Discord Server Red Security Twitter Donation to Red Security Red Security Youtube Channel Red Security Tumblr Profile
Windscribe
Login or Register to Hide ads and Accessing all features on the forum
Welcome, Guest
You have to register before you can post on our site.

Username
  

Password
  





Search Forums

(Advanced Search)

Forum Statistics
» Members: 1,685
» Latest member: etibuqubauquc
» Forum threads: 1,089
» Forum posts: 2,019

Full Statistics

Online Users
There are currently 27 online users.
» 0 Member(s) | 23 Guest(s)
Bing, Google, MJ12, SEMrush

Latest Threads
My wish is to become a Mo...
Forum: General
Last Post: Mr.Kurd
07-08-2020, 09:11 PM
» Replies: 0
» Views: 49
Citrix Bugs Allow Unauthe...
Forum: News
Last Post: Mr.Kurd
07-08-2020, 10:16 AM
» Replies: 0
» Views: 67
Credit-Card Skimmer Has U...
Forum: News
Last Post: Mr.Kurd
07-08-2020, 10:13 AM
» Replies: 0
» Views: 43
Windows SMB Protocol Bug ...
Forum: News
Last Post: Mr.Kurd
06-12-2020, 08:24 AM
» Replies: 0
» Views: 239
$100,000 Bounty Apple Zer...
Forum: News
Last Post: Mr.Kurd
06-01-2020, 07:42 AM
» Replies: 0
» Views: 182
AndroidSt-ArtifactResolve...
Forum: Mobile & Tablets
Last Post: Mr.Kurd
05-29-2020, 05:55 AM
» Replies: 0
» Views: 267
Website attacking part 1 ...
Forum: Discuss
Last Post: Darkpotato69
05-17-2020, 09:48 PM
» Replies: 3
» Views: 1,777
Zoom Offers Custom Data R...
Forum: News
Last Post: Mr.Kurd
04-16-2020, 06:47 AM
» Replies: 0
» Views: 521
Zoom will soon let some u...
Forum: News
Last Post: Mr.Kurd
04-14-2020, 09:07 AM
» Replies: 0
» Views: 246
Mozilla Firefox 75 Is Out...
Forum: News
Last Post: Mr.Kurd
04-13-2020, 01:13 PM
» Replies: 0
» Views: 241

 
  My wish is to become a Mobile(Smartphone)?!!!
Posted by: Mr.Kurd - 07-08-2020, 09:11 PM - Forum: General - No Replies

In The Name OF Allah
Al-Salam Alekum

[Image: child-wants-to-be-smart-phone-letter-1.jpg]

Hey guys, so I was listening to a video which was a heart touching story and a reminder for everyone, for me especially and for who there is a kid in his family.

A teacher was checking her students homework and suddenly tears welling up in her eyes.
Her husband asked: "Why are you crying?"
She said: "Read this homework which belong to one of my student his wish is to become a smartphone(Mobile)?"
He read the story and said: "What a sad story? Who is him? Let us find his family and help him?"
She said: "He is our son!!!!!"

Let us read what he had written to his teacher who was her mother!!!
`` O Allah this night, I wish to become a smartphone. I want to take its place in our family as they take care of their smartphones very much even more than me. I want to get their attention. To get my father attention after he comes back at work spending most of his time on smartphones than me. To get my mother attention who is spending her time looking at pictures inside her smartphone. To have my sister and brothers attention they are changing their mobiles cover always and taking care  of  it carefully!!! Last but not least I want to make them happy.``

You can get PHD on this subject, it's really important to know that financial support is not enough. We will have to express our love to them(KIDS and Youth). Prophet Mohammad, IF you read his history you will see very nice moments he had done toward kids and supported us to show our love to them (Hugs, Kissing and playing games with them).

The following hadith narrated by Anas ibn Malik (may Allah be pleased with him) proves his thoughtful character: " The Prophet said, “(It happens that) I start the prayer intending to prolong it, but on hearing the cries of a child, I shorten the prayer because I know that the cries of the child will incite its mother’s passions.” (Al-Bukhari) "

The Prophet was always patient and considerate with children and took great pain not to hurt their tender feelings. Narrated Abu Qatadah: “ The Messenger of Allah came towards us while carrying Umamah the daughter of Abi Al-`As (Prophet’s granddaughter) over his shoulder. He prayed, and when he wanted to bow, he put her down. When he stood up he lifted her up. ” (Al-Bukhari)

They have done a research in England, those kids who are not in nursery. Growing faster than those stay away from their parents. More time you give the faster they will grow and the more they will learn.

I hope you stay safe and healthy,

Kurdy!
Wa Salam Alekum

Print this item

Thumbs Up Citrix Bugs Allow Unauthenticated Code Injection, Data Theft
Posted by: Mr.Kurd - 07-08-2020, 10:16 AM - Forum: News - No Replies

In The Name OF Allah
Al-Salam Alekum

[Image: citrix.jpg]

Bugs again...

