Home Tags Uniform Resource Locator (URL)

Tag: Uniform Resource Locator (URL)

Cisco WebEx Network Recording Player Multiple Buffer Overflow Vulnerabilities

Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files.

An attacker could exploit these vulnerabilities by providing a user with a malicious ARF file via...

Ztorg: from rooting to SMS

Irsquo;ve been monitoring Google Play Store for new Ztorg Trojans since September 2016, and have so far found several dozen new malicious apps.

All of them were rooting malware that used exploits to gain root rights on the infected device.
In May 2017, a new Ztorg variant appeared on the Google Play Store – only this this time it wasnrsquo;t a rooting malware but a Trojan-SMS.

Login-stealing phishing sites conceal their evil with lots of hyphens in...

Compromised domains target Android users with fake login pages for cloud services.

Node.js 8 brings sanity to native module dependencies

Node.js, the popular server-side JavaScript platform, has been upgraded with improvements related to the runtime, buffer security, URL parsing, and preserving dependencies on native modules across major Node.js upgrades.On the module dependencies front, Node.js 8.0.0, released today by the Node.js Foundation, introduces the Node.js API, or N-API, albeit still behind an experimental flag.

The N-API is designed to eliminate the breakage of dependencies on native modules that happens between release lines.[ Use JavaScript in your dev shop? InfoWorld looks at 6 best JavaScript IDEs and 22 JavaScript frameworks ready for adoption. | Keep up with hot topics in programming with InfoWorld's App Dev Report newsletter. ]Although native modules are a small portion of the modular ecosystem, 30 percent of all JavaScript modules rely indirectly on native modules, which are written in C or C++ and are bound to the Chrome V8 JavaScript engine. “Every time Node.js has a major release update, package maintainers have to update these dependencies,” the foundation said.To read this article in full or to leave a comment, please click here

Ztorg: money for infecting your smartphone

This research started when we discovered an infected Pokeacute;mon GO guide in Google Play. We detected the malware as Trojan.AndroidOS.Ztorg.ad.

After some searching, I found some other similar infected apps that were being distributed from the Google Play Store.

After I started tracking these infected apps, two things struck me – how rapidly they became popular and the comments in the user review sections.

John Oliver tackles net neutrality again, crashes FCC comments site—again

Oliver helps lead protest against dismantling of Title II net neutrality rules.

YouTube channel tries swapping hosts, gets caught by 1 million subscribers

“You guys are watching me like I’m Ramsay Bolton in Winterfell.”

Use of DNS Tunneling for C&C Communications

Often, virus writers don't even bother to run encryption or mask their communications. However, you do get the occasional off-the-wall approaches that don't fall into either of the categories.

Take, for instance, the case of a Trojan that Kaspersky Lab researchers discovered in mid-March and which establishes a DNS tunnel for communication with the C&C server.

Personalized Spam and Phishing

Lately we have been noticing an opposite tendency occurring quite often, wherein fraud becomes personalized and spammers invent new methods to persuade the recipient that the message is addressed personally to him.

Thus, in the malicious mailing that we discovered last month, spammers used the actual postal addresses of the recipients in messages to make them seem as credible as possible.

Facebook highlights its fight against “Fake News” in print

The 10 tips are basic news literacy, but Facebook wants the world to know.

VU#921560: Microsoft OLE URL Moniker improperly handles remotely-linked HTA data

Microsoft OLE uses the URL Moniker to open application data based on the server-provided MIME type,which can allow an unauthenticated remote attacker to execute arbitrary code on a vulnerable system.

5 reasons Node.js rules for complex integrations

Richard Whitehead is evangelist in chief at Moogsoft, the creators of Moogsoft AIOps, a next-generation, algorithmic solution for devops and IT operations management.Because software solutions rarely operate in a vacuum, integration is a necessary fact of life for many developers.
Sometimes it’s easy.

Anyone who has integrated an application into Slack, for example, will have been treated to an incredibly smooth experience.
In many cases it’s as simple as filling in a form (a URL or two, an authentication key) and hitting the Submit button.

That’s plain awesome.To read this article in full or to leave a comment, please click here