The chaos and panic that the disclosure of privacy vulnerability in the highly popular and widely-used Zoom video conferencing software created earlier this week is not over yet. As suspected, it turns out that the core issue—a locally installed web server by the software—was not just allowing any website to turn on your device webcam, […]
TROMMEL sifts through embedded device files to identify potential vulnerable indicators. The tool can be used to search files and configurations in a directory and find potential vulnerability. Usually any security scanner will produced reports and finding without properly confirming the system vulnerability. Vulnerability scanner allow security professional to automate and accelerate the vulnerability assessment […]
Recently, security researchers at the Mimecast Threat Center discovered a new vulnerability in the Microsoft Excel spreadsheet application, which has caused 120 million users to be vulnerable to cyber attacks. The researcher points out that this vulnerability allows an attacker can use Excel’s Power Query tool to enable remote dynamic data exchange (DDE) on a […]
Critical Bug in Medical Infusion Pumps lets Attacker Remotely install Unauthorized Firmware to Change Medication Dosages. Researchers at CyberMDX, a healthcare security firm, have identified two different vulnerabilities in Becton Dickinson Alaris Gateway Workstations (AGW) used by hospitals in medical infusion pumps. One of the bugs is so severe that it carries a critical rating […]
Victoria’s public health system is “highly vulnerable” to a Singapore-like data breach, according to a recent report. As per an auditor general report released recently, the public health system in Victoria is vulnerable to an attack like the one that Singapore had experienced last year. The Singapore data breach had led to the exfiltration of […]
A critical remote execution vulnerability in Microsoft remote desktop services enables let attackers compromise the vulnerable system with WannaCry level malware. Microsoft recently fixed this RCE vulnerability in Remote Desktop Services – formerly known as Terminal Services, and it’s affected some of the old version of Windows. A WannaCry attack was one of the notorious […]
Linux operating system computers running versions prior to 5.0.8 kernel distributions are impacted by a vulnerability exposing systems committed to a wide variety of remote attacks, as reported by information security services experts. A threat actor could exploit the vulnerability that resides in the rds_tcp_kill_sock kernel’s TCO/IP implementation to generate denial-of-service and remote code execution […]
Cloud cameras (AKA IP Cameras) provide convenient and easy to use visual monitoring device for offices, houses, and shops of all sizes. It is slowly but surely replacing the bulky and complicated CCTV (closed-circuit television) systems, and for the right reason, primarily due to its easy expandability. However, since this kind of system is always […]
Dell laptop and computer owners beware! Your machine is vulnerable to an attack that can be executed remotely to hijack your system — just by making you visit a malicious website. As reported by ZDNet, a 17-year-old security researcher, Bill Demirkapi, discovered a vulnerability in the Dell SupportAssist utility that allows attackers to execute malicious codes remotely. The […]
According to research, February 2019, at the University of Cambridge, it was found that many modern laptops desktop computers are vulnerable to hacking through common plug-in devices. The research, team at the Network and Distributed Systems Security Symposium in San Diego, showed how in a matter of seconds the attackers can compromise an unattended machine […]
With malware infestation, data breaches allegedly caused by state-funded actors and phishing attacks becoming headlines in both mainstream media and tech news sites, it is still not the main cause of concern for IT professionals. In a recent survey of IT professionals, 73% of the respondents believe that the main cause for concern is attacks […]
The purpose of security apps is to protect devices and user data. However, Xiaomi’s pre-installed security app did just the opposite and made its smartphones more vulnerable to attacks. The app in question is Xiaomi’s security app, Guard Provider, which uses anti-virus scanners from popular developers like Avast, AVL, and Tencent to scan for the presence of malware. […]
Firefox 66.0.1 Released with Fix for Critical Security Vulnerabilities that discovered via Trend Micro’s Zero Day Initiative. The vulnerability affects all the versions of Firefox below 66.0.1. An attacker could exploit these vulnerabilities to take complete control over the target system of the process. CVE-2019-9810: Incorrect alias information Incorrect alias information with IonMonkey JIT compiler […]
Defibrillators are electronic devices manufactured to save the lives of people with life-threatening heart conditions such as Hypertrophic Cardiomyopathy (HCM). But now, according to the Department of Homeland Security (DHS), Medtronic defibrillators are vulnerable to cyber attacks allowing hackers to remotely control the device within “short-range access.” In total, 20 Medtronic products are vulnerable affecting over […]
As WordPress gained popularity over its CMS competitors like Joomla and Drupal, it grew to a level where plugin developers jumped into the bandwagon effect. Plugins are a double-edged sword; it extends WordPress’ capabilities beyond the default functions. But it comes with risks which if not checked can cause trouble for the website. Woocommerce Abandoned […]
By gaining access to the vehicles, hackers can not only locate them but also open their doors and even turn off the engine while the owner is driving. Two popular car alarm companies are facing problems with their products. Viper and Pandora are famous for their alarms that cost thousands of dollars, and promise greater safety […]
Experts explain why this combination of characters has been linked to multiple incidents of data breach According to network security and ethical hacking specialists from the International Institute of Cyber Security, a recent investigation revealed that the character combination ‘ji32k7au4a83’ is one of the most used passwords, but is also one of the most vulnerable. […]
Two old vulnerabilities were exploited, allegedly by Chinese hackers The Cisco network security and ethical hacking teams recently detected intrusions from malicious hackers by targeting Elasticsearch clusters to exploit previously reported vulnerabilities to perform various malicious actions such as malware injection and cryptocurrency mining, reported experts from the International Institute of Cyber Security. “Hackers are […]
DCOMrade is a Powershell script that is able to enumerate the possible vulnerable DCOM applications that might allow for lateral movement, code execution, data exfiltration, etc. The script is build to work with Powershell 2.0 but will work with all versions above as well. The script currently supports the following Windows operating systems (both […]
Smart devices definitely make our lives easier, faster, and more efficient, but unfortunately, an insecure smart device can also ruin your day, or sometime could even turn into the worst nightmare of your life. If you are an electric scooter rider, you should be concerned about yourself. In a report shared with The Hacker News […]
The legacy-dependence of the financial sector is very evident, many banks are still using legacy hardware and software to perform their day-to-day operations. Such a legacy system performs admirably when it comes to the aspect of reliability and uptime, old mainframe and old Unix boxes really do run 24/7 until power is cut. Unfortunately, the […]