Browsing category
Cisco Systems issued a Critical alert on Wednesday warning of multiple vulnerabilities in its popular WebEx player. Six bugs were listed in the security advisory, each of them relating to holes in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. “A remote attacker could exploit these vulnerabilities by […]
Here’s how to protect yourself until Apple patches bafflingly bad bug. In one of Apple’s biggest security blunders in years, a bug in macOS High Sierra allows untrusted users to gain unfettered administrative control without any password. The bypass works by putting the word “root” (without the quotes) in the user name field of a […]
Facebook recently introduced a poll feature which allows users to make votable questions as the status on both Android and iOS apps. Security researcher Pouya Darabi found a vulnerability that allows anyone to delete any photo from the Facebook platform. Facebook vulnerability Darabi explains the vulnerability allows anyone can quickly change the Image ID that […]
A Linux Suffering from systemd(System and Service Manager) vulnerability that leads to performing a Denial of Service in many Linux based Distributions. Attacker Sending a DNS query to a DNS server by having a Vulnerable system eventually this vulnerability will exploit the Target Linux distribution systems. systemd is an init system used in Linux distributions to […]
Delete any Image on Facebook When I was checking out facebook’s new features, I noticed that polling feature were added to the posts so I start working on it. Whenever a user tries to create a poll, a request containing gif URL or image id will be sent, poll_question_data[options][][associated_image_id] contains the uploaded […]
The vulnerability could be exploited to perform remote code execution. HP has issued firmware patches to fix a security flaw which allowed attackers to perform remote code execution attacks on enterprise-grade printers. FoxGlove Security researchers issued an advisory disclosing the technical details of the bug, CVE-2017-2750, earlier this week. The team tested out HP’s PageWide Enterprise Color MFP […]
After releasing the new kernel update for Ubuntu 16.04 LTS (Xenial Xerus) systems to patch 13 security vulnerabilities, Canonical announced the availability of a major kernel update for Ubuntu 17.10. If you’re using the latest Ubuntu 17.10 (Artful Aardvark) operating system on your personal computer, you should know that it received it’s first major kernel update since the […]
Bugs in Intel’s firmware allow remote code execution, data exfiltration and more. Bugs in the underlying firmware of multiple Intel chip families have left laptops, servers and storage appliances vulnerable to a number of security vulnerabilities, the company has admitted. The silicon giant has confirmed reports from third-party security researchers that flaws in its chips’ […]
Join us on YouTube or Facebook to learn how hacking works. Rick Ramgattie is a Security Analyst at Independent Security Evaluators, who will help us assess the security of the D-Link DIR-865L router to show how we can chain vulnerabilities in both its web and storage interfaces to get root shell access. This would give an attacker […]
Don’t worry, these vulnerabilities have already been patched out. Back in September, Bluetooth-connected device owners got a little scare when security firm Armis disclosed a new hack exploit known as BlueBorne. In theory, bad actors could target smartphones, tablets and such using specific vectors in Bluetooth connectivity. Armis had informed Apple, Microsoft and Google months before and […]
Ops, a 17-Year-Old flaw in MS Office, tracked as CVE-2017-11882, could be exploited by remote attackers to install a malware without user interaction. Ops, a 17-Year-Old vulnerability in MS Office could be exploited by remote attackers to install a malware without user interaction. The flaw is a memory-corruption issue that affects all versions of Microsoft […]
A few days ago, the company Armis published a proof of concept (PoC) of a remote code execution vulnerability in Android via Bluetooth (CVE-2017-0781), known as BlueBorne. Although BlueBorne refers to a set of 8 vulnerabilities, this PoC uses only 2 of them to achieve its goal. The exploitation process is divided into 2 phases, first the memory […]
Android apps with millions of Google Play downloads also crash the party. A researcher has documented almost 2,500 sites that are actively running cryptocurrency mining code in the browsers of unsuspecting visitors, a finding that suggests the unethical and possibly illegal practice has only picked up steam since it came to light a few weeks […]
New AVGater flaw provided key ingredient for hacker to hijack computer. Antivirus programs, in many cases, make us safer on the Internet. Other times, they open us to attacks that otherwise wouldn’t be possible. On Friday, a researcher documented an example of the latter—a vulnerability he found in about a dozen name-brand AV programs that […]
Researchers and private industry experts, along with DHS officials, remotely hacked a Boeing 757 airplane that was parked at the airport in Atlantic City. A group of researchers and private industry experts, along with DHS officials, remotely hacked a Boeing 757 airplane owned by the DHS that was parked at the airport in Atlantic City, […]
A new Antivirus design flaw has discovered and named as AVGater for the Windows Local Privilege Escalation Vulnerability which is presented in many antiviruses that can be abused and bypassed using restore from quarantine Method. Quarantine is a special storage suspicious (probably infected) objects used by Antivirus engine. A function of antivirus software that isolates infected […]
The security experts Florian Bogner devised a method dubbed AVGater to escalate privileges by abusing the quarantine feature of some antiviruses. Several popular antivirus solutions are affected by flaws that could be exploited by attackers to escalate privileges on a compromised system by abusing the quarantine feature. The security experts Florian Bogner devised a method dubbed AVGater to escalate […]
AS DANGEROUS AS they may be, the Kremlin-linked hacking group known as APT28, or Fancy Bear, gets points for topicality. Last year, the group hacked the Democratic National Committee and the Clinton campaign with shrewd, politically savvy timing. Now, those same hackers seem to be exploiting last week’s ISIS attack in New York City to advance […]
Intel’s management engine – in most Positive Technologies plans to demonstrate at the next Black Hat conference how to hack over USB into Intel Management Engine of most CPUs since 2008. Experts from Positive Technologies that in September announced to have devised a technique a toattack the Intel Management Engine, now provided more details about it […]
In Part 1 of this series, we’ll be exploiting a stack buffer overflow using a Saved Return Pointer Overwrite attack. Hopefully, you’re all caught up on the necessary prerequisite knowledge after reading Part 0 and you’re itching to develop an exploit. Our target is going to be the Windows port scanner NScan version 0.9.1 (download it here). Details for […]
A Google-developed kernel fuzzer has helped locate dozens of Linux security flaws. Google researcher Andrey Konovalov has revealed 14 flaws in Linux kernel USB drivers that he found using a kernel fuzzer called ‘syzkaller’, created by another Google security researcher, Dmitry Vyukov.”All of them can be triggered with a crafted malicious USB device in case […]