Soon after the vulnerability became public, the plugin was taken down from wordpress directory until the issue was fixed. However, as per my analysis the fix is incomplete and leads to stored XSS.
Update: Acunetix has just released an official response about the incident, read it here.
Last night, Website of Acunetix(A Wellknown Automated Web Application Scanner) was hacked by Croatian hackers. From that point of this onward the website has been taken offline and acunetix team are reviewing the root cause for the hack. Currently the homepage is displaying a "403 Forbidden error", it might be due to the fact that either the attacker has deleted all he files or developers have deliberately taken it down in order to review the files for any possible backdoor that might had been injected.
Courtesy - http://exploitgate.com/acunetixs-website-got-hacked-croatian-hackers/
Past Saturday, I conducted a "Webcast" on "Garage4hackers" on one of my favorite subjects in the field of Information Security i.e. "WAF Bypass". Initially, i had decided to present something on the topic of "Mobile Browser Security" due to the fact that this has been a topic I have been recently conducting a research on.
However i later realized that the "TakeAways" would not be much helpful, therefore i decided to talk about something that Bughunters/Pentesters can use in their day to day pentests and security engagements and hence i decided to present on this topic.
I must admit that the response has been overwhelming along with it, i have also managed to get a chance to learn more from the feedback and CTF responses.
I would like to specially thank "Imdadullah", "Himanshu", "Sandeep" along with other garage4hackers members for inviting/supporting me through out the journey. One of the best things "G4H Community" is the work they are doing for the security community by conducting free of cost Webcasts. You can find a list of other Webcasts here - "http://www.garage4hackers.com/ranchoddas/"
Browser Security", If you wish to read the Whitepaper/Slides and SOP Test Suite, you can refer to my previous post on "Bypassing Browser Security Policies For Fun And Profit"
The threat of black hat hackers has never been greater than now, considering the increasing organization of their efforts to make a dollar off of your digital assets and information. The common portrayal of the hacker is someone who knows enough about programming and the internet that they can seemingly access any information or know anything about anyone.
This is mostly an exaggeration. Finding information on someone is still work, sometimes very time-consuming and usually not worth the effort from a financial standpoint unless done on a large scale. It does beg the question, however, of how much hackers might know about you. Based on the trails you leave online and who you trust your information with, a hacker might already have a file with your name on it. It is a question worth investigating.
Posted by Farhan Azam Memon
Few hours back, i delivered a talk at Blackhat Asia 2016 on "Bypassing Browser Security Policies For Fun And Profit", the talk covered wide variety of topics starting from SOP bypasses, CSP bypass so on and so forth. Due to limited time i was only able to cover few topics, however, you can find rest of the topics in the WhitePaper below. The following was the abstract: