exploit database | Breaking Cybersecurity News | The Hacker News

Last Tuesday, Popular Mac news website MacRumors's user forums was hacked and forum database has been compromised including the username, email and passwords belonging to all 860,000 registered users. Yesterday,  Inj3ct0r Team of Exploit Database website  1337Day claimed the responsibility for the hack and also claimed that they have also hacked the official website of vBulletin Forum using a   Zero Day exploit . " Macrumors.com was based on vBulletin CMS. We use our 0day exploit vBulletin , got password moderator. 860000 user data hacked too. The network security is a myth " he told me. During the conversation, team leader told me that he has discovered a Zero Day Remote Code Execution vulnerability in vBulletin v4.x.x and 5.х.x, that allows an attacker to execute arbitrary code on the server end remotely. On their exploit marketplace they are also selling this zero day exploit with Shell Upload payload at $7000 USD. " We found a critical v...

A Russian Exploit writer and underground Hacker who goes by the handle " fil9 " put up an Android Firefox Zero-Day Exploit for Sale in an open Exploit Market. Author claims a Zero Day vulnerability in Firefox for Android, which works on Firefox versions 23/24/26 (Nightly). The advertisement was spotted by Joshua, Malware Intelligence Analyst at Malwarebytes. Hacker Selling exploit with a starting price of $460 only. According to the proof of concept video uploaded by the Hacker, the exploit forces the mobile Firefox browser to download and execute a malicious app, on just visiting a malicious link only. What's worrisome is that many major websites are compromised frequently and a large number of visitors of those hacked sites can fall victim to this attack. " The biggest problem in this situation is that Firefox automatically executes certain known files once they're downloaded, and doesn't give users an option to disable this. Without some sort of ...

The problem is simple: all breaches start with initial access, and initial access comes down to two primary attack vectors – credentials and devices. This is not news; every report you can find on the threat landscape depicts the same picture.  The solution is more complex. For this article, we'll focus on the device threat vector. The risk they pose is significant, which is why device management tools like Mobile Device Management (MDM) and Endpoint Detection and Response (EDR) are essential components of an organization's security infrastructure. However, relying solely on these tools to manage device risk actually creates a false sense of security. Instead of the blunt tools of device management, organizations are looking for solutions that deliver device trust . Device trust provides a comprehensive, risk-based approach to device security enforcement, closing the large gaps left behind by traditional device management solutions. Here are 5 of those limitations and how to ov...