Security Alerts & News
by Tymoteusz A. Góral

History
#640 How I hacked Facebook, and found someone's backdoor script
As a pentester, I love server-side vulnerabilities more than client-side ones. Why? Because it’s way much cooler to take over the server directly and gain system SHELL privileges.

Of course, both vulnerabilities from the server-side and the client-side are indispensable in a perfect penetration test. Sometimes, in order to take over the server more elegantly, it also need some client-side vulnerabilities to do the trick. But speaking of finding vulnerabilities, I prefer to find server-side vulnerabilities first.

With the growing popularity of Facebook around the world, I’ve always been interested in testing the security of Facebook. Luckily, in 2012, Facebook launched the Bug Bounty Program, which even motivated me to give it a shot.
Read more
#646 MongoDB configuration error exposed 93 million Mexican voter records
#645 MIT launches experimental bug bounty program
#644 “Nuclear” exploit kit service cashes in on demand from cryptoransomware rings
#643 $10 router blamed in Bangladesh bank hack
#642 PowerShell used for spreading Trojan.Laziok through Google Docs
#641 Avast SandBox escape via IOCTL requests
#640 How I hacked Facebook, and found someone's backdoor script
#639 Core Windows utility can be used to bypass AppLocker
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12