NSA Releases Open Source Network Security Tool for Linux
By : UnknownHacker who sold Madonna song sentenced to 14 months in prison
By : UnknownHe was also fined 5,000 shekels, which comprehends to about $3900. The court has sad that an appropriate punishment will deter this kind of incidents in the future.
Madonna's latest album Rebel Heart was leaked on the internet last year. At the time she said' “I have been violated as a human and an artist.”
Later she later six songs, calling it an “early Christmas gift” for her fans.
Anonymous Hacker Hijacked Russian Prime Minister Twitter Account
By : UnknownWindows XP Flaw: Hackers withdraw money from any ATM by just sending a Text Message
By : UnknownHackers create drone that can steal What’s inside your phone
By : UnknownHackers have hacked 300000+ wireless routers, Check yours NOW!
By : UnknownExpress Language(EL) Injection vulnerability in Paypal's subsidiary
By : UnknownAn Indian Security researcher Piyush Malik has discovered an Expression Language(EL) Injection security flaw in Zong, a subsidiary of Paypal.Sponsored LinksAccording toOWASP, EL Injection is a vulnerability that allows hacker to control data passed to the EL Interpreter. In some cases, itallows attackers to execute arbitrary code on the server.Researcher Malik said in his blog that Zong wasrunning an outdated version of Clearspace(Nowknown as Jive software) on a subdomain."Clearspace is a Knowledge management tool and is Integrated with Spring Framework. EL Pattern was used in Spring JSP Tags which made Clearspace Vulnerable to this Bug." Malik explained in hisblog.He found two forms in the site which are vulnerable to this bug. He was able to performsome arithmetic operations using the vulnerable field.One of the vulnerable urls:https://clearspace.zong.com/login!input.jspa?unauth=${custom command here}An attacker can inject a Express Language command on the 'unauth' field which will be executed in the server. In his demo, researcher inject an arithmetic command(https://clearspace.zong.com/login!input.jspa?unauth=${100*3}) and able to executed it.Paypal has offered some bounty amount for his finding. Researcher didn't disclose the bounty amount.About EL Injection vulnerability is first documented by security researchers from Minded Security in 2011. You can find the document here:https://www.mindedsecurity.com/fileshare/ExpressionLanguageInjection.pdf