privilege escalation

Pierluigi Paganini November 20, 2014
A new critical flaw affects Android OS except Lollipop

The security researcher Jann Horn discovered a privilege escalation flaw that affects Android OS devices except the Lollipop version. A critical vulnerability affects the Android OS versions prior to 5.0 that could be exploited by an attacker to bypass ASLR and run arbitrary code on a target device under specific conditions. The vulnerability was fixed in the latest version of […]

Pierluigi Paganini November 19, 2014
Microsoft issued a critical Out-of-Band patch for Kerberos flaw

Microsoft on Tuesday released a rare out-of-band patch for a critical vulnerability in Kerberos that could allow elevation of privilege. Microsoft has just released an “out-of-band” security updates to patch a critical vulnerability in all supported versions of its Windows Server software, the flaw resides in Kerberos (Kerberos Checksum Vulnerability – CVE-2014-6324) and could allow elevation of Privilege […]

Pierluigi Paganini November 04, 2014
Apple OS X Yosemite is affected by a serious vulnerability

A Swedish security expert has discovered a serious  privilege escalation vulnerability in last Apple operating system, the OS X Yosemite. A Sweden white-hat has found a serious security flaw in Apple Yosemite OS X that could be exploited by an attacker to take control of your PC. The Swedish hacker Emil Kvarnhammar at security firm Truesec discovered a privilege […]

Pierluigi Paganini September 20, 2014
Yahoo SQL Injection flaw allows Remote Code Execution and privileges scalation

The Egyptian hacker Ebrahim Hegazy has discovered a critical Yahoo SQL Injection flaw exploitable to Remote Code Execution and privilege escalation. My readers know very well the Egyptian hacker Ebrahim Hegazy, he is a great security expert and a friend of mine, which disclosed numerous critical flaws in most popular web services, including Microsoft, Yahoo and Orange. […]

Pierluigi Paganini January 08, 2014
Windows Zero-Day vulnerability used in targeted attacks against 28 Embassies

TrendLab malware analysts confirmed that recent Windows Zero-Day vulnerability was exploited in cyber attack against Embassies in a Middle Eastern capital. At the end of the last year Microsoft revealed that a zero-day vulnerability was in use in targeted attacks against Windows XP and Server 2003 systems. The discovery of the flaw in Microsoft OSs was made […]