Browsing tag
Web application security specialists report the discovery of a critical vulnerability in a Check Point software solution that, if exploited, would allow a threat actor to perform a privilege escalation to execute arbitrary code with administrator privileges. The company has already been notified and is working to eliminate this security risk. The SafeBreach Labs team […]
New cryptographic vulnerability in Tesla Model S key fob’s encryption allows hackers to clone the key and steal the car without touching the owners key. Lennert Wouters, a security researcher from Belgian university KU Leuven and, his team revealed a new technique to bypass the Model S key fob’s encryption in Cryptographic Hardware and Embedded […]
If you are a user of a Lenovo laptop you may need to uninstall the Lenovo Solution Center tool, as a team of vulnerabiliy testing experts has revealed the existence of a critical vulnerability in this pre-installed software that, if exploited, could grant a threat actor system administrator privileges. Experts at Pen Test Partners mention […]
A group of vulnerability testing researchers has revealed a new method to break Bluetooth’s encryption key negotiation protocol; the attack, dubbed ‘Key Negotiation of Bluetooth’ (KNOB) is possible on any device that supports the Bluetooth protocol and has required an early response from Google security teams for correction. Researchers Kasper Rasmussen and Daniele Antonioli, from […]
The RubyGems package repository maintenance team recently announced the removal of at least 18 malicious versions of 11 Ruby libraries due to the presence of a backdoor. Web application security experts claim that even cases were detected in which Ruby’s programming projects were infected with cryptocurrency mining malware. This malicious development was discovered just a […]
Zero-day vulnerability in the Steam online gaming platform client has been revealed. According to the ethical hacking researcher who discovered the flaw, this is the second zero-day vulnerability found on Steam in just a couple of weeks. The first vulnerability, detected by the same Russian researcher, was reported in a timely manner to Valve, a […]
During the most recent months, multiple security flaws have been detected in the VLC Media Player, which have been reported in a timely manner to its developers. According to web application security specialists, one of the most prominent reports details critical vulnerabilities that could lead to high-risk scenarios in combination with other attack variants. A […]
Thanks to some reports of service failures of the popular streaming platform Netflix, a group of vulnerability testing specialists has detected multiple denial of service (DoS) vulnerabilities in various implementations of the HTTP/2 network protocol, which allows the operation of most of the conventional websites; according to the report, if these flaws were exploited any […]
According to Microsoft, unprotected servers can spread viruses and malware over the network without the user’s interaction. Microsoft is warning users to update their Windows 10 operating system immediately to protect themselves from critical vulnerabilities. According to the company, unprotected servers can spontaneously spread viruses and malware over the network, meaning without the user’s intention. […]
Wireless protocols are not exempt from cybersecurity risks. IT security audit specialists say that more than one billion Bluetooth-enabled devices (smartphones, IoT equipment, laptops, switches, and others) present a critical vulnerability that, if exploited, would allow hackers to intercept transmitted data between two connected devices, especially smartphones. Tracked as CVE-2019-9506, this vulnerability is present in […]
Organizations from all over the world are experiencing an increase in social engineering attacks, both in number and in sophistication. Hackers are devising more clever methods of fooling individuals or employees into giving up sensitive data that can be used to breach the company. As such, organizations need extra due diligence to counter these social […]
We are covering ransomware and the latest “innovations” to improve it at the expense of the poor victims since 2017. They are always on top of their game in order to expand the infection rates and bypass antivirus software, with only one focus since day 1: profit. Ransomware has infected PCs with Windows, Linux, and […]
The implementation of cloud-based architecture has been promoted as a much more secure alternative than traditional networks, mentioning experts in vulnerability testing. However, this security does not appear to extend to mobile applications that depend on the simultaneous use of many different cloud servers. Researchers at a university in the U.S. analyzed the 5,000 most […]
Security issues keep popping up for British Airways. Network security experts have revealed a flaw in the airline’s e-ticketing system that, if exploited, could expose passengers’ confidential information, including booking details and history of flights; experts fear that this information could even be modified, which would seriously affect users. According to reports, the confirmation links […]
A team of ethical hacking specialists from Eclypsium security firm has revealed a report describing a critical vulnerability present in the design of software used in modern drivers that, if exploited, would allow threat actors to get high privileges that would guarantee them unrestricted access to hardware. Reports claim that more than 40 hardware manufacturers […]
Vulnerability testing specialists have revealed a security vulnerability that affects all Windows operating system computers running on Intel and AMD 64-bit processors. If exploited, these flaws could give a hacker access to passwords, private conversations, and other sensitive information stored in the operating system kernel memory. According to reports, the vulnerability takes advantage of the […]
The same team of cybersecurity researchers who discovered several severe vulnerabilities, collectively dubbed as Dragonblood, in the newly launched WPA3 WiFi security standard few months ago has now uncovered two more flaws that could allow attackers to hack WiFi passwords. WPA, or WiFi Protected Access, is a WiFi security standard that has been designed to […]
A critical remote code execution vulnerability that resides in the DHCP client allows attackers to take control of the system by sending malicious DHCP reply packets. A Dynamic Host Configuration Protocol (DHCP) Client allows a device to act as a host requesting-configuration parameter, such as an IP address from a DHCP server and the DHCP […]
Currently it is no longer uncommon to hear about cases where technology companies intentionally omit the security issues present in their products or services. This time, the company involved is Cisco, which has just reached an agreement to pay $8.6M USD after admitting that it sold surveillance software vulnerable to multiple variants of cyberattack, reported […]
The network technology company, Cisco is set to pay a settlement agreement worth $8.6 million for an alleged violation of the U.S. False Claims Act (FCA). The case was brought-up eight years ago in May 2011, it stemmed from the claim that Cisco was neglecting its responsibility to patch its Video Surveillance Manager. James Glenn, […]
It is like being hit by a bullet that we never saw coming our way. That is how we at hackercombat.com describe the controversy with regards to VxWorks embedded OS’ TCP/IP bugs that are now affecting close to 2 billion Internet-connected devices globally. Now known as Urgent/11, a batch of 11 flaws affecting VxWorks, an […]