Archive for the ‘Security vulnerabilities’ Category

SUDO HAS A HIGH-SEVERITY VULNERABILITY THAT LOW-PRIVILEGE ATTACKERS MIGHT EXPLOIT TO GET ROOT ACCESS

Sudo is one of the most essential, powerful, and often used tools that comes as a core command pre-installed on macOS and practically every other UNIX or Linux-based operating system. It is also one of the programs that comes pre-installed as a core command. A system administrator has the ability to delegate authority to certain […]

Leave a Comment

FOUR SERVER-SIDE REQUEST FORGERY (SSRF) VULNERABILITIES IMPACTING DIFFERENT AZURE SERVICES

Orca, a business that specializes in cloud security, has disclosed information on four server-side request forgery (SSRF) vulnerabilities that affect several Azure services. Two of these vulnerabilities might have been exploited without the need for authentication. They were able to attack two vulnerabilities without needing any authentication on the service (Azure Functions and Azure Digital Twins). This […]

Leave a Comment

Car companies massively exposed to web vulnerabilities

From a detailed report – compiled by security researcher Sam Curry – the findings are an alarming indication that in its haste to roll out digital and online features, the automotive industry is doing a sloppy job of securing its online ecosystem. https://lnkd.in/gdAXGjaN The web applications and APIs of major car manufacturers, telematics (vehicle tracking and logging technology) […]

Leave a Comment

EXPLOIT CODE TO HACK LEXMARK PRINTERS AND PHOTOCOPIERS PUBLISHED, USES ZERO DAY VULNERABILITIES

The American corporation Lexmark International, Inc. is a privately owned business that specializes in the production of laser printers and other image goods. The researcher found that the product is susceptible to two vulnerabilities, either of which can be exploited by an adversary to copy file data from a source path to a destination path […]

Leave a Comment

Top 10 Open Port Scanner and Port Checker Tools for 2023

Port scanners and port checker tools are the most essential parts of finding the open ports and the status of the port. The open ports mean a TCP or UDP port number that is arranged to acknowledge packets. Web pages or FTP services require their particular ports to be “open” on the server so as to be freely reachable. What is […]

Leave a Comment

GuLoader implements new evasion techniques

Cybersecurity researchers exposed new evasion techniques adopted by an advanced malware downloader called GuLoader. CrowdStrike researchers d a detailed multiple evasion techniques implemented by an advanced malware downloader called GuLoader (aka CloudEyE). GuLoader uses a polymorphic shellcode loader to avoid traditional security solutions, the experts mapped all embedded DJB2 hash values for every API used by the malicious code. […]

Leave a Comment

Windows Code-Execution Vulnerability Let Attackers Run Malicious Code Without Authentication

It has recently been discovered by researchers that Windows has a vulnerability that allows code execution that rivals EternalBlue in terms of potential. It is possible for an attacker to execute malicious code without authentication by exploiting this newly-tracked vulnerability CVE-2022-37958.  It is possible to exploit this vulnerability in a wormable way, which can lead to a chain reaction […]

Leave a Comment

New WhatsApp 0-Day Bug Let Hackers Execute a Code & Take Full App Control Remotely

WhatsApp silently fixed two critical zero-day vulnerabilities that affect both Android & iOS versions allowing attackers to execute an arbitrary code remotely. Facebook-owned messenger WhatsApp is one of the Top-ranked Messenger apps with more than Billion users around the world in both Android and iPhone. Both vulnerabilities are marked under “critical” severity with a CVE […]

Leave a Comment

New WhatsApp 0-Day Bug Let Hackers Execute a Code & Take Full App Control Remotely

WhatsApp silently fixed two critical zero-day vulnerabilities that affect both Android & iOS versions allowing attackers to execute an arbitrary code remotely. Facebook-owned messenger WhatsApp is one of the Top-ranked Messenger apps with more than Billion users around the world in both Android and iPhone. Both vulnerabilities are marked under “critical” severity with a CVE […]

Leave a Comment

Hacking a powered-off iPhone: vulnerabilities never sleep

Can a device be hacked when switched off? Recent studies suggest so. Let’s see how this is even possible. Researchers from the Secure Mobile Networking Lab at the University of Darmstadt, Germany, have published a paper describing a theoretical method for hacking an iPhone — even if the device is off. The study examined the […]

