Think, Talk, Hack

Browsing tag

vulnerability

Firefox 66.0.1 Released – Critical Security Vulnerabilities in Firefox Allows Hackers to Take Over the Vulnerable System

Firefox 66.0.1 Released with Fix for Critical Security Vulnerabilities that discovered via Trend Micro’s Zero Day Initiative. The vulnerability affects all the versions of Firefox below 66.0.1. An attacker could exploit these vulnerabilities to take complete control over the target system of the process. CVE-2019-9810: Incorrect alias information Incorrect alias information with IonMonkey JIT compiler […]

root

Medtronic defibrillators vulnerable to life threatening cyber attacks

Defibrillators are electronic devices manufactured to save the lives of people with life-threatening heart conditions such as Hypertrophic Cardiomyopathy (HCM). But now, according to the Department of Homeland Security (DHS), Medtronic defibrillators are vulnerable to cyber attacks allowing hackers to remotely control the device within “short-range access.” In total, 20 Medtronic products are vulnerable affecting over […]

root

Panic after hackers take control of emergency tornado alarms in Texas

On March 12th, at around 2:30 a.m., residents of two Texas towns panicked after hearing tornado alarm that went off until 4:00 a.m. They were disturbed because the alarms repeatedly went on and off for about one and a half hours, thanks to hackers – Finally, related authorities were able to turn them off. The […]

root

Flaw in NSA’s GHIDRA leads to remote code execution attacks

GHIDRA is NSA’s reverse engineering tool released earlier this month. Earlier this month, Hackread.com posted about the National Security Agency’s (NSA) publicly releasing its decompiler and disassembler tool GHIDRA and make it open-source software. Now, it has been revealed that the generic reverse engineering tool has a flaw that can be exploited by cybercriminals for carrying […]

root

Google Photos Vulnerability Allows Hackers To Track Location History

A vulnerability exists with the web version of Google photos allows malicious websites to extract the photos metadata information. Google photos will tag your photos automatically based on the metadata information such as geographic coordinates, date, etc. The Photo metadata allows information to be traveled along with the image file that can be read by […]

root

Google Photos Vulnerability that Lets Retrieve Image Metadata

A vulnerability that was detected in the web version of Google Photos could be used by hackers to retrieve image metadata. ZDNet reports, “Google has patched a bug in its Photos service that could have allowed a malicious threat actor to infer geo-location details about images a user was storing in their Google Photos account.” […]

root

Critical key exchange vulnerability in PuTTY

PuTTY, the SSH client has been updated with various security patches, while its main maintainers recently admitted that a critical vulnerability was corrected, reported online ethical hacking training experts from International Institute of Cyber Security. Among the fixes received recently PuTTY include new features to solve multiple vulnerabilities in the Telnet and SSH client; according […]

root

Intel launches security patches to fix critical vulnerabilities

In recent days Intel released a considerable amount of update patches to correct various vulnerabilities that could allow remote code execution in compromised systems, reports an ethical hacking training expert from the International Institute of Cyber Security. The company launched some security alerts to inform its users of the potential risks. According to the ethical […]

root

Critical vulnerability in a popular PHP library

An ethical hacker from the International Institute of Cyber Security reports the discovery of critical security vulnerability in TCPDF, one of the most used PHP libraries to generate PDF files. According to the ethical hacker, the vulnerability could be exploited by malicious users to perform a remote code execution on web pages and applications that […]

root

Due To Disabled Auto-Update: Old WinRar Bug Caused Trouble For Users

Just like the operating system itself, application software needs to be updated regularly in order to prevent the possibility of fixed security vulnerability from being taken advantage of by 3rd parties. It is unfortunate that many users are starting to avoid auto-updates for their software altogether in order to prevent the hassles of restarting the […]

