Archive for the ‘remote code execution’ Category

Zoom RCE Flaw Also Affects Its Rebranded Versions RingCentral and Zhumu

July 16th, 2019
The same security vulnerabilities that were recently reported in Zoom for macOS also affect two other popular video conferencing software that under the hood, are just a rebranded version of Zoom video conferencing software. Security researchers confirmed The Hacker News that RingCentral, used by over 350,000 businesses, and Zhumu, a Chinese version of Zoom, also runs a hidden local web

Posted in macos hacking, remote code execution, RingCentral, Software security, Software vulnerabilities, Video Conferencing Software, webcam hacking, zoom | Comments (0)

Zoom Video Conferencing for macOS Also Vulnerable to Critical RCE Flaw

July 13th, 2019
The chaos and panic that the disclosure of privacy vulnerability in the highly popular and widely-used Zoom video conferencing software created earlier this week is not over yet. As suspected, it turns out that the core issue—a locally installed web server by the software—was not just allowing any website to turn on your device webcam, but also could allow hackers to take complete control

Posted in hacking news, remote code execution, Video Conferencing Software, Vulnerability, webcam hacking, zoom | Comments (0)

Microsoft Releases July 2019 Security Updates, 2 Flaws Under Active Attack

July 9th, 2019
Microsoft today released its monthly batch of software security updates for the July month to patch a total of 77 vulnerabilities, 14 are rated Critical, 62 are Important, and 1 is rated Moderate in severity. The July 2019 security updates include patches for various supported versions of Windows operating systems and other Microsoft products, including Internet Explorer, Edge, Office, Azure

Posted in download software update, microsoft, Microsoft Patch Tuesday, patch update, remote code execution, security update, Vulnerability, windows updates, windows Vulnerability | Comments (0)

Firefox 67.0.4 Released — Mozilla Patches Second 0-Day Flaw This Week

June 21st, 2019
Okay, folks, it's time to update your Firefox web browser once again—yes, for the second time this week. After patching a critical actively-exploited vulnerability in Firefox 67.0.3 earlier this week, Mozilla is now warning millions of its users about a second zero-day vulnerability that attackers have been found exploiting in the wild. The newly patched issue (CVE-2019-11708) is a "sandbox

Posted in browser sandbox, browser security, Cyber Attack, Firefox, firefox exploit, Firefox zero day, malware, remote code execution, sandbox bypass, tor browser, Zero-Day Vulnerability | Comments (0)

New Critical Oracle WebLogic Flaw Under Active Attack — Patch Now

June 19th, 2019
Oracle has released an out-of-band emergency software update to patch a newly discovered critical vulnerability in the WebLogic Server. According to Oracle, the vulnerability—which can be identified as CVE-2019-2729 and has a CVSS score of 9.8 out of 10—is already being exploited in the wild by an unnamed group of attackers. Oracle WebLogic is a Java-based multi-tier enterprise application

Posted in cyber security, Deserialization Vulnerability, hacking news, Oracle WebLogic Server, remote code execution, Vulnerability, Zero-Day Vulnerability | Comments (0)

Critical Flaws Found in Widely Used IPTV Software for Online Streaming Services

June 6th, 2019
Security researchers have discovered multiple critical vulnerabilities in a popular IPTV middleware platform that is currently being used by more than a thousand regional and international online media streaming services to manage their millions of subscribers. Discovered by security researchers at CheckPoint, the vulnerabilities reside in the administrative panel of Ministra TV platform,

Posted in authentication bypass, cyber security, free movie streaming, hacking news, IPTV Software, live streaming, Online Security, PHP Vulnerability, remote code execution, Software vulnerabilities | Comments (0)

Adobe Releases Critical Patches for Flash, Acrobat Reader, and Media Encoder

May 14th, 2019
Adobe today released its monthly software updates to patch a total of 87 security vulnerabilities in its Adobe Acrobat and Reader, Flash Player and Media Encoder, most of which could lead to arbitrary code execution attacks or worse. None of the flaws patched this month in Adobe products has been found exploited in the wild. Out of 87 total flaws, a whopping number of vulnerabilities (i.e.,

Posted in Acrobat, Adobe Acrobat, adobe patch, Adobe Reader, adobe software update, download software update, patch tuesday, remote code execution, Vulnerability | Comments (0)

Flaw Affecting Millions of Cisco Devices Let Attackers Implant Persistent Backdoor

May 14th, 2019
Researchers have discovered a severe vulnerability in Cisco products that could allow attackers to implant persistent backdoor on wide range devices used in enterprises and government networks, including routers, switches, and firewalls. Dubbed Thrangrycat or 😾😾😾, the vulnerability, discovered by researchers from the security firm Red Balloon and identified as CVE-2019-1649, affects

Posted in bootkit, Cisco Device, cisco firewall, Cisco Router, cisco switch, hacking firewall, hacking news, hacking router, malware, remote code execution, secure boot | Comments (0)

Pre-Installed Software Flaw Exposes Most Dell Computers to Remote Hacking

May 2nd, 2019
If you use a Dell computer, then beware — hackers could compromise your system remotely. Bill Demirkapi, a 17-year-old independent security researcher, has discovered a critical remote code execution vulnerability in the Dell SupportAssist utility that comes pre-installed on most Dell computers. Dell SupportAssist, formerly known as Dell System Detect, checks the health of your computer

Posted in Computer hacking, cyber security, dell, dell computers, dell laptop, Dell Support, Dell SupportAssist, Dell System Detect, hacking news, remote code execution, Vulnerability | Comments (0)

‘Highly Critical’ Unpatched Zero-Day Flaw Discovered In Oracle WebLogic

April 25th, 2019
A team of cybersecurity researchers today published a post warning enterprises of an unpatched, highly critical zero-day vulnerability in Oracle WebLogic server application that some attackers might have already started exploiting in the wild. Oracle WebLogic is a scalable, Java-based multi-tier enterprise application server that allows businesses to quickly deploy new products and services

Posted in cyber security, oracle, Oracle WebLogic Server, remote code execution, Vulnerability, Zero-Day Vulnerability | Comments (0)