Browsing tag
The researcher discovered a code execution vulnerability in LibreOffice let an attacker hack your computer by just sending a weaponized document with macro and promote a user to Open it via LibreOffice. LibreOffice is an open-source office suite alternative of MS office developed by The Document Foundation that compatible with .doc, .docx, .xls, .xlsx, .ppt, […]
ProFTPD is an open-source and one of the most popular FTP server software used by more than one million servers all over the world. It comes pre-installed on several Linux and Unix-based distributions, including Debian. A German security researcher has revealed a security flaw that makes ProFTPD servers vulnerable to remote code execution attacks. Tobias […]
Update VideoLAN has tweeted that the security issue reported by CERT-Bund is not as severe as claimed. VideoLAN says the issue lies in a third-party library, called libebml, that was fixed 16 months ago. VLC makers say that the claim was based on a previous (and outdated) version of VLC. Meanwhile, the VLC CVE has […]
The chaos and panic that the disclosure of privacy vulnerability in the highly popular and widely-used Zoom video conferencing software created earlier this week is not over yet. As suspected, it turns out that the core issue—a locally installed web server by the software—was not just allowing any website to turn on your device webcam, […]
Its time for hackers to hack your PC using malformed video file, yes, critical vulnerabilities in VLC media Player let attackers load specially crafted video files in the vulnerable system to execute the arbitrary code. VideoLAN released a security update for VLC Media player with the fixes for two vulnerabilities that allow attackers to execute […]
The BlueKeep RDP bug (CVE-2019-0708) in Microsoft Windows is a serious issue and it has been making rounds for almost a month now. As you might know, it affects older Windows versions including Windows 7 and XP. Microsoft first revealed details about the bug last month and also released a security patch for all the […]
A couple of weeks ago, Microsoft revealed details about a severe bug that exists in the Remote Desktop Protocol (RDP) in Windows OS. The bug is called BlueKeep; it can be used to trigger remote code execution attacks. Microsoft warned that it’s “warmable,” which means some attacker can take advantage of the bug to create self-replicating […]
Most Destructive IoT malware Mirai now being delivered as Miori and its spreading via dangerous remote code execution exploits. Mirai malware has strong records of infecting poorly managing IoT devices and performing DDOS attacks on various platforms. In order to run the malware on cross-platform, it must be able to run on different architectures without […]
This library is used by popular media players, along with a series of integrated devices with streaming capacities Cybersecurity and digital forensics researchers report the finding of a critical remote code execution vulnerability in the LIVE555 streaming library, the flaw has been identified with the key CVE-2018-4013. Maintained by Live Networks company, the library works […]
Apparently user’s information has not been compromised A vulnerability has been patched in a Facebook server that could have enabled information disclosure and command execution. The compromised service was Sentry, an open-source error tracking application that helps developers control and correct flaws in real time. It’s written in Python with the Django framework. Cyber security organization researchers were examining the application […]
The issue impacts several content management systems, including Typo3 and WordPress, as well as widely-used PDF generation library TCPDF. Researchers have created a proof-of-concept exploit that would enable bad actors to target a severe vulnerability in the PHP programming language behind several major CMS companies, including WordPress. The vulnerability remains unresolved – more than a […]
VMware security updates published for its AirWatch Agent that affected by critical remote code execution vulnerability. VMware is a virtualization software which is installed on the physical server to allow for multiple virtual machines (VMs) to run on the same physical server. This critical vulnerability discovered in VMware AirWatch Agent a division of virtualization vendor […]
Hackers now using Rig Exploit Kit to exploiting the Internet Explorer (IE) remote code execution vulnerability ( CVE-2018-8174) with integrating a cryptocurrency-mining malware to mine Monero by Compromising Windows PC. This vulnerability affected Windows 7 and later versions also this powerful exploit work via Microsoft Office documents and Internet Explorer (IE). Rig Exploit Kit delivered various payload […]
There is a rapid growth in cryptocurrency attacks from the mid of 2017, mining cryptocurrency requires more computing power, which requires significant amounts of energy. Attackers abuses Oracle WebLogic Server vulnerability to deliver Monero Miner Payloads. As long as your server has RCE vulnerability attackers take an advantage of it and include malicious scripts. The […]
A Critical Remote Code Execution vulnerability discovered in Adobe Acrobat Reader DC that will perform a stack-based buffer overflow and execute the orbitary code when users opening the vulnerable Adobe document. This Critical RCE vulnerability affected the version of Adobe Acrobat Reader DC 2018.009.20044 and Below. Adobe Acrobat Reader is the most popular and most feature-rich […]
Microsoft has released February’s cumulative updates for Windows 10, better known as Patch Tuesday. The reason why the update is worth getting is it comes with fixes for 50 vulnerabilities in various versions of Windows 10. As per the release notes, the software addressed as a part of the Patch Tuesday update are Windows OS, […]
Probably, the most famous of the NSA tools leaked by the hacker group Shadow Brokers was EnternalBlue which gave birth to dangerous malware like WannaCry, Petya, and more recently, the cryptojacking malware WannaMine. Now, Sean Dillion, a security researcher at RiskSense, has modified the source code of three other leaked NSA tools called EnternalRomance, EternalChampion, and EnternalSynergy. […]
If you’re still among the netizens who use Flash Player, here is important news for you. In a security advisory published on Thursday, it’s daddy Adobe disclosed a critical remote code execution vulnerability that exists in Adobe Flash Player 28.0.0.137 and earlier versions. Adobe said that the vulnerability (CVE-2018-4878) is being exploited in the wild to […]
As a part of their Android Security Rewards and Chrome Rewards program, Google has rewarded a Chinese security researcher Guang Gong with $112,500 in total. Gong is the first to report an Android exploit chain after Google introduced bigger cash rewards for finding bugs. He reported the bugs to the Android security team back in […]
vBulletin, also known as vB, is a widespread proprietary Internet forum software package developed by vBulletin Solutions, Inc., based on PHP and MySQL database server. vBulletin powers many of the largest social sites on the web, with over 100,000 sites built on it, including Fortune 500 and Alexa Top 1M companies websites and forums. According […]
Microsoft has fixed a critical remote code execution bug (CVE-2017-11937) in the Malware Protection Engine that finds its home in a variety of products, including Windows Defender (Windows 8 and above) and Microsoft Security Essentials. According to a security advisory, the flaw leads to a memory corruption error when a specially crafted file is scanned […]