Browsing category
VMware security updates published for its AirWatch Agent that affected by critical remote code execution vulnerability. VMware is a virtualization software which is installed on the physical server to allow for multiple virtual machines (VMs) to run on the same physical server. This critical vulnerability discovered in VMware AirWatch Agent a division of virtualization vendor […]
Adobe has released patches for critical zero-day vulnerabilities in Adobe Flash Player 29.0.0.171 and earlier versions. The updates released for Windows, macOS, Linux and Chrome OS. The vulnerability, tracked as CVE-2018-5002 was reported by various security firms ICEBRG, Qihoo 360 and Tencent earlier this week. The arbitrary code execution vulnerability resides with the version of […]
40-year-old SS7 is being actively used to track user locations and communications. The US Department of Homeland Security recently warned that malicious hackers may have targeted US phone users by exploiting a four-decades-old networking protocol used by cell phone providers around the world, according to a spokesman for US Senator Ron Wyden (D-Ore.). Meanwhile, the […]
With the staggering amount of features that were introduced through HTML5 and CSS3 the attack surface of browsers grew accordingly. Consequently, it is no surprise that interactions between such features can cause unexpected behavior impacting the security of their users. In this article, we describe such a practical attack and the research behind it. tl;dr: We […]
An information security expert explains that, Archery is an open source vulnerability management and evaluation tool that helps developers and evaluators perform scans and manage vulnerabilities. Archery uses open source tools to perform a complete scan of the web application and the network. In the same way, this tool performs the dynamic authenticated scanning of the web […]
Multiple Vulnerabilities found in IBM QRadar chained together allows a remote attacker to bypass authentication and to execute arbitrary commands with root privileges. The IBM QRadar is an enterprise security information and event management (SIEM) product that collects the logs from log data from Operating system, Vulnerabilities, user activities, behaviors and networking devices. It can […]
After an investigation, security professionals have found a backdoor account in the firmware of the D-Link DIR-620 routers; this allows malicious actors to take over any device accessible through the Internet. This backdoor, was found by Kaspersky Lab’s information security experts, the backdoor grants access to the device’s web panel, and there is no way that device […]
A research team from the Tencent firm discovered several security vulnerabilities in BMW models. Tencent Keen Security Lab’s information security experts found 14 vulnerabilities that affect several BMW models, including models; BMW i, BMW X, BMW 3 Series, BMW 5 Series and BMW 7 Series. The investigation was conducted for one year between January 2017 and February […]
A recent investigation revealed six vulnerabilities in Dell EMC RecoverPoint devices. One of the flaws found allows attackers to execute remote unauthenticated code with administrator privileges. A team of information security experts explain in one publication that if an attacker without knowledge of any credentials has RecoverPoint visibility on the network or local access to it, he […]
A team of experts from Eclypsium presented a new variation of the Spectre attack, which allows attackers to recover the data hosted within the CPU system management mode. Information security researchers devised this new variation that can allow attackers to recover the data stored within the System Administration Mode of the CPU (SMM) (also known as […]
In an unusual case someone managed to develop a malware attack that, with one click, exploits separate zero-day vulnerabilities in two different pieces of software. Even more exceptional is that an error burns a unicorn before it can be used. According to information security experts, this is precisely what happened with a malicious PDF document designed to […]
SQL (Structured Query Language) is a popular programming language for managing data kept in relational databases. However, the databases can be breached when an attacker adds SQL statements that attempt to corrupt, delete, extract, or delete the data held in the databases. With the current rise of SQL injection cases, learning how to protect your […]
In May, security experts found vulnerability in the LocationSmart website that allowed, without authentication, to obtain the real-time location of cell phones in the United States. The vulnerability has been solved, so the information security professional is publishing the technical details of the vulnerability. LocationSmart, the cell phone location service has recently appeared in the […]
The professionals explain that DNSBin is a tool used to test the filtering of data through DNS and helps to test vulnerabilities such as RCE or XXE when the environment has a limitation. The program is divided into two parts; the first part is about the web server and its component. This offers a basic […]
A joint work of Chinese and American information security professionals found a new method to attack smart personal assistants like Amazon Alexa and Google Home, whom they called “squatting voice”. The experts detailed the technique in a recently published research paper, along with another method of attack called voice masking. Malicious actors try to trick […]
Red Hat recently announced a severe vulnerability in its DHCP client, CVE-2018-1111 could be exploited by malicious actors to execute arbitrary commands with administrator privileges on specific systems. A member of the information security team of Google, Felix Wilhelm, found a critical vulnerability of remote injection of commands in the implementation of Red Hat Linux […]
Recently, Lenovo released security patches for the CVE-2017-3775 high-severity vulnerability in the Secure Boot function on System x servers. Information security researchers commented that standard operator settings disable signature verification, as a result, Server x BIOS / UEFI versions do not authenticate the signed code correctly before starting it. “In Lenovo’s internal tests they found that […]
A team of information security experts released a warning about a group of vulnerabilities that affect users of PGP and S / MIME. EFF kept in communication with the research group and can confirm that the vulnerabilities present an immediate risk for the users of these tools in the communication by email. The details will be published […]
In late April, two security companies (Qihoo360 and Kaspersky) independently discovered a zero-day for Internet Explorer (CVE-2018-8174), which was used in targeted attacks for espionage purposes. This marks two years since a zero-day has been found (CVE-2016-0189 being the latest one) in the browser that won’t die, despite efforts from Microsoft to move on to the more modern […]
Just a couple of months ago, an information security expert, nicknamed LANDAVE or Dave, found security vulnerability in the 7-Zip utility. A group of information security professionals commented that 7-Zip contains a huge variety of file decompression tools that some users install as one of their most important complementary Windows applications. 7z knows how to […]
LG recently patched two critical vulnerabilities on the default keyboard of all its smartphones, including flagship phones; the vulnerabilities could have been used to execute code remotely with elevated privileges, commented information securityprofessionals. This update of LG includes the solution for a serious problem of Android, from Google. The first error has to do with the […]