Browsing tag
Google is engaging in a very competitive market in cloud storage and solutions sector. It is a growth market where the search giant is wrestling arms with Amazon Cloud Services, Microsoft Azure, IBM, SAP, Salesforce and other minor players. Their products and services have many things in common than differences. Hence, it is important for […]
A Microsoft Zero-day vulnerability that existing in Microsoft JET Database Engine has been crossed zero-day Initiative (ZDI) 120 days disclosure deadline and now it released in public. ZDI initially reported this zero-day flow to Microsoft on May 8, 2018, since then Microsoft acknowledged the vulnerability and started working on it to provide the patch for […]
TOR, also known as the Onion router has been the go-to method for the privacy-savvy people to browse the web with confidence, as TOR traffic hides people’s identity. However, browsing through TOR requires a web browser, specially designed to use the TOR network and not just a mainstream browser. Just like any software, TOR Browser […]
Windows Task Scheduler was Microsoft’s answer to Unix Cron, for the purpose of running applications, scripts, and batch commands on-schedule. It was first released as an add-on option for Windows 95 and NT4.0 in 1997 as part of the Internet Explorer 4.0 installer package. With Windows 98 and later, Windows Task Scheduler became a regular […]
WiFi Broadcasts in Android OS Leaking sensitive data from a user’s Android device and the details about all the application that running on the user’s device. All the version of Android running devices is affected by this vulnerability including Amazon’s FireOS for the Kindle. It leaks Sensitive information such as WiFi network name, BSSID, local IP addresses, […]
Researchers have uncovered an “API-breaking” vulnerability, which could expose Android device systems data to rogue apps. The sensitive information thus exposed could be misused by cybercriminals. Security researchers from Nightwatch Cybersecurity, in a detailed blog post on the vulnerability, have explained that system broadcasts from the Android OS may expose sensitive information about the user’s […]
New Privilege Escalation Bug Identified in Windows OS. Recently a Twitter user, using the handle SandboxEscaper, disclosed that the Microsoft Windows OS has a zero-day vulnerability, which is yet unknown to the company. Tweeting on the microblogging platform, the user stated: “Here is the alpc bug as 0day. I don’t f**king care about life anymore. […]
Ghostscript, a mainstream raster image processor and back-end raster image converter for PDF has been discovered of harboring a critical vulnerability, a zero-day remote code execution flaw. Ghostscript is an open standard, almost all image applications dealing with raster graphics bundle it by default. “I found a few file disclosure, shell command execution, memory corruption […]
Windows-based Outlook Express for a long time had been the center of controversy for Microsoft for implementing an insecure email client from 1993 till 2006. It was only until the release of Windows Vista’s Mail app (Outlook Express’ successor.) when Microsoft started to pick-up a better PR for their email client’s security reputation. However, vulnerabilities […]
Trend Micro is introducing a new update on how its software implements automatic updates, they dubbed it “Virtual Patching”. It is designed as a short-term stop-gap measure of preventing security issues while waiting for an official security patch from the vendor of the affected software. Nilesh Jain, VP-SEA of Trend Micro said: “Advanced cyberattacks including […]
A new zero-day exploit for Windows VBScript Engine discovered that belongs to North Korean cyber criminals gang called Darkhotel which is the same gang behind another Zero-day flaw “double kill” that affected IE browser. This new zero-day attack spotted in July by security researchers from Trend Micro that helps to exploit the code execution vulnerability in […]
A security researcher has demonstrated, at the recent Def Con security conference, that a Mac computer running Apple’s High Sierra operating system can be very easily hacked by simply tweaking two lines of the code. This revelation was made by Patrick Wardle, an ex-NSA hacker, who is at present the Chief Research Officer at Digita […]
Researchers have detected a privilege escalation vulnerability with Cortana that allows hackers to gain physical access and do unauthorized browsing on your locked system. Researchers working at security firm McAfee have observed two different scenarios of such attacks taking place. One, a hacker forcing Microsoft Edge to navigate to some other URL and two, a […]
Penetration testing (AKA Pen test) is an authorized deliberate hacking of a corporate network and computer infrastructure to determine its vulnerability. The vulnerability report arising from pen test is a valuable part of the system audit, which will enable the production of a credible mitigation plan while preserving overall security and privacy of the system […]
Turns out, Intel has now discovered and published a new Bluetooth vulnerability, which could help intercept and manipulate transmissions between two compatible devices. The reports say that the newly discovered vulnerability has the potential to allow cybercriminals to intercept transmissions between two affected Bluetooth-compatible devices and also to relay malicious signals back and forth between […]
Newly discovered malware campaign distributing powerful FELIXROOT Backdoor using Microsoft Office Vulnerabilities to compromise the victim’s windows computers. FELIXROOT backdoor campaign initially discovered in September 2017 that distributed via malicious Ukrainian bank documents with macro that download the backdoor from C&C server. Currently attackers distributing weaponized lure documents that contains exploits for Microsoft office vulnerabilities CVE-2017-0199 and CVE-2017-11882 […]
The United States, through its intelligence agencies, has uncovered a major cyber espionage vulnerability against software-based supply chain software. A supply chain attack refers to a cyber attack of unauthorized penetration of the supply chain network in order to farm information usable by 3rd parties. The announcement highlighted the cyber capabilities of Iran, China, and […]
Antimalware companies have made many innovations for many decades in order to keep individuals and enterprises secure from cyber risks. However, human end-users are still considered the weakest part of the chain in the IT security space. As computing technology becomes more complex, end-users are expecting better designed interface, enhanced with more automation technologies to […]
Security specialists on Tuesday revealed a technique that could’ve enabled hackers to bypass a wide range of extensive commercial products to protect Apple devices from malware. While there’s no confirmation the bypass was ever used malignantly, the issue went unnoticed for over 10 years. The question now is how vendors like Google and Facebook look […]
A serious vulnerability, which could cause remote code execution attacks has been detected and then patched in the Git software source code. The patching of this vulnerability has helped prevent such attacks that were being launched at users. Git is an open source software that has originally been created for Linux Kernel development and which […]
A vulnerability in the Steam client was an open door to hackers for more than 10 years. The vulnerability was discovered by security researcher Tom Court of Contextis, who warned Steam and the good news is that it was quickly shut down by Steam developers Valve. According to Court, Steam software allowed malicious hackers to carry […]