Archive for the ‘Vulnerability’ Category

Critical RCE Bug Affects Millions of OpenWrt-based Network Devices

March 24th, 2020
A cybersecurity researcher today disclosed technical details and proof-of-concept of a critical remote code execution vulnerability affecting OpenWrt, a widely used Linux-based operating system for routers, residential gateways, and other embedded devices that route network traffic. Tracked as CVE-2020-7982, the vulnerability resides in the OPKG package manager of OpenWrt that exists in the

Posted in cybersecurity, hacking news, HTTP, network security, openwrt, Router Security, Vulnerability | Comments (0)

Mukashi: A New Mirai IoT Botnet Variant Targeting Zyxel NAS Devices

March 21st, 2020
A new version of the infamous Mirai botnet is exploiting a recently uncovered critical vulnerability in network-attached storage (NAS) devices in an attempt to remotely infect and control vulnerable machines. Called "Mukashi," the new variant of the malware employs brute-force attacks using different combinations of default credentials to log into Zyxel NAS, UTM, ATP, and VPN firewall

Posted in Botnet, brute force attack, Cyber Attack, firewall, Malware attack, mirai, mirai botnet, NAS devices, Vulnerability | Comments (0)

Adobe Releases Critical Patches for Acrobat Reader, Photoshop, Bridge, ColdFusion

March 18th, 2020
Though it's not Patch Tuesday, Adobe today released a massive batch of out-of-band software updates for six of its products to patch a total of 41 new security vulnerabilities. Adobe last week made a pre-announcement to inform its users of an upcoming security update for Acrobat and Reader, but the company today unveiled bugs in a total of 6 widely-used software, including: Adobe Genuine

Posted in adobe, adobe photoshop cc, adobe software, adobe software update, arbitrary code execution, Vulnerability | Comments (0)

Poor Rowhammer Fixes On DDR4 DRAM Chips Re-Enable Bit Flipping Attacks

March 10th, 2020
Remember rowhammer vulnerability? A critical issue affecting modern DRAM (dynamic random access memory) chips that could allow attackers to obtain higher kernel privileges on a targeted system by repeatedly accessing memory cells and induce bit flips. To mitigate Rowhammer vulnerability on the latest DDR4 DRAM, many memory chip manufacturers added some defenses under the umbrella term Target

Posted in cyber security, DRAM Chip, DRAM RowHammer Vulnerability, DRAM Vulnerability, RAM hacking, RowHammer Attack, Vulnerability | Comments (0)

LVI Attacks: New Intel CPU Vulnerability Puts Data Centers At Risk

March 10th, 2020
It appears there is no end in sight to the hardware level security vulnerabilities in Intel processors, as well as to the endless 'performance killing' patches that resolve them. Modern Intel CPUs have now been found vulnerable to a new attack that involves reversely exploiting Meltdown-type data leak vulnerabilities to bypass existing defenses, two separate teams of researchers told The

Posted in cyber security, Intel, intel processor, intel vulnerability, Vulnerability | Comments (0)

Install Latest Chrome Update to Patch 0-Day Bug Under Active Attacks

February 25th, 2020
Google yesterday released a new critical software update for its Chrome web browser for desktops that will be rolled out to Windows, Mac, and Linux users over the next few days. The latest Chrome 80.0.3987.122 includes security fixes for three new vulnerabilities, all of which have been marked 'HIGH' in severity, including one that (CVE-2020-6418) has been reportedly exploited in the wild.

Posted in chrome, Chrome vulnerability, cyber security, Google Chrome, remote code execution, Vulnerability | Comments (0)

New OpenSMTPD RCE Flaw Affects Linux and OpenBSD Email Servers

February 25th, 2020
OpenSMTPD has been found vulnerable to yet another critical vulnerability that could allow remote attackers to take complete control over email servers running BSD or Linux operating systems. OpenSMTPD, also known as OpenBSD SMTP Server, is an open-source implementation of the Simple Mail Transfer Protocol (SMTP) to deliver messages on a local machine or to relay them to other SMTP servers.

Posted in cyber security, email server, linux, OpenBSD, OpenSMTPD, remote code execution, server security, Vulnerability | Comments (0)

Critical Bug in WordPress Theme Plugin Opens 200,000 Sites to Hackers

February 17th, 2020
A popular WordPress theme plugin with over 200,000 active installations contains a severe but easy-to-exploit software vulnerability that, if left unpatched, could let unauthenticated remote attackers compromise a wide range of websites and blogs. The vulnerable plugin in question is 'ThemeGrill Demo Importer' that comes with free as well as premium themes sold by the software development

Posted in hacking wordpress, Vulnerability, WordPress, Wordpress plugin, Wordpress plugin vulnerability, Wordpress Security, Wordpress theme | Comments (0)

A Dozen Vulnerabilities Affect Millions of Bluetooth LE Powered Devices

February 17th, 2020
A team of cybersecurity researchers late last week disclosed the existence of 12 potentially severe security vulnerabilities, collectively named 'SweynTooth,' affecting millions of Bluetooth-enabled wireless smart devices worldwide—and worryingly, a few of which haven't yet been patched. All SweynTooth flaws basically reside in the way software development kits (SDKs) used by multiple

Posted in bluetooth hack, Bluetooth hacking, cyber security, hacking bluetooth devices, Vulnerability | Comments (0)

The Rise of the Open Bug Bounty Project

February 6th, 2020
Can you imagine launching a global bug bounty platform with almost 500,000 submissions and 13,000 researchers without consuming a cent from venture capitalists? If not, this success story is for you. The once skyrocketing bug bounty industry seems to be not in the best shape today. While prominent security researchers are talking about a growing multitude of hurdles they experience with the

Posted in bug bounty, Bug Bounty Program, cyber security, Vulnerability, vulnerability assessment, Vulnerability Database, Vulnerability Disclosure, vulnerability reporting | Comments (0)