Quote:Admins should patch their Citrix ADC and Gateway installs immediately.


Multiple vulnerabilities in the Citrix Application Delivery Controller (ADC) and Gateway would allow code injection, information disclosure and denial of service, the networking vendor announced Tuesday. Four of the bugs are exploitable by an unauthenticated, remote attacker.

The Citrix products  (formerly known as NetScaler ADC and Gateway) are used for application-aware traffic management and secure remote access, respectively, and are installed in at least 80,000 companies in 158 countries, according to a December assessment from Positive Technologies.

Other flaws announced Tuesday also affect Citrix SD-WAN WANOP appliances, models 4000-WO, 4100-WO, 5000-WO and 5100-WO.


The Source
Wa Salam Alekum

Print this item

Big Grin Credit-Card Skimmer Has Unlikely Target: Microsoft ASP.NET Sites
Posted by: Mr.Kurd - 07-08-2020, 10:13 AM - Forum: News - No Replies

In The Name OF Allah
Al-Salam Alekum

[Image: POS-malware.jpeg]

Good Big Grin 

Quote:A campaign discovered by Malwarebytes Labs in mid-April has lifted credentials from a number of e-commerce portals.


Researchers have identified a credit-card skimming campaign that’s been active since mid-April that has a rather specific and unusual target: ASP.NET-based websites running on Microsoft Internet Information Services (IIS) servers.

New research from Malwarebytes Labs recently uncovered the campaign, which already has compromised at least a dozen websites that range from sports organizations, health and community associations, and a credit union — all via a malicious code injected into existing JavaScript libraries on each of the sites.

The campaign seems to be exploiting an older version of ASP.NET, version 4.0.30319, which is no longer officially supported and contains multiple vulnerabilities, according to the report by Malwarebytes director of threat research Jerome Segura.



Wa Salam Alekum

Print this item

Exclamation Windows SMB Protocol Bug Let Hackers Leak Kernel Memory & Execute a Code Remotely
Posted by: Mr.Kurd - 06-12-2020, 08:24 AM - Forum: News - No Replies

In The Name Of Allah
Heart  Al-Salam Alekum Heart

[Image: SMBleed.png]

Windows SMB again came back with a nice remote gift for whom care about it xD


Quote:Well, this whole vulnerability deals with SMB messages, and these messages primarily include fields like the number of bytes to address and flags, and thus it accompanied by a variable-length buffer. By crafting this, the messages become quite easy, so this is a perfect tool for exposition.


But there are some variable that contains uninitialized data, and therefore, we put different addition to the compression function that is based on our POC on Microsoft’s WindowsProtocolTestSuites repository.

By adding this will not be sufficient, as POC needs different credentials and a writable share, that are easily accessible in many situations. Still, the bug refers to every sought of the message so that it can get utilized remotely for any authentication.

More importantly, the memory that has leaked is generally related to the earlier allocation in the NonPagedPoolNx pool, as we can manage the allocation size, which implies that the leaked data may come into our control to some extent.



The Soruce
Wa Salam Alekum

Print this item

Exclamation $100,000 Bounty Apple Zero-day Bug in “Sign in with Apple” Let Hackers Take Takeover
Posted by: Mr.Kurd - 06-01-2020, 07:42 AM - Forum: News - No Replies

In The Name OF Allah
Al-Salam Alekum

[Image: Sign+in+with+Apple.jpg]

Hello guys, Coming back after a break Smile  Looks like apple is very cute Big Grin 
Quote:Indian Security researcher found a critical Zero-day vulnerability in “Sign in with Apple” let hackers take over the third-party application accounts by just having their Email ID.


Very Similar to OAuth 2.0, Apple’s “sign in with Apple” helping the user to sign in to their third-party apps and websites faster using their Apple ID without filling out forms, verifying email addresses.

This feature is using million of Apple users to sign in their Third-party apps such as Dropbox, Spotify, Airbnb, Giphy, and the bug considering as “Critical” as it could have allowed full account takeover by the remote attackers.

Bhavuk Jain , Security Researcher from India reported this critical vulnerability to Apple said: “Successfully exploitation of the bug could have resulted in a full account takeover of user accounts on that third party application irrespective of a victim having a valid Apple ID or not.”
 
The Source

Thank you Smile
Wa Salam Alekum

Print this item

  AndroidSt-ArtifactResolveException: Could not resolve all artifacts for conf... error
Posted by: Mr.Kurd - 05-29-2020, 05:55 AM - Forum: Mobile & Tablets - No Replies

In The Name OF Allah
Al-Salam Alekum

[Image: android-studio.jpg]

So, I was updating and then this error came up:
Code:
ArtifactResolveException: Could not resolve all artifacts for configuration ':classpath'

After updating my Android Studio to latest version... So After 30 minutes of searches and trying different type of solutions I could figure out how to solve???!!

