Archive for the ‘Security vulnerabilities’ Category

GitKraken flaw lead to the generation of weak SSH keys

The development team behind the Git GUI client GitKraken has fixed a vulnerability that was leading to the generation of weak SSH keys. The developers addressed the flaw with the release of version 8.0.1. The issue resides in the open-source library used by the Git GUI client to generate SSH keys, all the keys generated […]

Leave a Comment

Apache patch proves patchy – now you need to patch the patch

Software patches are sometimes a bit like buses. You don’t get one for a while, and then three come at once. For buses on busy urban routes, at least, the explanation of the phenomenon goes something like this. If three buses start out travelling the same route together in a nicely spaced sequence, then the […]

Leave a Comment

PoC exploit for 2 flaws in Dahua cameras leaked online

A proof of concept exploit for two authentication bypass vulnerabilities in Dahua cameras is available online, users are recommended to immediately apply updates. Experts warn of the availability of proof of concept (PoC) exploit code for a couple of authentication bypass vulnerabilities in Dahua cameras, tracked as CVE-2021-33044 and CVE-2021-33045.  A remote attacker can exploit both vulnerabilities by sending specially […]

Leave a Comment

Expert discloses new iPhone lock screen vulnerability in iOS 15

The security researcher Jose Rodriguez discovered a new lock screen vulnerability for iOS 15 (& iOS 14.8) that has yet to be fixed. The security researcher Jose Rodriguez (@VBarraquito) discovered a new lock screen vulnerability for iOS 15 (& iOS 14.8) that has yet to be addressed by Apple. A threat actor with physical access […]

Leave a Comment

Interesting Privilege Escalation Vulnerability

It should be noted that this is a local privilege escalation (LPE) vulnerability, which means that you need to have a Razer devices and physical access to a computer. With that said, the bug is so easy to exploit as you just need to spend $20 on Amazon for Razer mouse and plug it into […]

Leave a Comment

Google discloses unpatched Microsoft WFP Default Rules AppContainer Bypass EoP

Google disclosed the details of a Windows ​​AppContainer vulnerability because Microsoft initially had no plans to fix it. Google Project Zero experts disclosed the details of a Windows ​​AppContainer flaw after Microsoft announced it had no plans to fix it. The team focused its analysis on Windows Firewall and AppContainer that were designed by Microsoft […]

Leave a Comment

Cobalt Strike Vulnerability Affects Botnet Servers

The main components of the security tool are the Cobalt Strike client — also known as a Beacon — and the Cobalt Strike team server, which sends commands to infected computers and receives the data they exfiltrate. An attacker starts by spinning up a machine running Team Server that has been configured to use specific […]

Leave a Comment

The RedMonk Programming Language Rankings

This iteration of the RedMonk Programming Languages is brought to you by Microsoft. Developers build the future. Microsoft supports you in any language and Java is no exception; we love it. We offer the best Java dev tools, infrastructure, and modern framework support. Modernize your Java development with Microsoft. While we generally try to have our […]

Leave a Comment

Critical flaw in Microsoft Hyper-V could allow RCE and DoS

Experts disclose details about a critical flaw in Microsoft Hyper-V, tracked as CVE-2021-28476, that can allow executing arbitrary code on it. Researchers Peleg Hadar of SafeBreach and Ophir Harpaz of Guardicore disclose details about a critical flaw in Microsoft Hyper-V, tracked as  CVE-2021-28476 , that can allow triggering a DoS condition ot executing arbitrary code on it. The flaw resides in […]

Leave a Comment

Top 10 Tips to Protect Against OWASP Top 10 Vulnerabilities

OWASP Top 10 vulnerabilities is a list of the 10 most common security vulnerabilities in applications. The Top 10 OWASP web application security vulnerabilities are updated every 3-4 years. Last updated in 2017, the vulnerabilities featuring on the list are: Injection Broken Authentication Sensitive Data Exposure XML External Entities (XXE) Broken Access Control Security Misconfigurations Cross-Site Scripting […]

Leave a Comment

Google extends open source vulnerabilities database to Python, Rust, Go, and DWF

Google today announced it has extended its Open Source Vulnerabilities (OSV) database to incorporate data from additional open source projects, using a unified schema for “describing vulnerabilities precisely.” The benefits of open source software are widely understood, but concerns around vulnerabilities frequently rear their head. The vast majority of codebases contain at least one known open source vulnerability, while a […]

Leave a Comment

Dell fixes exploitable holes in its own firmware update driver – patch now!

Researchers at SentinelLabs say that they found various exploitable bugs in one of Dell’s Windows kernel drivers, which they reported back in December 2020. There were five related bugs, now collectively dubbed CVE-2021-21551. Dell has now issued a patch for these vulnerabilities (the official update is dated 2021-05-04), noting that: Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability […]

Leave a Comment

Apple Releases Update For ACE Vulnerability In WebKit

Apple has released iOS 14.5.1, which provides a memory corruption bug fix and patches an arbitrary code execution (ACE) vulnerability in WebKit — a web browser engine. Arbitrary code execution refers to an attacker executing code that they should not be able to execute. A malicious website could theoretically execute harmful code on your iPhone, […]

Leave a Comment

Serious Security: OpenSSL fixes two high-severity crypto bugs

We’re sure you’ve heard of OpenSSL, and even if you aren’t a coder yourself, you’ve almost certainly used it. OpenSSL is one of the most popular open-source cryptography libraries out there, and lots of well-known products rely on it, especially on Linux, which doesn’t have a standard, built-in encryption toolkit of its own. Even on Windows […]

Leave a Comment

Exploiting Spectre Over the Internet

Google has demonstrated exploiting the Spectre CPU attack remotely over the web: Today, we’re sharing proof-of-concept (PoC) code that confirms the practicality of Spectre exploits against JavaScript engines. We use Google Chrome to demonstrate our attack, but these issues are not specific to Chrome, and we expect that other modern browsers are similarly vulnerable to this exploitation vector. We […]

Leave a Comment

Expert publishes PoC exploit code for Microsoft Exchange flaws

On March 2nd, Microsoft has released emergency out-of-band security updates that address four zero-day issues (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) in all supported Microsoft Exchange versions that are actively exploited in the wild. The IT giant reported that at least one China-linked APT group, tracked as HAFNIUM, chained these vulnerabilities to access on-premises Exchange servers to access email […]

Leave a Comment

Apple fixes CVE-2021-1844 RCE that affects iOS, macOS, watchOS, and Safari

Apple has released out-of-band security patches to address a critical iOS, macOS, watchOS, and Safari web browser to address a security flaw tracked as CVE-2021-1844. The vulnerability was discovered by ClĂ©ment Lecigne of Google’s Threat Analysis Group and Alison Huffman of Microsoft Browser Vulnerability Research. The flaw could be exploited by remote attackers to run […]

Leave a Comment

How one man silently infiltrated dozens of high-tech networks

We know what you’re thinking: “I bet you this is what they call a supply chain attack.” And you’d be right. The “one man” in the headline is cybersecurity researcher Alex Birsan, and his paper Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies, which came out last week, will tell you […]

Leave a Comment

223 vulnerabilities identified in recent ransomware attacks

Leave a Comment

Google launches Open Source Vulnerabilities (OSV) database

Google last week announced the OSV (Open Source Vulnerabilities), a vulnerability database and triage infrastructure for open source projects. The database aims at helping both open source maintainers and consumers of open source projects. The archive could allow users and maintainers of open-source software to find the vulnerabilities that affect them, providing detailed info about […]

Leave a Comment