Hacks

Researchers discovered various unusual activities in UC Browser for Android and it abusing the Google play policies and exposing more than 500  users to Man-in-the-Middle attacks. UC browser is the most popular browser in the Android platform with more than 500 million users and UC Browser Mini has 100 million downloads from the Google Play store alone. GBHackers on Security has been reported several UC browser-based incidents including  malicious activities ,  vulnerabilities  before and it is a very serious concern that needs to be addressed for any unusual behaviors since it will directly affect the hundreds of millions of users. Recent research from Zscaler reveals that the UC Browser and UC Browser Mini apps unusually made a request over unprotected (HTTP) channel to download an additional Android Package Kit from the remote server. There are 3 main unusual  activities found from  UC Browser app in this research : Downloadi...

Cisco released a security update for critical Authentication Bypass vulnerability that resides in the Cisco REST API virtual service container for Cisco IOS XE Software allows a remote attacker to bypass the authentication in managed Cisco devices. Cisco IOS XE is an internetworking OS that mainly deployed in Cisco ARS 1000 series routers and Catalyst  switches  such as 3850 that operating in enterprise wired and wireless access, aggregation, core, and WAN. An Authentication Bypass vulnerability affected the Cisco IOS XE due to an improper check performed by the area of code that manages the REST API authentication service. Cisco REST API is an application that running in the virtual service container, a virtualized environment on a device. An attacker could exploit the vulnerability by sending malicious HTTP requests to the targeted device. Once the target system has been successfully exploited, the attacker to obtain the  token-id  of an authenticated u...

Following a series of  security mishaps  and  data abuse  through its social media platform, Facebook today expanding its bug bounty program in a very unique way to beef up the security of third-party apps and websites that integrate with its platform. Last year, Facebook launched " Data Abuse Bounty " program to reward anyone who reports valid events of 3rd-party apps collecting Facebook users' data and passing it off to malicious parties, violating Facebook's revamped data policies. Apparently, it turns out that most of the time, Facebook users' data that had been misused was exposed in the first place as the  result of a vulnerability  or  security weakness  in third-party apps or services. The Facebook ecosystem contains millions of third-party apps, and unfortunately, very few of them have a vulnerability disclosure program or offer bug bounty rewards to white-hat hackers for responsibly reporting bugs in their codebase. Because of this...