Archive for the ‘Vulnerability’ Category

RAMBleed Attack – Flip Bits to Steal Sensitive Data from Computer Memory

June 12th, 2019
A team of cybersecurity researchers yesterday revealed details of a new side-channel attack on dynamic random-access memory (DRAM) that could allow malicious programs installed on a modern system to read sensitive memory data from other processes running on the same hardware. Dubbed RAMBleed and identified as CVE-2019-0174, the new attack is based on a well-known class of DRAM side channel

Posted in DRAM Chip, DRAM Vulnerability, hacking news, memory bit flipping, RAM hacking, RAMBleed, RowHammer Attack, Vulnerability | Comments (0)

Adobe Issues Critical Patches for ColdFusion, Flash Player, Campaign

June 11th, 2019
It's Patch Tuesday week! Adobe has just released the latest June 2019 software updates to address a total 11 security vulnerabilities in its three widely-used products Adobe ColdFusion, Flash Player, and Adobe Campaign. Out of these, three vulnerabilities affect Adobe ColdFusion, a commercial rapid web application development platform—all critical in severity—that could lead to arbitrary

Posted in adobe, ADOBE ColdFusion, Adobe Flash Player, arbitrary code execution, patch tuesday, Security patch Update, software patch, Vulnerability | Comments (0)

Your Linux Can Get Hacked Just by Opening a File in Vim or Neovim Editor

June 10th, 2019
Linux users, beware! If you haven't recently updated your Linux operating system, especially the command-line text editor utility, do not even try to view the content of a file using Vim or Neovim. Security researcher Armin Razmjou recently discovered a high-severity arbitrary OS command execution vulnerability (CVE-2019-12735) in Vim and Neovim—two most popular and powerful command-line

Posted in cyber security, hacking linux, Linux hacking, linux security, Linux Vulnerability, vim, vim editor, Vulnerability | Comments (0)

Nearly 1 Million Computers Still Vulnerable to “Wormable” BlueKeep RDP Flaw

May 28th, 2019
Nearly 1 million Windows systems are still unpatched and have been found vulnerable to a recently disclosed critical, wormable, remote code execution vulnerability in the Windows Remote Desktop Protocol (RDP)—two weeks after Microsoft releases the security patch. If exploited, the vulnerability could allow an attacker to easily cause havoc around the world, potentially much worse than what

Posted in BlueKeep RDP Flaw, BlueKeep RDP Vulnerability, BlueKeep Vulnerability, Microsoft Patch Tuesday, RDP Vulnerability, Vulnerability, Windows RDP Server | Comments (0)

PoC Exploit For Unpatched Windows 10 Zero-Day Flaw Published Online

May 22nd, 2019
An anonymous hacker with an online alias "SandboxEscaper" today released proof-of-concept (PoC) exploit code for a new zero-day vulnerability affecting Windows 10 operating system—that's his/her 5th publicly disclosed Windows zero-day exploit [1, 2, 3] in less than a year. Published on GitHub, the new Windows 10 zero-day vulnerability is a privilege escalation issue that could allow a local

Posted in hacking news, Microsoft Windows 10, operating system, privilege escalation, sandbox bypass, Vulnerability, windows security, Zero-Day Vulnerability | Comments (0)

New Class of CPU Flaws Affect Almost Every Intel Processor Since 2011

May 14th, 2019
Academic researchers today disclosed details of the newest class of speculative execution side-channel vulnerabilities in Intel processors that impacts all modern chips, including the chips used in Apple devices. After the discovery of Spectre and Meltdown processor vulnerabilities earlier last year that put practically every computer in the world at risk, different classes of Spectre and

Posted in intel chipset, intel processor, MDS attacks, Meltdown Attack, server hacking, Spectre Attack, Vulnerability, Zombieload Attack | Comments (0)

Microsoft Releases Patches For A Critical ‘Wormable Flaw’ and 78 Other Issues

May 14th, 2019
It's Patch Tuesday—the day when Microsoft releases monthly security updates for its software. Microsoft has software updates to address a total of 79 CVE-listed vulnerabilities in its Windows operating systems and other products, including a critical wormable flaw that can propagate malware from computer to computer without requiring users' interaction. Out of 79 vulnerabilities, 18 issues

Posted in antivirus software, Download Windows Update, hacking news, Microsoft Patch Tuesday, Vulnerability, windows security, windows updates | Comments (0)

Adobe Releases Critical Patches for Flash, Acrobat Reader, and Media Encoder

May 14th, 2019
Adobe today released its monthly software updates to patch a total of 87 security vulnerabilities in its Adobe Acrobat and Reader, Flash Player and Media Encoder, most of which could lead to arbitrary code execution attacks or worse. None of the flaws patched this month in Adobe products has been found exploited in the wild. Out of 87 total flaws, a whopping number of vulnerabilities (i.e.,

Posted in Acrobat, Adobe Acrobat, adobe patch, Adobe Reader, adobe software update, download software update, patch tuesday, remote code execution, Vulnerability | Comments (0)

Unpatched Flaw in UC Browser Apps Could Let Hackers Launch Phishing Attacks

May 8th, 2019
A bug hunter has discovered and publicly disclosed details of an unpatched browser address bar spoofing vulnerability that affects popular Chinese UC Browser and UC Browser Mini apps for Android. Developed by Alibaba-owned UCWeb, UC Browser is one of the most popular mobile browsers, specifically in China and India, with a massive user base of more than half a billion users worldwide.

Posted in android browser, Android Security, browser url spoofing, Mobile Security, phishing attack, UC Browser, URL Spoofing Vulnerability, Vulnerability | Comments (0)

Pre-Installed Software Flaw Exposes Most Dell Computers to Remote Hacking

May 2nd, 2019
If you use a Dell computer, then beware — hackers could compromise your system remotely. Bill Demirkapi, a 17-year-old independent security researcher, has discovered a critical remote code execution vulnerability in the Dell SupportAssist utility that comes pre-installed on most Dell computers. Dell SupportAssist, formerly known as Dell System Detect, checks the health of your computer

Posted in Computer hacking, cyber security, dell, dell computers, dell laptop, Dell Support, Dell SupportAssist, Dell System Detect, hacking news, remote code execution, Vulnerability | Comments (0)