Tool for free Applescript-based malware detection launched.
#Malwares

:)

🔵Espressif ESP-IDF buffer error vulnerability:

https://dailycve.com/espressif-esp-idf-buffer-error-vulnerability

🔵SaferVPN security vulnerabilities:

https://dailycve.com/safervpn-security-vulnerabilities

Google, "Through four zero-day vulnerabilities, someone attacks Windows and Android"
#Vulnerabilities

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

WELL DONE !!!

This program provides further decompiling and decoding of a disassembled run-only AppleScript.

For input, use a text file that is the output of https://github.com/Jinmo/applescript-disassembler

Running this program will create a new file from the input file annotated with:

1) AEVT codes and their human-readable descriptions;

2) Decoded hard-coded strings;

3) Decimal conversions of hard-coded hex numbers;
Names of targeted applications.
Usage: aevt_decompile <file>

4) where <file> is a text file output from the AppleScript-Disassembler.

aevt_decompile writes its output to ~/Desktop/<file>.out. aevt_decompile is non-destructive (i.e., it does not modify the input file).

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🔵A dll hijacking vulnerability exists in Odd Games Accelerator (Windows client):

https://dailycve.com/dll-hijacking-vulnerability-exists-odd-games-accelerator-windows-client

🔵Zhejiang Lande Network Technology Co., Ltd. O2OA system has logic flaws and vulnerabilities:

https://dailycve.com/zhejiang-lande-network-technology-co-ltd-o2oa-system-has-logic-flaws-and-vulnerabilities

Sberbank created the Zoom "killer"
#International

A new and near-final version of Windows 10X has been leaked.
#Updates

Too much hacking tutorials on:

https://github.com/carpedm20/awesome-hacking

The CEO of Parler says its service may never be online again.
#International

CEO of Twitter: Trump's ban is the right decision, but it sets a troubling precedent.
#International

🔵File upload vulnerability exists in CatfishCMS:

https://dailycve.com/file-upload-vulnerability-exists-catfishcms

🔵Mblog open source Java blog system has logic flaws:

https://dailycve.com/mblog-open-source-java-blog-system-has-logic-flaws

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Hack with ss7 :

Researchers are easily able to hack WhatsApp and Telegram using the known telecom flaw

We continuously receive queries from readers about how to hack WhatsApp. The world’s most popular cross platform messaging App is seen to be ultimate hack by many because it has recently enabled 256-bit encryption.

For ordinary souls this encryption would take days and months to decode a sentence or a complete message. Ditto with another secure messaging service called Telegram. Though Telegram is not as popular as WhatsApp, it has its ardent group of followers who use it for its encryption as well as snooping free service.

Though both of these Apps are end-to-end encrypted both of them suffer from hardware side vulnerability which can be exploited to hack and hijack both WhatsApp and Telegram.

The vulnerability lies in Signalling System 7, or SS7, the technology used by telecom operators, on which the highly secure messaging system and telephone calls rely. SS7 is a set of telephony signalling protocols developed in 1975, which is used to set up and tear down most of the world’s public switched telephone network (PSTN) telephone calls. It also performs number translation, local number portability, prepaid billing, Short Message Service (SMS), and other mass market services.

SS7 is vulnerable to hacking and this has been known since 2008. In 2014, the media reported a protocol vulnerability of SS7 by which both government agencies and non-state actors can track the movements of cell phone users from virtually anywhere in the world with a success rate of approximately 70%. In addition, eavesdropping is possible by using the protocol to forward calls and also facilitate decryption by requesting that each caller’s carrier release a temporary encryption key to unlock the communication after it has been recorded. Researchers created a tool (SnoopSnitch) which can warn when certain SS7 attacks occur against a phone and detect IMSI-catchers.

You can view how researchers managed to hack WhatsApp and Telegram using the SS7 flaw below:

WhatsApp Hack:
https://youtu.be/fDJ-88e_06A

Telegram Hack:
https://youtu.be/dkvQqatURdM

Both the hacks exploit the SS7 vulnerability by tricking the telecom network into believing the attacker’s phone has the same number as the victim’s phone. Once the network has been fooled, anybody, even a newbie can spy on the legitimate WhatsApp and Telegram user by creating a new WhatsApp or Telegram account using the secret code.

Once complete, the attacker now controls the account, including the ability to send and receive messages. Even more horrific is the fact that the hacker can also send messages on behalf of the victim, and read confidential messages intended for the victim without ever having to try to break strong encryption protocols.

See how easily you can hack WhatsApp and Telegram by fooling the network into believing your are the victim.

git source
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🔵Vientiane webmaster 2008 enhanced version has dll hijacking vulnerability:

https://dailycve.com/vientiane-webmaster-2008-enhanced-version-has-dll-hijacking-vulnerability

🔵PDF cat split and merge software has dll hijacking vulnerability:

https://dailycve.com/pdf-cat-split-and-merge-software-has-dll-hijacking-vulnerability

BlackBerry sold 90 primary patents to Huawei for smartphones.
#International