A critical vulnerability has been discovered in macOS High Sierra allowing any user to get root access on a mac system without any passwords. In order to perform this, you just need to type “root” into the username field, leave the password blank, and hit the Enter a few times ( two or more) and […]
News
Stay tuned with SecureLayer7 Announcements
BlueBorne- the lethal attack to take over your devices
The latest attack Blueborne is taking over by storm , lets read about it in concise, the attack method and the details of this bug. A series of vulnerabilities have been unearthed in the implementation of Bluetooth which allows hackers to take over your computers/ tablets/ smartphones whenever Bluetooth is on. A total of eight […]
Pacemakers prone to getting hacked
Recently the The FDA and Homeland Security have issued alerts about vulnerabilities in 4,65,000 pacemakers. The devices can be remotely “hacked” to increase activity or reduce battery life, potentially endangering patients. Feasible vulnerabilities: Absence of memory and encryption: In such embedded devices there is a lack to support proper cryptographic encryption. Conventional cryptography suites are […]
How are work, life and things at SecureLayer7
What we do at SL7? Look at SecureLayer7 Review In this blog post, we will see how are work, life and things at SecureLayer7. We are an enthusiastic pack of security consultants and developers. Our work profile involves: Working at the customer site or remotely and pen testing web, mobile and infrastructure. Finding and making […]
SecureLayer7 Gratis PenTest Summer 2017
Overview Under the Gratis Pentest 2016, we have evaluated security postures of two open source applications i.e. Refinery CMS, PageKit CMS. We perform the penetration testing for the deserving Open Source Application as SecureLayer7’s contribution to Open Source Community. We shall allocate two or three days full time from our working hours to yield a […]
Password Reset OTP Bypass Critical Vulnerability in YesBank Banking Application
I am a customer of YesBank and I hold my savings account with them. I also use the YesBank’s online banking application and I strongly feel that they need to look into security of the application of the bank. So, as a responsible client, I disclosed the vulnerability to YesBank which I recently found in their […]
Firefox 47.0 Memory Access violation Crash – FIXED
We were working on Firefox browser automation for opening some of the URL for the malware analysis. We used the combination of python and selenium to perform automation and the After few mins, we stumble upon a Firefox crash, which was causing the memory access violation crash as shown in the following image. After few […]
How to fix CVE-2015-7547 glibc: getaddrinfo stack-based buffer overflow
RedHat released Patch for CVE-2015-7547 glibc: getaddrinfo stack-based buffer overflow. A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note: […]
Joomla Remote Code Execution Vulnerability Fixed
The Joomla team just released a new Joomla version 3.4.6 to fix serious vulnerability, i.e. remote code execution. Directly from the Joomla announcement: Browser information is not filtered properly while saving the session values into the database what leads to a Remote Code Execution vulnerability. Joomla CMS versions 1.5.0 through 3.4.5 are vulnerable to remote code […]
Protected: It’s not Easy being a CISO these Days!
There is no excerpt because this is a protected post.