root

Unpatched Plugin Cost MSP To Fall For Ransomware Infection

Signing-up for Managed Service Providers (MSP) is a quick solution to lower the cost of maintenance for workstation troubleshooting, repairs, and maintenance. However, allowing a 3rd party company as the system administrators of a corporate network entails its own risks. Such risk may even reach critical operational levels and damage the company, losing weeks if […]

root

Hackers are using 19-year-old WinRAR bug to install nasty malware

By using the bug, hackers are desperately dropping persistent malware through generic trojan on systems using the old version of WinRar. McAfee security firm’s researcher Craig Schmugar has identified that the world famous and commonly used compression software WinRar is plagued with code execution vulnerability for the past nineteen years. Resultantly, over 100 exploits have surfaced that […]

root

A new Windows vulnerability affects versions 8 and 10

The flaw is being exploited by at least two malicious actors; Users are encouraged to install updates as soon as they are. The most recent Microsoft weekly update package focused on two relevant vulnerabilities, mentioned network security and ethical hacking experts from the International Institute of Cyber Security. First, a fix was released for a […]

root

Vulnerabilities Discovered in Swiss E-Voting System

Technical flaws were detected in the Swiss government’s electronic voting system. A team of cybersecurity researchers on Tuesday found this defect which could enable outsiders to replace legitimate votes with fraudulent ones. Sarah Jamie Lewis, Olivier Pereira, and Vanessa Teague published a report, which details how the issue is related to the way Switzerland’s voting […]

root

WordPress Plugin WooCommerce is Vulnerable to XSS Attacks

As WordPress gained popularity over its CMS competitors like Joomla and Drupal, it grew to a level where plugin developers jumped into the bandwagon effect. Plugins are a double-edged sword; it extends WordPress’ capabilities beyond the default functions. But it comes with risks which if not checked can cause trouble for the website. Woocommerce Abandoned […]

root

A Facebook Messenger vulnerability reveals who you’ve been writing to

The flaw is in a browser code included on the messaging service Facebook is making some changes to its messaging services, although this could backfire on the process. According to experts in network security of the International Institute of Cyber Security, a flaw on Facebook would have allowed malicious actors to know who to chat with a user via […]

root

Buffer overflow vulnerability found in British Airways flight screens

The expert has been criticised for the method he used to discover this flaw Network security and ethical hacking specialists recently discovered a vulnerability that exposes to denial of service (DoS) attacks to entertainment systems on some airlines. According to experts from the International Institute of Cyber Security, any airline working with these devices, manufactured by the Thales […]

root

Critical zero-day vulnerability in Windows operating systems

The flaw requires being combined with a Chrome browser exploit Network security and ethical hacking specialists from the International Institute of Cyber Security recommend Windows operating system users to upgrade to version 10 to protect against a critical vulnerability that has already been exploited in the wild. Unidentified threat actors have combined an unpatched local privilege escalation exploit […]

root

New Google Chrome Zero-Day Vulnerability Detected

A new Google Chrome zero-day vulnerability, which is being actively exploited in the wild, has been detected. Clement Lecigne, a security researcher who is part of Google’s Threat Analysis Group, has found and reported this high severity vulnerability in Google Chrome late last month. This zero-day vulnerability could reportedly allow remote attackers to execute arbitrary […]

root

Vulnerability in Windows Deployment Services allows server hijacking

A protocol implementation error appears to be the cause of this flaw Network security and ethical hacking specialists recently published a report revealing technical details about a vulnerability that allowed server hijacking and deployment of Windows versions with backdoors installed in Windows Deployment Services. The vulnerability would affect Windows Server 2008 SP2 and later; it […]

root

Vulnerabilities expose Thunderbolt ports

Experts demonstrated an attack technique to compromise a computer through hardware connections A team of researchers developed a Field-Programmable Gate Array (FPGA) to demonstrate an attack in which a hacker could take control of a computer by exploiting a number of vulnerabilities on the Thunderbolt port, reported experts in network security and ethical hacking from […]

root