Leave a Comment

Critical Magento Vulnerability Let Unauthenticated Attackers to Execute Code

Sansec Threat Research Team noticed a surge in Magento 2 template attacks. This critical template vulnerability in Magento 2 tracked as (CVE-2022-24086) is increasing among eCommerce cyber criminals. The vulnerability allows unauthenticated attackers to execute code on unpatched sites. Magento is a popular, Adobe-owned open-source e-commerce platform that powers many online shops. More than 150,000 […]

Leave a Comment

Critical Flaws in Airplanes WiFi Access Point Let Attackers Gain Root Access

Two critical vulnerabilities have been found recently in the wireless LAN devices of Contec. These critical vulnerabilities were discovered by the cybersecurity analysts, Samy Younsi and Thomas Knudsen of Necrum Security Lab. There are two models of the FLEXLAN FXA2000 and FXA3000 series from CONTEC which are primarily used in airplane installations as WiFi access […]

Leave a Comment

Critical Vulnerabilities Found in Devices That Provide WiFi on Airplanes

The Flexlan FXA3000 and FXA2000 series LAN devices made by the Japan-based firm contain two critical vulnerabilities tracked as CVE–2022–36158 and CVE–2022–36159. Necrum Security Labs’ researchers Samy Younsi and Thomas Knudsen have discovered two critical vulnerabilities in the wireless LAN devices manufactured by Contec. The company specializes in industrial automation, computing, and IoT communication technology. […]

Leave a Comment

Organizations should fear misconfigurations more than vulnerabilities

Censys launched its State of the Internet Report, a holistic view into internet risks and organizations’ exposure to them. Through careful examination of which ports, services, and software are most prevalent on the internet and the systems and regions where they run, the research team discovered that misconfigurations and exposures represent 88% of the risks and vulnerabilities […]

Comments (2)

5 Vulnerability Scanner Tools that are Open Source and Free to Download

A list of free open source vulnerability scanners which developers and penetration testers can use to scan systems for vulnerabilities and potential malware. A vulnerability assessment is an in-depth analysis of a network’s hardware, software, and other components to locate and fix potential security holes. Once identified, the software prioritizes security holes by how quickly […]

Leave a Comment

Critical hole in Atlassian Bitbucket allows any miscreant to hijack servers

Grab and deploy this backend update if you offer even repo read access A critical command-injection vulnerability in multiple API endpoints of Atlassian Bitbucket Server and Data Center could allow an unauthorized attacker to remotely execute malware, and view, change, and even delete data stored in repositories. Atlassian has fixed the security holes, which are present in […]

Leave a Comment

PoC exploit code for critical Realtek RCE flaw released online

Exploit code for a critical vulnerability affecting networking devices using Realtek RTL819x system on a chip released online. The PoC exploit code for a critical stack-based buffer overflow issue, tracked as  CVE-2022-27255  (CVSS 9.8), affecting networking devices using Realtek’s RTL819x system on a chip was released online. The issue resides in the Realtek’s SDK for the open-source […]

Leave a Comment

Clop Ransomware Gang Breaches Water Utility, Just Not the Right One

South Staffordshire in the UK has acknowledged it was targeted in a cyberattack, but Clop ransomware appears to be shaking down the wrong water company. South Staffordshire plc, a UK water-supply company, has acknowledged it was the victim of a cyberattack. Around the same time, the Clop ransomware group started threatening Thames Water that it would […]

Leave a Comment

APIC/EPIC! Intel chips leak secrets even the kernel shouldn’t see

Here’s this week’s BWAIN, our jocular term for a Bug With An Impressive Name. BWAIN is an accolade that we hand out when a new cybersecurity flaw not only turns out to be interesting and important, but also turns up with its own logo, domain name and website. This one is dubbed Ă†PIC Leak, a pun on […]

Leave a Comment

Software Bill of Material and Vulnerability Management Blind Spots

Software Bill of Material and Vulnerability Management Blind Spots Open source software is everywhere (which is not a bad thing in itself). However, many buyers don’t have inventory of open source components included in software products they are buying. Business even fail in keeping tack of open source components used in internally developed applications. As […]

Leave a Comment