Category: Articles

CVE-2020–24115: Use of hardcoded credentials in source code leads to admin panel access

~ Dade Murphy ~ Leave a comment

InfoSec Write-ups - Medium-- CVE-2020–24115Use of hardcoded credentials in source code leads to admin panel accessLink: https://nvd.nist.gov/vuln/detail/CVE-2020-24115# Exploit Title: Online Book Store 1.0 — Use of Hard-coded Credentials in source code leads to admin panel access# Date: 2020–07–22# Exploit Author: Mayur Parmar(th3cyb3rc0p)# Vendor Homepage: https://projectworlds.in/free-projects/php-projects/online-book-store-project-in-php/# Software Link: https://github.com/projectworlds32/online-book-store-project-in-php/archive/master.zip# Version: 1.0# Tested on Windows10# CVE: CVE-2020–24115Hardcoded Credentials:Hardcoded Passwords, also … Continue reading CVE-2020–24115: Use of hardcoded credentials in source code leads to admin panel access

Cracking Hashes with HashCat

~ Dade Murphy ~ Leave a comment

InfoSec Write-ups - Medium-- Hashcat is the world’s fastest and most advanced password recovery utility, supporting five unique modes of attack for over 300 highly-optimized hashing algorithms. hashcat currently supports CPUs, GPUs, and other hardware accelerators on Linux, Windows, and macOS, and has facilities to help enable distributed password cracking.HashCatHere we will be looking into … Continue reading Cracking Hashes with HashCat

A Bug Could Let Attackers Hijack Firefox for Android via Wi-Fi Network

~ Dade Murphy ~ Leave a comment

The Hacker News-- Dear Android users, if you use the Firefox web browser on your smartphones, make sure it has been updated to version 80 or the latest available version on the Google Play Store. ESET security researcher Lukas Stefanko yesterday tweeted an alert demonstrating the exploitation of a recently disclosed high-risk remote command execution … Continue reading A Bug Could Let Attackers Hijack Firefox for Android via Wi-Fi Network

Researchers Uncover 6-Year Cyber Espionage Campaign Targeting Iranian Dissidents

~ Dade Murphy ~ Leave a comment

The Hacker News-- Capping off a busy week of charges and sanctions against Iranian hackers, a new research offers insight into what's a six-year-long ongoing surveillance campaign targeting Iranian expats and dissidents with an intention to pilfer sensitive information. The threat actor, suspected to be of Iranian origin, is said to have orchestrated the campaign with … Continue reading Researchers Uncover 6-Year Cyber Espionage Campaign Targeting Iranian Dissidents

Is domain name abuse something companies should worry about?

~ Dade Murphy ~ Leave a comment

Malwarebytes Labs-- Even though some organizations and companies may not realize it, their domain name is an important asset. Their web presence can even make or break companies. Therefor, “domain name abuse” is something that can ruin your reputation. Losing control There are several ways in which perpetrators can abuse your good name to make … Continue reading Is domain name abuse something companies should worry about?

U.S. Treasury Sanctions Hacking Group Backed by Iranian Intelligence

~ Dade Murphy ~ Leave a comment

The Hacker News-- The U.S. government on Thursday imposed sweeping sanctions against an Iranian threat actor backed by the country's Ministry of Intelligence and Security (MOIS) for carrying out malware campaigns targeting Iranian dissidents, journalists, and international companies in the telecom and travel sectors. According to the U.S. Treasury and the Federal Bureau of Investigation (FBI), the … Continue reading U.S. Treasury Sanctions Hacking Group Backed by Iranian Intelligence