Clik here to view.
How to Protect Yourself From an IE Zero-day Vulnerability That is Threatening...
A new, previously unknown cross-site scripting vulnerability in Microsoft Internet Explorer, which lets remote users bypass the same-origin policy and inject arbitrary JavaScript into HTML pages, was...
View ArticleClik here to view.
The research: Mobile Internet traffic hijacking via GTP and GRX
Most users assume that mobile network access is much safer because a big mobile-telecoms provider will protect subscribers. Unfortunately, as practice shows, mobile Internet is a great opportunity for...
View ArticleClik here to view.
Schneider Electric Thanks the Winner of the Positive Hack Days Hacker Contest
Early April, Schneider Electric has released several updates and patches fixing vulnerabilities in the software used for creating SCADA and HMI systems at nuclear power plants, chemical plants and...
View ArticleClik here to view.
Online banking vulnerabilities in 2014: Authentication, Authorization and...
Today the security for online banking (OLB) is insufficient. High severity vulnerabilities in the source code and multiple flaws in authentication and authorization mechanisms of systems allow remote...
View ArticleClik here to view.
WAF Bypass at Positive Hack Days V
As it did last year, the PHDays forum on information security hosted WAF Bypass this year as well. The contest's participants tried to bypass the protection of PT Application Firewall, Positive...
View ArticleClik here to view.
PHDays V Highlights: Signs of GSM Interception, High Time to Hack Wi-Fi,...
Technological singularity is expected in 15 years at best, but Positive Hack Days transition is happening right now. The fifth forum had a record attendance – over 3,500 visitors, which is comparable...
View ArticleClik here to view.
The MiTM Mobile Contest: GSM Network Down at PHDays V
Although we have published several research works on cell phone tapping, SMS interception, subscriber tracking, and SIM card cracking, lots of our readers still regard those stories as some kind of...
View ArticleClik here to view.
Best Reverser Write-Up: Analyzing Uncommon Firmware
While developing tasks for PHDays’ contest in reverse engineering, we had a purpose of replicating real problems that RE specialists might face. At the same time we tried to avoid allowing cliche...
View ArticleClik here to view.
Digital Substation Takeover: Contest Overview
Digital Substation Takeover, presented by iGRIDS, was held at PHDays V. The contest's participants tried themselves in hacking a real electrical substation designed according to IEC 61850. The general...
View ArticleClik here to view.
The eagerly awaited Gartner Web Application Firewall Magic Quadrant is released
For the first time our application firewall product, PT AF™, has been named a ‘visionary’ in the Gartner "Magic Quadrant for Web Application Firewalls" report. We are ecstatic that Gartner recognized...
View ArticleClik here to view.
Positive Technologies helps to eliminate critical vulnerabilities in Siemens...
Ilya Karpov, a Positive Technologies expert, detected vulnerabilities in products intended for building automation systems in various industries — from petrochemical to power plants.Ilya found a...
View ArticleClik here to view.
Key Vulnerabilities in Corporate Information Systems in 2014: Web...
From 2013 to 2014, there was an increase in the vulnerability of the information systems of large enterprises. In about 60% of system attacks, the network perimeters were penetrated via web application...
View ArticleClik here to view.
Positive Technologies Experts Detect Critical Vulnerability in Huawei LTE Modems
Huawei thanked the Positive Technologies experts Timur Yunusov and Kirill Nesterov and the information security specialist Alexey Osipov, who detected a harmful vulnerability in Huawei 4G USB modems...
View ArticleClik here to view.
Industrial control system security in 2014: trends and vulnerabilities
In recent years, the industrial control systems (ICS) have become a popular target for malicious users and cyber criminals. The Stuxnet (2010) and Flame (2012) worms were replaced by more complicated...
View ArticleClik here to view.
Vulnerability Assessment According to CVSS 3.0
We have been using this assessment system since we created our vulnerability base and developed our first product, XSpider (I hope there are some who remember it). It is very important for us to...
View ArticleClik here to view.
HackerSIM: Blamestorming
Recently, there have been a lot of articles about a SIM card that has some incredible features. This topic sparked a lively discussion full of skepticism and mind-blowing theories. Let's lift the veil...
View ArticleClik here to view.
Web-application vulnerabilities: no light at the end of the tunnel
There has been significant growth in web applications, from official sites and ERP systems, to e-commerce and e-banking platforms, and portals providing government services. These applications have...
View ArticleClik here to view.
Critical Vulnerabilities in 3G/4G Modems or how to build Big Brother
This report is the continuation of "#root via SMS", a research made by the SCADA Strangelove team in 2014. It was devoted to telecommunications equipment vulnerabilities with modem flaws only partially...
View ArticleClik here to view.
FreeBSD Remote DoS Exploit (Demo) (CVE-2016-1879)
The FreeBSD team has announced their operating system was detected to contain critical vulnerabilities that could be exploited to conduct DoS attacks, escalate user privileges, and disclose important...
View ArticleClik here to view.
PayPal Remote Code Execution
In December 2015, I found a critical vulnerability in one of PayPal business websites (manager.paypal.com). It allowed me to execute arbitrary shell commands on PayPal web servers via unsafe Java...
View Article