Archive for the ‘Vulnerability’ Category

Google fixes two more Chrome zero-days that were under active exploit

November 3rd, 2020
The word ZERO-DAY is hidden amidst a screen filled with ones and zeroes.

Enlarge (credit: Getty Images)

Google has patched two zero-day vulnerabilities in its Chrome browser, the third time in two weeks that the company has fixed a Chrome security flaw that’s under active exploit.

According to a Monday tweet from Ben Hawkes, the head of Google’s Project Zero vulnerability and exploit research arm, CVE-2020-16009, as the first vulnerability is tracked, is a remote code-execution bug in V8, Chrome’s open source JavaScript engine. A second security flaw, CVE-2020-16010, is a heap-based buffer overflow in Chrome for Android. Hawkes said it allows attackers to escape the Android sandbox, suggesting that hackers may have been using it in combination with a separate vulnerability.

Hawkes didn’t provide additional details, such as what desktop versions of Chrome were actively targeted, who the victims were, or how long the attacks had been going on. It also wasn’t clear if the same attack group was responsible for all three exploits. CVE-2020-16009 was in part discovered by a member of Google’s Threat Analysis Group, which focuses on government-backed hacking, suggesting that exploits of that vulnerability may be the work of a nation-state. Project Zero was involved in the discovery of all three of the zero-days.

Read 2 remaining paragraphs | Comments

Posted in Biz & IT, browser, chrome, Exploit, Vulnerability, zeroday | Comments (0)

Critical RCE Bug Affects Millions of OpenWrt-based Network Devices

March 24th, 2020
A cybersecurity researcher today disclosed technical details and proof-of-concept of a critical remote code execution vulnerability affecting OpenWrt, a widely used Linux-based operating system for routers, residential gateways, and other embedded devices that route network traffic. Tracked as CVE-2020-7982, the vulnerability resides in the OPKG package manager of OpenWrt that exists in the

Posted in cybersecurity, hacking news, HTTP, network security, openwrt, Router Security, Vulnerability | Comments (0)

Mukashi: A New Mirai IoT Botnet Variant Targeting Zyxel NAS Devices

March 21st, 2020
A new version of the infamous Mirai botnet is exploiting a recently uncovered critical vulnerability in network-attached storage (NAS) devices in an attempt to remotely infect and control vulnerable machines. Called "Mukashi," the new variant of the malware employs brute-force attacks using different combinations of default credentials to log into Zyxel NAS, UTM, ATP, and VPN firewall

Posted in Botnet, brute force attack, Cyber Attack, firewall, Malware attack, mirai, mirai botnet, NAS devices, Vulnerability | Comments (0)

Adobe Releases Critical Patches for Acrobat Reader, Photoshop, Bridge, ColdFusion

March 18th, 2020
Though it's not Patch Tuesday, Adobe today released a massive batch of out-of-band software updates for six of its products to patch a total of 41 new security vulnerabilities. Adobe last week made a pre-announcement to inform its users of an upcoming security update for Acrobat and Reader, but the company today unveiled bugs in a total of 6 widely-used software, including: Adobe Genuine

Posted in adobe, adobe photoshop cc, adobe software, adobe software update, arbitrary code execution, Vulnerability | Comments (0)

Poor Rowhammer Fixes On DDR4 DRAM Chips Re-Enable Bit Flipping Attacks

March 10th, 2020
Remember rowhammer vulnerability? A critical issue affecting modern DRAM (dynamic random access memory) chips that could allow attackers to obtain higher kernel privileges on a targeted system by repeatedly accessing memory cells and induce bit flips. To mitigate Rowhammer vulnerability on the latest DDR4 DRAM, many memory chip manufacturers added some defenses under the umbrella term Target

Posted in cyber security, DRAM Chip, DRAM RowHammer Vulnerability, DRAM Vulnerability, RAM hacking, RowHammer Attack, Vulnerability | Comments (0)

LVI Attacks: New Intel CPU Vulnerability Puts Data Centers At Risk

March 10th, 2020
It appears there is no end in sight to the hardware level security vulnerabilities in Intel processors, as well as to the endless 'performance killing' patches that resolve them. Modern Intel CPUs have now been found vulnerable to a new attack that involves reversely exploiting Meltdown-type data leak vulnerabilities to bypass existing defenses, two separate teams of researchers told The

Posted in cyber security, Intel, intel processor, intel vulnerability, Vulnerability | Comments (0)

Install Latest Chrome Update to Patch 0-Day Bug Under Active Attacks

February 25th, 2020
Google yesterday released a new critical software update for its Chrome web browser for desktops that will be rolled out to Windows, Mac, and Linux users over the next few days. The latest Chrome 80.0.3987.122 includes security fixes for three new vulnerabilities, all of which have been marked 'HIGH' in severity, including one that (CVE-2020-6418) has been reportedly exploited in the wild.

Posted in chrome, Chrome vulnerability, cyber security, Google Chrome, remote code execution, Vulnerability | Comments (0)

New OpenSMTPD RCE Flaw Affects Linux and OpenBSD Email Servers

February 25th, 2020
OpenSMTPD has been found vulnerable to yet another critical vulnerability that could allow remote attackers to take complete control over email servers running BSD or Linux operating systems. OpenSMTPD, also known as OpenBSD SMTP Server, is an open-source implementation of the Simple Mail Transfer Protocol (SMTP) to deliver messages on a local machine or to relay them to other SMTP servers.

Posted in cyber security, email server, linux, OpenBSD, OpenSMTPD, remote code execution, server security, Vulnerability | Comments (0)

Critical Bug in WordPress Theme Plugin Opens 200,000 Sites to Hackers

February 17th, 2020
A popular WordPress theme plugin with over 200,000 active installations contains a severe but easy-to-exploit software vulnerability that, if left unpatched, could let unauthenticated remote attackers compromise a wide range of websites and blogs. The vulnerable plugin in question is 'ThemeGrill Demo Importer' that comes with free as well as premium themes sold by the software development

Posted in hacking wordpress, Vulnerability, WordPress, Wordpress plugin, Wordpress plugin vulnerability, Wordpress Security, Wordpress theme | Comments (0)

A Dozen Vulnerabilities Affect Millions of Bluetooth LE Powered Devices

February 17th, 2020
A team of cybersecurity researchers late last week disclosed the existence of 12 potentially severe security vulnerabilities, collectively named 'SweynTooth,' affecting millions of Bluetooth-enabled wireless smart devices worldwide—and worryingly, a few of which haven't yet been patched. All SweynTooth flaws basically reside in the way software development kits (SDKs) used by multiple

Posted in bluetooth hack, Bluetooth hacking, cyber security, hacking bluetooth devices, Vulnerability | Comments (0)