Blog

In December-2016, attackers were exploiting misconfigured open-source MongoDB databases and holding them for ransom. Bitcoin chart The ransomware attacks against MongoDB were first publicly reported by GDI Foundation security researcher Victor Gevers on Dec. Bitcoin exchange chart 27, 2016, and have been steadily growing ever since, with at least five different groups of hackers taking control of over 10,000 database instances. Mongo databases which were not password protected have paid heavy price for this vulnerability. Well it was not a vulnerability. Vulnerability is a quality or state
WannaCry is the ransomware computer worm that targets computers running Microsoft Windows. Initially, the worm uses the EternalBlue exploit to enter a computer, taking advantage of a vulnerability in Microsoft's implementation of the Server Message Block (SMB) protocol. It installs DoublePulsar, a backdoor implant tool, which then transfers and runs the WannaCry ransomware package. It is also being called WanaCrypt0r 2.0.     Main Functionality   The WinMain of this executable first tries to connect to the website www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com.
Subtitle Hack Leaves 200 Million Vulnerable to Remote Code Execution   Check Point researchers revealed a new attack vector which threatens millions of users worldwide – attack by subtitles. By crafting malicious subtitle files, which are then downloaded by a victim’s media player, attackers can take complete control over any type of device via vulnerabilities found in many popular streaming platforms, including VLC, Kodi (XBMC), Popcorn-Time and strem.io. It’s common to see subtitle files (usually a .srt or .sub) included in torrents and other less-than-legal movie downloads
A seven-year-old remote code execution vulnerability that is affecting Samba versions 3.5.0 and higher is making news this week. The vulnerability is billed as the WannaCry equivalent for *nix operating systems, and some are even calling it SambaCry since it affects the SMB protocol implementation and is potentially wormable – which can cause it to spread from system to system. A malicious samba client that has write access to a samba share could use this flaw to execute arbitrary code typically as root. Points : 1. CVE-2017-74942 has a CVSS Score of 7.5 (CVSS:3.0/AV:N/AC:H/PR:L/UI:
Research Team is working to make this place better and safer   Once upon a time, an old man walked down a Spanish beach at dawn, he saw ahead of him what he thought to be a dancer. The young man was running across the sand, rhythmically bending down to pick up a stranded starfish and throw it far into the sea. The old man gazed in wonder as the young soul again and again threw the small starfish from the sand into the water. The old man approached him and asked why he spent so much energy doing what seemed a waste of time. The young man explained that the stranded starfish would di
What is webRTC WebRTC (Web Real Time Communication) is an Application Programming Interface (API) developed by the W3C that is still on development and being standardized by the RTCWEB IETF group. Its main goal is to allow peer-to-peer communication between web browsers. This communication can be used to transfer multiple type of data: files, video or audio.   Why it is important WebRTC is an API that allows you set up a channel of communication between browsers for video and data. It is built directly into browsers (Chrome, Mozilla, Opera, and a few others), so no external pl
What is X XSS protection? The HTTP X-XSS-Protection response header is a feature of Internet Explorer, Chrome and Safari that stops pages from loading when they detect reflected cross-site scripting (XSS) attacks. This header enables the Cross-site scripting (XSS) filter built into most recent web browsers. It's usually enabled by default anyway, so the role of this header is to re-enable the filter for this particular website if it was disabled by the user. This header is supported in IE 8+, and in Chrome (not sure which versions). The anti-XSS filter was added in Chrome 4. Its unknown if
What is Clickjacking Clickjacking is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they are clicking on, thus potentially revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages. For example, imagine an attacker who builds a web site that has a button on it that says "click here for a free iPod". However, on top of that web page, the attacker has loaded an iframe with your mail account, and lined up exactly the "delete all messages" button directly on top of the
The digital world is changing as we speak. In such reality, it is definitely hard to adapt to trends. However, that is exactly what the big names in the industry are doing. Major apps like Facebook, Instagram, Netflix and others are constantly improving their experience and adapting to new frameworks and trends. As of recently, there is a big word of mouth going around ReactJS and its impressive features. In case still haven’t heard about the potential of ReactJS, they are numerous. Basically, React has become very popular among developers and there are lots of resources that make m