Archive for the ‘Vulnerability’ Category

Critical Code Execution Flaw Found in LIVE555 Streaming Library

October 19th, 2018
Security researchers have discovered a serious code execution vulnerability in the LIVE555 streaming media library—which is being used by popular media players, along with a number of embedded devices capable of streaming media. LIVE555 streaming media, developed and maintained by Live Networks, is a set of C++ libraries companies and application developers use to stream multimedia over open

Posted in cyber security, live streaming, media player, VLC media player, Vulnerability | Comments (0)

Critical Flaws Found in Amazon FreeRTOS IoT Operating System

October 19th, 2018
A security researcher has discovered several critical vulnerabilities in one of the most popular embedded real-time operating systems—called FreeRTOS—and its other variants, exposing a wide range of IoT devices and critical infrastructure systems to hackers. What is FreeRTOS (Amazon, WHIS OpenRTOS, SafeRTOS)? FreeRTOS is a leading open source real-time operating system (RTOS) for embedded

Posted in Amazon AWS, Amazon Web Services, embedded devices, FreeRTOS, IoT Hacking, IoT Operating System, IoT security, OpenRTOS, remote code execution, SafeRTOS, Vulnerability | Comments (0)

Tumblr Patches A Flaw That Could Have Exposed Users’ Account Info

October 17th, 2018
Tumblr today published a report admitting the presence of a security vulnerability in its website that could have allowed hackers to steal login credentials and other private information for users' accounts. The affected information included users email addresses, protected (hashed and salted) account passwords, self-reported location (a feature no longer available), previously used email

Posted in Blogging, Bug Bounty Program, bug report, Cyber Attack, hacking news, Tumblr, Tumblr hacked, Vulnerability, Web Application Security | Comments (0)

LibSSH Flaw Allows Hackers to Take Over Servers Without Password

October 17th, 2018
A four-year-old severe vulnerability has been discovered in the Secure Shell (SSH) implementation library known as Libssh that could allow anyone to completely bypass authentication and gain unfettered administrative control over a vulnerable server without requiring a password. The security vulnerability, tracked as CVE-2018-10933, is an authentication-bypass issue that was introduced in

Posted in hacking Linux servers, hacking news, libssh, linux security, OpenSSH, secure shell, ssh exploit, ssh hacking, ssh security, Vulnerability | Comments (0)

Google+ is Shutting Down After a Vulnerability Exposed 500,000 Users’ Data

October 8th, 2018
Google is going to shut down its social media network Google+ after the company suffered a massive data breach that exposed the private data of hundreds of thousands of Google Plus users to third-party developers. According to the tech giant, a security vulnerability in one of Google+'s People APIs allowed third-party developers to access data for more than 500,000 users, including their

Posted in API Vulnerability, data breach, google, Google hacking, Google Plus, Google Search Engine, social networking sites, Vulnerability | Comments (0)

New Exploit for MikroTik Router WinBox Vulnerability Gives Full Root Access

October 8th, 2018
A known vulnerability in MikroTik routers is potentially far more dangerous than previously thought. A cybersecurity researcher from Tenable Research has released a new proof-of-concept (PoC) RCE attack for an old directory traversal vulnerability that was found and patched within a day of its discovery in April this year. The vulnerability, identified as CVE-2018-14847, was initially rated

Posted in hacking router, hacking wireless router, how to hack router, MikroTik Router, MikroTik Vulnerability, Router hacking, router vulnerability, Vulnerability, wifi hacking, zero-day exploit | Comments (0)

‘Smart’ solar power inverters raise risk of energy grid attacks

August 22nd, 2017

Researcher identifies a weakness in the software layer – and reminds us that we’re placing a lot of trust in vendors to implement decent security in formerly passive devices

Posted in solar power, Vulnerability | Comments (0)

Foxit backtracks after declining to fix zero-days exposed by ZDI

August 22nd, 2017

If you use Foxit’s PDF reader, make sure you update – and stick with Safe Reading mode until you do

Posted in Foxit Reader, malicious PDF, Vulnerability | Comments (0)

‘Pulse wave’ DDoS – another way of blasting sites offline

August 18th, 2017

If there’s one thing we’ve learned, it’s that any new way of DDoSing will reveal that there are a huge number of undefended devices online

Posted in DDoS, DDoS-for-hire, Security threats, Vulnerability | Comments (0)