After a lot of chaos and problems, Microsoft has resumed the Windows 10 1809 rollout. While the recent October update
This week, Adobe released its monthly scheduled update bundle addressing vulnerabilities within its different products. The Adobe patch Tuesday November
White hat hackers and IT security researchers have once again proved their elite skills at Pwn2Own 2018 after exposing critical security vulnerabilities in products developed by popular vendors like Apple, Samsung, and Xiaomi. Pwn2Own is organized by cybersecurity giant Trend Micro’s Zero Day Initiative in Tokyo where hackers took part in exploiting zero-day flaws in products developed by […]
This is a post from HackRead.com Read the original post: iPhone X, Xiaomi Mi 6 & Samsung Galaxy S9 hacked at Pwn2Own
Ransomware continues to cause internet users to twitch and quiver at the very thought of their data being encrypted. Typically,
Last week a Swedish Man was sentenced to a term of 7 years for trying to murder two employees of
iPhone X, Samsung Galaxy S9, and Xiaomi Mi 6 fall prey to hacking in the Pwn2Own hacking competition in Tokyo
Trend Micro-sponsored Pwn2Own, the annual hacking contest, that took place at the PacSec security conference in Tokyo, saw hackers successfully exploit iPhone X, Samsung Galaxy S9, and Xiaomi Mi6. Other handsets such as Google Pixel 2 and Huawei P20 too were involved in the contest.
For those unaware, Trend Micro, a global leader in cyber-security solutions, hosts Pwn2Own in an effort to promote its Zero Day Initiative (ZDI) program, that is designed to reward security researchers to exploit the latest and most popular mobile devices and demonstrate and disclose major zero-day vulnerabilities to tech companies. Following the contest, vendors will have 90 days to produce patches for these bugs.
Day 1 at the Pwn2Own Tokyo 2018
They used the touch-to-connect feature to force-open the web browser on the phone and navigate to their specially crafted webpage following which the webpage exploited an Out-Of-Bounds write in WebAssembly to get code execution. This hack earned them $30,000 USD and 6 Master of Pwn points.
“During the demonstration, we didn’t even realize that action was occurring until it was too late. In other words, a user would have no chance to prevent this action from happening in the real world,” ZDI reports in a blog post.
Later, the Fluoroacetate team went on to exploit another handset, Samsung Galaxy S9. They used a heap overflow in the baseband component to get code execution on the device. This hack earned the team another $50,000 USD and 15 more points towards Master of Pwn. Fluoroacetate also hacked iPhone X via Wi-Fi using a pair of bugs – a JIT (Just-In-Time) vulnerability in the web browser followed by an Out-Of-Bounds write for the sandbox escape and escalation. This hack fetched them another $60,000 USD and 10 additional Master of Pwn points.
The MWR Labs team also combined three different bugs to successfully exploit the Samsung Galaxy S9 over Wi-Fi. They forced the phone to a captive portal without user interaction, then used an unsafe redirect and an unsafe application load to install their custom application. Although they failed in their first attempt, they successfully hacked in its second attempt, which earned the team $30,000 USD and 6 more Master of Pwn points.
Day 2 at the Pwn2Own Tokyo 2018
The second day at the Pwn2Own Tokyo 2018 started with Fluoroacetate team exploiting one more zero-day vulnerabilities in iPhone X and Xiaomi Mi 6.
Their first iPhone X zero-day combined a JIT bug in the browser along with an out-of-bounds access that resulted in a deleted photo getting exfiltrated from the targeted phone. This hack fetched them a $50,000 USD.
In the case of Xiaomi Mi6, the team used an integer overflow vulnerability that allowed them to exfiltrate a picture from the device, earning them an additional $25,000 USD.
MWR Labs too successfully hacked the Xiaomi Mi6 on the second day. They loaded a custom application by combining a download bug along with a silent app installation and stole some pictures from the phone. They earned $25,000 USD for this hack.
Team Fluoroacetate with a total of 45 points and $215,000 USD in prizes won the title of Master of Pwn!
The post iPhone X, Samsung Galaxy S9, Xiaomi Mi 6 Hacked At Pwn2Own Tokyo 2018 appeared first on TechWorm.
Last month, researchers from a cybersecurity firm shared their findings on a bug in Microsoft Word online’s video feature that
In September, Adobe patched numerous critical vulnerabilities in ColdFusion. However, a couple of weeks after Adobe released the patches, researchers
In a game set up in the Westernized era of the late 19th century, the main charm for the players
Update your GDPR Compliance plugin right now. Security researchers have identified a critical vulnerability in the popular WP GDPR Compliance plugin assisting over 100,000 website owners around the world to comply with European privacy regulations known as GDPR that was announced by European Union on May 25th, 2018. The vulnerability was discovered by researchers at Wordfence which allows hackers to […]
This is a post from HackRead.com Read the original post: WordPress GDPR Compliance plugin hacked to spread backdoor
HTTrack is a free and easy-to-use offline browser utility which acts as a website downloader and a site ripper for copying websites and downloading them for offline viewing.
HTTrack Website Downloader & Site Ripper
HTTrack allows you to download a World Wide Web site from the Internet to a local directory, building recursively all directories, getting all the HTML, images, and other files from the server to your computer.
HTTrack arranges the original site’s relative link-structure, which allows you to simply open a page of the “mirrored” website in your browser, and you can browse the site from link to link as if you were viewing it online.