News

Both Microsoft and Google have released software updates yesterday to fix some security vulnerabilities, including a zero-day vulnerability that has been exploited in the wild. These zero-day vulnerabilities were discovered by Kaspersky but have been exploited by advanced hacker groups. Hackers can use these vulnerabilities to install spyware directly on their targets. After tracing the […]

Security company Rapid7 has disclosed security vulnerabilities in three children’s smartwatches sold on Amazon. These three children’s smartwatches are the GreaSmart, the Jsbaby, and the Smarturtle for less than$ 40. They are used as tracking devices to track children and allow parents to send messages or make phone calls to children. Researchers warn that potential […]

Recently, researchers have discovered that undocumented features in Intel CPUs allow attackers to manipulate Intel CPU voltages in a controlled manner to trigger calculation errors. This can be used to undermine the security assurances of the Intel SGX Trusted Execution Environment, which is designed to protect encrypted secrets and isolate sensitive code execution in memory. […]

On December 11, 2019, Microsoft and Adobe released the December security update. The types of vulnerabilities addressed include out-of-bounds reads and write, some untrusted pointer references, and some UAFs. No vulnerabilities have been announced at the time of publication, or reports of active attacks have been received. This security update from Adobe covers Acrobat Reader, […]

Red Hat and CentOS have announced the availability of important kernel security updates for their Red Hat Enterprise Linux 7 and CentOS Linux 7 operating system families. The updates are reported to address two security holes and many other bugs. Specifically, the new Linux kernel security update fixes CVE-2019-14821 and CVE-2019-15239 vulnerabilities. Among them, CVE-2019-15239 may cause local […]

Recently, security researchers at a professional application security protection company, Promon said that they found a vulnerability in the Android operating system and named it StrandHogg, which allows malicious applications to hijack legitimate programs and perform malicious operations on their behalf. Currently, 36 applications have been discovered that use StrandHogg vulnerability. Promon did not list […]

A security issue discovered by security research company SafeBreach in Kaspersky Secure Connection, which itself is bundled into a range of other Kaspersky security products, allowing malicious attackers to obtain privilege escalation and code execution. The security vulnerability numbered CVE-2019-15689 details the vulnerability, which allows a hacker to run an unsigned executable file (DLLs) as […]

Google released a December 2019 Android security patch for its latest Android 10 mobile operating system series to address some of the most critical security vulnerabilities. Composed of December 1, 2019, and December 5, 2019 security patch levels. The December 2019 Android security patch addresses Android components, Android framework, media framework, Android system, kernel components, […]

With the rise of instant messaging applications such as WhatsApp, Signal, and Telegram. A large number of similar applications have begun to steal telecommunications business revenue from SMS services. Recently, Android has launched a solution, namely its Converged Communications Service (RCS). It is understood that the service is consistent with Apple’s hybrid iMessage platform. Since […]

HPE’s enterprise-class solid-state drives have time bombs. HPE issued an emergency safety notice saying that some of its models of solid-state drives will stop working after 32,768 hours or 3 years, 270 days and 8 hours due to defective firmware. The SSD will stop working at almost the same time. HPE wrote on the security […]

Recently, Check Point researchers analyze a vulnerability (CVE-2019-10574) discovered in the Qualcomm Trusted Execution Environment (TEE) for Android devices. An attacker could exploit this vulnerability to obtain sensitive device information. It is understood that this vulnerability exists in the way that Qualcomm implements TEE based on ARM TrustZone, which may cause problems such as protected […]

Recently, Solr officially released a security update to fix RCE vulnerability (CVE-2019-12409) due to a bad config default. Solr is apache’s top-level open source project, which is a full-text search server based on lucene developed using Java. After we analysis and judgment. This vulnerability affects to new versions 8.1.1, 8.2.0. Solr users should not expose […]

Android security flaws allow applications to access people’s cameras for secret video and audio recording. Android smartphones from companies such as Google and Samsung have security vulnerabilities that allow malicious applications to record video, take photos and capture audio, and then upload content to remote servers without the user’s permission. The vulnerability was discovered by […]

Last weekend, the Chinese hacking contest, Tianfu Cup officially began in Chengdu, and hackers from China won the championship in this war. In two days, Chinese hackers attacked popular software using the vulnerabilities they discovered. The goal of the game is to exploit the vulnerabilities that have not yet been discovered to attack the software […]

WhatsApp quietly patched a critical vulnerability in its application last month that could allow an attacker to remotely compromise a target device and potentially steal secure chat messages and files stored in it. The old WhatsApp version caused a buffer overflow of the stack during the parsing of the basic stream metadata of the MP4 […]

In a study funded by the US Department of Homeland Security, Kryptowire found a serious security risk from pre-installed applications on cheap Android smartphones. These apps have potentially malicious activity, may secretly record audio, change settings without the user’s permission, or even grant new permissions to themselves. With the help of new tools, Kryptowire was […]

The Debian Project released a new Linux kernel security update for its supported version of Debian GNU/Linux to address the latest vulnerabilities affecting Intel’s CPU microarchitecture. As previously revealed, four new security vulnerabilities have been discovered in the Linux kernel that has an impact on Intel CPUs: CVE-2019-11135, CVE-2018-12207, CVE-2019-0154, and CVE-2019-0155. These vulnerabilities could lead to privilege […]

Canonical has released a new set of Linux kernel security updates for all of its supported Ubuntu releases to address the latest Intel CPU vulnerabilities and other important flaws. As announced a few days ago, Canonical quickly responded to the latest security vulnerabilities affecting Intel’s CPU microarchitecture, so they have now released Linux kernel updates […]

Recently, the security team found the Apache Flink arbitrary Jar package to upload the attack data that caused the remote code execution vulnerability. The attacker can use this vulnerability to upload any Jar package in the Apache Flink Dashboard page and use Metasploit to execute arbitrary code in the Apache Flink server. Apache Flink is […]

To prevent the Zombieload v2 attack that was just exposed, Microsoft Windows and Linux kernel teams have introduced methods to turn off Intel Transactional Synchronization Extensions (TSX). The Zombieload vulnerability is related to TSX, which is similar to the previously disclosed Meltdown, Spectre, and Foreshadow, Fallout, and Zombieload v1 vulnerabilities, which use predictive execution to […]

Recently, Apache Shiro Padding Oracle reveals remote code execution vulnerability. After we analysis and judgment, it is judged that the level of the vulnerability is serious and the damage surface/wide impact is wide. At present, Apache Shiro does not issue official patches and mitigation solutions. Apache Shiro is an open-source software security framework that performs […]