Cryptocurrency Mining Scripts Harnessing your cpu memory via Browsers

Hidden MiningWebsites are increasingly using JavaScript-based cryptocurrency miners to monetize by levying the CPU power of their visitor’s PC to mine Bitcoin or other cryptocurrencies. Scenario then vs now: Websites using crypto-miner services could mine cryptocurrencies with your browser memory when you visit their site. Feasibility: Once you close the browser window, they lost access […]

Gain Root without Password- macOS Sierra

A critical vulnerability has been discovered in macOS High Sierra allowing any user to get root access on a mac system without any passwords. In order to perform this, you just need to type “root” into the username field, leave the password blank, and hit the Enter a few times ( two or more) and […]

BlueBorne- the lethal attack to take over your devices

The latest attack Blueborne is taking over by storm , lets read about it in concise, the attack method and the details of this bug. A series of vulnerabilities have been unearthed in the implementation of Bluetooth which allows hackers to take over your computers/ tablets/ smartphones whenever Bluetooth is on. A total of eight […]

Pacemakers prone to getting hacked

Recently the The FDA and Homeland Security have issued alerts about vulnerabilities in 4,65,000 pacemakers. The devices can be remotely “hacked” to increase activity or reduce battery life, potentially endangering patients. Feasible vulnerabilities: Absence of memory and encryption: In such embedded devices there is a lack to support proper cryptographic encryption. Conventional cryptography suites are […]

How are work, life and things at SecureLayer7

What we do at SL7? In this blog post, we will see how are work, life and things at SecureLayer7. We are an enthusiastic pack of security consultants and developers. Our work profile involves: Working at customer site or remotely and pen testing web, mobile and infrastructure. Finding and making proof of concept for vulnerabilities. […]

SecureLayer7 Gratis PenTest Summer 2017

Overview Under the Gratis Pentest 2016, we have evaluated security postures of two open source applications i.e. Refinery CMS, PageKit CMS. We perform the penetration testing for the deserving Open Source Application as SecureLayer7’s contribution to Open Source Community. We shall allocate two or three days full time from our working hours to yield a […]

Password Reset OTP Bypass Critical Vulnerability in YesBank Banking Application

I am a customer of YesBank and I hold my savings account with them. I also use the YesBank’s online banking application and I strongly feel that they need to look into security of the application of the bank. So, as a responsible client, I disclosed the vulnerability to YesBank which I recently found in their […]

Firefox 47.0 Memory Access violation Crash – FIXED

We were working on Firefox browser automation for opening some of the URL for the malware analysis. We used the combination of python and selenium to perform automation and the After few mins, we stumble upon a Firefox crash, which was causing the memory access violation crash as shown in the following image. After few […]

How to fix CVE-2015-7547 glibc: getaddrinfo stack-based buffer overflow

RedHat released Patch for CVE-2015-7547 glibc: getaddrinfo stack-based buffer overflow.  A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note: […]

Joomla Remote Code Execution Vulnerability Fixed

The Joomla team just released a new Joomla version 3.4.6 to fix serious vulnerability, i.e. remote code execution. Directly from the Joomla announcement: Browser information is not filtered properly while saving the session values into the database what leads to a Remote Code Execution vulnerability. Joomla CMS versions 1.5.0 through 3.4.5 are vulnerable to remote code […]