Khanna Security Blog

Rampage is an evolution of Rowhammer  Rampage exploits a critical vulnerability in modern phones that allows apps to gain unauthorized access to the device. While apps are typically not permitted to read data from other apps, a malicious program can craft a rampage exploit to get administrative control and get hold of secrets stored in the device. This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents. The vulnerability, tracked as…

Read More Read More

  German electrical engineering and automation company Phoenix Contact disclosed four vulnerabilities in their FL SWITCH industrial line. The affected switches have various applications in the industrial sector and are commonly used for automation of processes. Researchers discovered the vulnerabilities, which include two critical flaws that could allow attackers to gain Remote Access, Run Arbitrary Code, and Steal Sensitive Information, as well as lead to Denial Of Service (DoS) attacks. The flaws affect model series 3xxx, 4xxx, and 48xxx with firmware…

Read More Read More

OWASP:-OPEN WEB APPLICATION SECURITY PROJECT is an open community dedicated to enabling the organization to develop, purchase, and maintain application and APIs that can be trusted. OWASP is not affiliated with any technology company, although we support the informed use of commercial security technology. It is a non-profit entity. The OWASP update his checklist in the span of 4 years. Before moving to OWASP TOP 10 2017 we have to know about OWASP TOP 10 2013. So this is the…

Read More Read More

Updated your Gentoo repositories yesterday consider replacing them or removing the compromised files you downloaded yesterday as there is a news going viral all over the internet that the Gentoo’s Github page resulting in compromisation of the original source and replaced with a malicious code so if you use Gentoo you need to be conscious about your machine. Because the development team of Gentoo Linux Distribution notifies users about their Github account being compromised and its source code has been…

Read More Read More

Yesterday, I was just randomly going through some google searches suddenly a website caught my attraction the website was built in WordPress and there were some misconfiguration issues due to which it was displaying some information which can give an idea to an attacker about what will be his next move and there are number of websites which suffers from same cause and if you use CMS(Content Management System) then you should  keep reading, This blog is for  you. Before…

Read More Read More

WHAT IS DVWA? DVWA is a DAMM VULNERABLE WEB APP coded in  PHP/MYSQL. Seriously it is too vulnerable. In this app security professionals, ethical hackers test their skills and run this tools in a legal environment. It also helps web developer better understand the processes of securing web applications and teacher/students to teach/learn web application security in a safe environment. The aim of DVWA is to practice some of the most common web vulnerability, with various difficulties levels. How to…

Read More Read More

What do you think Locking your iPhone with a passcode is enough. Read this Blog and you will know all about this. How HACKERS can easily Crack your iPhone Passcode… For iPhone Passcode is the “FIRST LINE OF DEFENCE” against Hackers. Length of the Passcode is 4-6 digits. Which is very difficult to break. If you trying to attempt many wrong passcodes then the data will be wiped. So now what happens. How can passcode be cracked? Lets Discuss. A…

Read More Read More

So, I would like to start by assuming that you are running a Company or any Business in India and you were looking for How to secure your data or customer information  your google search brought you here. In the present era of digitalization most of us are known with the cyber threats and Security breach happening to companies and big firm nobody knows who will be the next target of any security breach like Ransomware, WannaCry, EternalBlue(infiltrate target computers and…

Read More Read More

WHAT IS KALI LINUX? KALI LINUX is a Debian-based Linux distribution for Advance Penetration testing and Security Auditing KALI LINUX is a successor of BackTrack Linux. It is designed for digital forensics and penetration testing funded by Offensive Security Ltd. Initial Release 13 March 2013. Kali Linux has also provided its certification ie (KLCP). HOW  KALI LINUX IS MORE USEFUL THAN OTHERS? KALI LINUX has over 600 preinstalled tool which is used for hacking so we don’t need to install them…

Read More Read More

    Cyber Security is the trending topic nowadays going out there in the market even in the news you hear about the ongoing cyber attacks on companies and banks which aren’t seem to stop because of which there is a rapid need to focus on this particular field as a number of things get affected if servers or any digital asset of a company is being targeted by Malicious hackers to steal valuable customer data or confidential company information…

Read More Read More