Browsing tag
LibreOffice is a free use and open source office software package that has a relatively large number of users. Recently, web application security specialists reported a flaw that could compromise the integrity of a system by simply opening a malicious file. According to reports, this condition exists due to a code execution vulnerability that, if […]
The researcher discovered a code execution vulnerability in LibreOffice let an attacker hack your computer by just sending a weaponized document with macro and promote a user to Open it via LibreOffice. LibreOffice is an open-source office suite alternative of MS office developed by The Document Foundation that compatible with .doc, .docx, .xls, .xlsx, .ppt, […]
Are you using LibreOffice? You should be extra careful about what document files you open using the LibreOffice software over the next few days. That’s because LibreOffice contains a severe unpatched code execution vulnerability that could sneak malware into your system as soon as you open a maliciously-crafted document file. LibreOffice is one of the […]
The developers of the VLC media player have been involved into a new controversy. Recently, an alleged report by information security audit experts stated that this software had increasing security flaws that exposed users to malicious activities such as remote code execution. The report, revealed in past days, even claimed that, using a video loaded […]
A new vulnerability in NVIDIA Tegra processors exposes multiple cyberattacks to systems that use them, primarily Internet of Things (IoT) devices. According to information security services specialists, vulnerable equipments are exposed to data forwarding, hijacking, malicious code execution and privilege escalation. Researcher Triszka Balázs was in charge of discovering the vulnerability; after publishing its finding, […]
The probability that Lenovo has earned the infamous record for becoming a subject of the world’s biggest data breach in history is shaping-up fast. The culprit? The still online legacy Iomega storage system harboring a security flaw but still being used as an internal NAS drive that was left within the infrastructure of Lenovo for […]
Experts in vulnerability testing discovered a critical flaw in Ad Inserter, a plugin for advertising management on WordPress sites. If exploited, this flaw would allow any low-privileged user to execute code on the compromised web server. After the presence of this flaw was verified, multiple members of the cybersecurity community recommended that system administrators using […]
Web application security specialists have reported the finding of a new vulnerability in Apple’s new operating system iOS 13 beta version which, if exploited, gives threat actors full access to passwords, email addresses and any login data stored by the ‘Auto Fill’ system feature. Because this version of the operating system is still in testing […]
Instant messaging apps like WhatsApp and Telegram keep your messages encrypted in transit, but once a media file reaches your phone, the same cannot be guaranteed. Researchers from Symantec have demonstrated how a vulnerability in WhatsApp and Telegram can be exploited by hackers to hijack the media files that are sent through these services. How […]
The newly discovered ransomware family targets the QNAP network attached storage (NAS) devices. This malicious program, known by security researcher Anomali as eCh0raix (identified by Trend Micro as Ransom.Linux.ECHORAIX.A), was developed for ransomware attacks similar to those of Ryuk or LockerGoga. A NAS device that is connected to a network acting as file storage and […]
The chaos and panic that the disclosure of privacy vulnerability in the highly popular and widely-used Zoom video conferencing software created earlier this week is not over yet. As suspected, it turns out that the core issue—a locally installed web server by the software—was not just allowing any website to turn on your device webcam, […]
Web application security experts reported the presence of a vulnerability in the Apple Watch that, if exploited, allowed threat actors to spy on users of iPhone devices. The vulnerability was exploitable through Walkie-Talkie, an app installed on Apple Watch; due to this flaw, people could listen to calls on other users’ iPhone. The Walkie-Talkie app […]
In recent days the web application security audit specialist Jonathan Leitschuh revealed the existence of zero-day vulnerability in Zoom, the popular video conferencing software. Threat actors can abuse the “click-to-join” feature, which allows Mac users to join a Zoom session through a browser link, by installing a local server that executes requests from unconventional browsers. […]
As we discuss more and more stories about vulnerabilities everyday here in Hackercombat.com, we need to empower you – our readers of the basics of vulnerability management. Programs are flawed by design, in a normal life cycle of software; patches are issued by the vendor to fix newly discovered bugs. Using a computer while the […]
Ever since email came into existence in the 1990s and the high level of awareness of the risks involved, 94% of the organizations surveyed said that it was still a major vulnerability. At the same time, email threats are expected to increase in the coming year, according to 87% of the 280 decision-makers in Europe, […]
Researchers discovered several vulnerabilities that affected Lenovo servers/application infrastructure that could have exploited the systems integrity, availability, and confidentiality. Lenovo Group, one of the multinational technology company, sells personal computers, tablets, smartphones, workstations, servers, electronic storage devices. Totally nine vulnerabilities were identified, in which, two vulnerabilities are categorized under High severity, and seven vulnerabilities are […]
We’ve often heard about it, but what is a SaaS company? SaaS means “Software as a Service,”so basically, this is an organization or a business that hosts a software that is offered to customers through the internet. The software is in the company’s servers, and the user accesses it remotely. What Is a SaaS Company […]
Microsoft Teams, a platform designed for teamwork management in enterprise environments, contains a vulnerability that, if exploited, would allow any user to inject malicious code into the platform and increase their privileges, report specialists in IT system audits. According to reports, the Microsoft Team vulnerability can be exploited by running an update command on the […]
Bulgarian authorities arrested an IT expert for demonstrating a flaw in the security of the software used by local kindergartens. This vulnerability allows Petko Petrov to download details of 235,543 people in Stara Zagora, a province in central Bulgaria with more than 333,000 inhabitants. Petkov demonstrated the software flaw in a video that he posted […]
According to information security audit specialists there is a Microsoft Excel feature called Power Query that could be used by threat actors to inject malware into remote systems. Experts at Mimecast Threat Center described how the vulnerability could be exploited through a proof of concept. Power Query enables Excel users to embed external data sources […]
Vulnerability analysis specialists have discovered a set of security flaws in the Origin online video game store, developed by Electronic Arts (EA). These flaws in the platform would have exposed the accounts of more than 300 million gamers worldwide, as cybersecurity firms Check Point Research and CyberInt reported. In the reports, experts indicate that vulnerabilities […]