Electronic Frontier Foundation (EFF), the California-based digital rights group, has launched an initiative called “Fix It Already” that highlights 9 big privacy and security related issues that tech companies need to resolve immediately. The 9 issues are spread across different tech platforms including social media companies, operating system, enterprise platforms and more. As EFF describes, some of these issues exist dues to […]
Security researchers have discovered a new class of security vulnerabilities that impacts all major operating systems, including Microsoft Windows, Apple macOS, Linux, and FreeBSD, allowing attackers to bypass protection mechanisms introduced to defend against DMA attacks. Known for years, Direct memory access (DMA)-based attacks let an attacker compromise a targeted computer in a matter of […]
Security researchers have discovered two high-severity vulnerabilities in the SHAREit Android app that could allow attackers to bypass device authentication mechanism and steal files containing sensitive from a victim’s device. With over 1.5 billion users worldwide, SHAREit is a popular file sharing application for Android, iOS, Windows and Mac that has been designed to help […]
A team of researchers has disclosed their findings at the NDSS (Network and Distributed System Security) symposium 2019 held in San Diego, revealing that cellular networks have certain vulnerabilities that can potentially affect not only 4G but 5G LTE protocols to IMSI capturing attacks. The findings of their research have been published in a paper titled […]
Spectre and Meltdown attacks were initially discovered in early 2018. Following which, many security researchers have tried and tested different methods to put an end to the security flaws. However, researchers at Google have concluded that Spectre-type vulnerabilities are most likely to sustain as a feature in processors. Therefore, software-based techniques alone are inadequate to […]
Password Managers aren’t as secure as you might assume – Security researchers claim that hackers can steal master passwords in PC memory. Password managers are considered as one of the most suitable options when it comes to keeping your online credentials safe from being hijacked and exploited by cybercriminals. However, unfortunately, the latest research findings […]
After 18 months of an investigation against Facebook, probing the social media platform’s privacy practice, the UK government has published a detailed report. The Digital, Culture, Media and Sports Committee of the UK Parliament has accused Facebook of violating data privacy laws. The report also contained information acquired from Facebook’s internal emails. The officials have asked social media platforms to remove […]
Microsoft has issued its second Patch Tuesday for this year to address a total of 77 CVE-listed security vulnerabilities in its Windows operating systems and other products, 20 of which are rated critical, 54 important and 3 moderate in severity. February security update addresses flaws in Adobe Flash Player, Internet Explorer, Edge, Windows, MS Office, […]
Major Security Flaws Identified in RDP Protocols making Machines Prone to Remote Code Execution and Reverse RDP Attacks. Check Point researchers have identified that three remote desktop protocol (RDP) tools, which are probably the most popular ones for Windows, macOS, and Linux systems, are plagued with not one or two but twenty-five CVE-listed security flaws. […]
You’ve always been warned not to share remote access to your computer with any untrusted people for many reasons—it’s basic cyber security advice, and common sense, right? But what if I say, you should not even trust anyone who invites or offers you full remote access to their computers? Security researchers at cybersecurity firm Check […]
Hungary’s Prosecution Service has accused an ethical hacker and computer specialist of infiltrating the Magyar Telekom database. The office found him involved in a crime that disrupted the operations of a “public utility” thereby attempting to endanger the society. Reportedly, the hacker identified serious vulnerabilities in Magyar Telekom and reported them to the company. He […]
Just yesterday, we reported the massive Facetime bug in iOS 12.1 devices that allowed people to eavesdrop a conversation, even before the recipient picks up a call. Now, a report suggests that some users are gravely affected by the bug. Bloomberg reports that a Texas-based lawyer is suing Apple, alleging that the iPhone bug allowed an unknown person to listen to his private […]
A security researcher has discovered multiple one-click client-side vulnerabilities in the some of the world’s most popular and widely-used web hosting companies that could have put millions of their customers as well as billions of their sites’ visitors at risk of hacking.Independent researcher and bug-hunter Paulos Yibelo, who shared his new research with The Hacker […]
Check Point researchers have discovered multiple security vulnerabilities in Fortnite, a massively popular online battle game, one of which could have allowed remote attackers to completely takeover player accounts just by tricking users into clicking an unsuspectable link. The reported Fortnite flaws include a SQL injection, cross-site scripting (XSS) bug, a web application firewall bypass […]
A set of 36-year-old vulnerabilities has been uncovered in the Secure Copy Protocol (SCP) implementation of many client applications that can be exploited by malicious servers to overwrite arbitrary files in the SCP client target directory unauthorizedly. Session Control Protocol (SCP), also known as secure copy, is a network protocol that allows users to securely […]
Security researchers have discovered three vulnerabilities in Systemd, a popular init system and service manager for most Linux operating systems, that could allow unprivileged local attackers or malicious programs to gain root access on the targeted systems. The vulnerabilities, assigned as CVE-2018-16864, CVE-2018-16865, and CVE-2018-16866, actually resides in the “systemd-journald” service that collects information from […]
I hope you had biggest, happiest and craziest New Year celebration, but now it’s time to come back at work and immediately update your systems to patch new security flaws that could exploit your computer just by opening a PDF file. Adobe has issued an out-of-band security update to patch two critical vulnerabilities in the […]
The Indian Government has suggested that amendments to the Information Technology (IT) Act should be made to curb the spreading of fake news in the country. As per a report by The Times Of India, the government plans to make changes to the IT rules to charge penalty and pull down websites, causing the dissemination […]
Adobe is closing out this year with its December Patch Tuesday update to address a massive number of security vulnerabilities for just its two PDF apps—more than double the number of what Microsoft patched this month for its several products. Adobe today released patches for 87 vulnerabilities affecting its Acrobat and Reader software products for […]
This is why you should always think twice before opening innocent looking email attachments, especially word and pdf files. Cybersecurity researchers at Cisco Talos have once again discovered multiple critical security vulnerabilities in the Atlantis Word Processor that allow remote attackers to execute arbitrary code and take over affected computers. An alternative to Microsoft Word, […]
Pacu is an open source AWS exploitation framework, designed for offensive security testing against cloud environments. Created and maintained by Rhino Security Labs, Pacu allows penetration testers to exploit configuration flaws within an AWS account, using modules to easily expand its functionality. Current modules enable a range of attacks, including user privilege escalation, backdooring of […]