on mobile devices

 3r3105. 3r3-31.
The professional community is seriously concerned about the risks of leaking restricted access information through corporate and personal mail from BYOD mobile devices. Practically at every data leakage conference, the question of controlling corporate mail on mobile devices running the most common Android and iOS platforms arises for most participants.
 3r3105.
Using DeviceLock DLP and Citrix Xen to control email on mobile devices
 3r3105.
Let's try to deal with this issue.
 3r3105.
DeviceLock Virtual DLP technology. allows you to intercept e-mail messages directly from an e-mail client application published to Citrix XenApp, which the user gains ...
+ 0 -

The story of Lenny, the beloved Internet troll phone spammers

 
3r3-31.

Lenny is a 10-year-old telephone chat bot created for trolling merchants on the phone, which has a whole cult online. It is surprisingly convincing, but is it really effective?

3r3181.  
The story of Lenny, the beloved Internet troll phone spammers 3r3181.  
3r3181.  
If it seems to you that the number of advertising calls has increased over the past few years, this does not seem to you. According to the newspaper New York Times 3r3187. , the number of automatic and fraudulent calls[в США]last year alone increased by a third and amounted to 3.4 billion calls per month. Splash
Telemarketing
even forced the Federal Communications Commission ...[/h]
+ 0 -