1- Make sure gradle button Toggle Offline Mode are disabled. IF not worked try step two
2- Shutdown Android Studio then delete .gradle folder content then open android studio again
On windows: C:\Users\Usernamel\.gradle
On Linux: ./gradle

Enjoy Smile
Wa Salam Alekum

Print this item

Heart Zoom Offers Custom Data Routing To Paid Users
Posted by: Mr.Kurd - 04-16-2020, 06:47 AM - Forum: News - No Replies

In The Name OF Allah
Al-Salam Alekum

[Image: zoom-2.jpg]

Zoom trying hard Big Grin

Quote:According to a post by Brendan Ittelson, CTO, ZOOM, the firm will soon offer custom data routing to premium users. Specifically, every paid customer of the app will have the option to choose a particular region for routing their data.


Zoom has data centers across various regions to cater to the needs of users. They manage all the data transmission through these centers depending upon the demand. They also ensure geofencing throughout this process, as they claim.

The authenticity of this claim was questioned when researchers from the University of Toronto’s Citizen Lab found that the data for some Non-Chinese users was routed through China. In response to this research, Zoom admitted this had happened inadvertently to some extent. Yet they rectified the matter shortly after the report.

Now, Zoom offers custom data routing to the users in an attempt to rebuild users’ trust. The new feature will roll-out from April 18, 2020. As stated,



The Source
Wa Salam Alekum

Print this item

Star Zoom will soon let some users choose which countries their data is routed through
Posted by: Mr.Kurd - 04-14-2020, 09:07 AM - Forum: News - No Replies

In The Name OF Allah
Al-Salam Alekum

[Image: angled-zoom-logo.jpg]

Another action from Zoom company to avoid the threats on itself
Quote:As part of its continuing efforts to regain trust following a series of privacy and security scandals, Zoom has announced that it is introducing the option for users to choose which countries their data is routed through.


The move comes after concerns were voiced at Zoom's admission that some US calls were being routed through China. The new option will allow users to opt in or out of specific data center regions; unfortunately, this feature will not be made available to everyone.

Zoom says that as of April 18, administrators and owners of paid accounts will be able to customize which data center regions their account can use for its real-time meeting traffic. The key thing to note here is that free customers will not be granted this privilege.


It is not clear why Zoom has chosen to roll this feature out on a Saturday.

The Source
Wa Salam Alekum

Print this item

Wink Mozilla Firefox 75 Is Out With Fixes For RCE vulnerabilities
Posted by: Mr.Kurd - 04-13-2020, 01:13 PM - Forum: News - No Replies

In The Name OF Allah
Al-Salam Alekum

[Image: Firefox-75.png]

Hello guys?! How are you doing, looks like our loved browser released another version..
Quote:Mozilla recently disclosed numerous security bugs in their Firefox browser. These include several RCE vulnerabilities in Firefox and Firefox ESR.


In the case of Firefox, the most important bug was a high-severity flaw CVE-2020-6821 leading to information disclosure.

Firefox ESR also exhibited two high-severity flaws affecting Android devices. The first of these CVE-2020-6828 was an Android takeover bug. Regarding this vulnerability, Mozilla explains in its advisory,

A malicious Android application could craft an Intent that would have been processed by Firefox for Android and potentially result in a file overwrite in the user’s profile directory. One exploitation vector for this would be to supply a user.js file providing arbitrary malicious preference values. Control of arbitrary preferences can lead to sufficient compromise such that it is generally equivalent to arbitrary code execution.

When following a link that opened an intent://-schemed URL, causing a custom tab to be opened, Firefox for Android could be tricked into displaying the incorrect URI.

The Source
Wa Salam Alekum

Print this item

Star A Study of the top 150,000 Android Apps Reveals 12,706 to Contain a Variety of Backdo
Posted by: Mr.Kurd - 04-10-2020, 02:48 PM - Forum: News - No Replies

In The Name OF Allah
Al-Salam Alekum

[Image: android-malware-bn.jpg]

Be careful using Android apps...

Quote:Researchers from The Ohio State University, New York University, and CISPA Helmholtz Center for Information Security have conducted a detailed analysis of various mobile apps. According to the detailed shared in their research paper, thousands of Android apps exist online that contain backdoors.


In brief, they developed a tool named “InputScope” to unveil vulnerabilities and hidden behaviours of mobile applications. The tool analyzes the apps’ input validation behavior to uncover these hidden traits.

Using this tool the researchers analyzed 150,000 Android apps from various app stores. These included the top 100,000 apps from Google Play Store, top 20,000 apps from an outside app store, and 30,000 pre-installed Samsung apps. They then found thousands of these Android apps to have backdoors.



Wa Salam Alekum

Print this item