Hacks

What Is Airtel? Bharti Airtel Limited, also known as Airtel, is an Indian global telecommunications services company based in Delhi, India. It operates in 18 countries across South Asia and Africa, and also in the Channel Islands. Airtel provides GSM, 3G, 4G LTE, 4G+ mobile services, fixed line broadband and voice services depending upon the country of operation. It is the  third largest mobile network operator in India  with over  325.5  million subscribers . [ Ref :  TRAI – Telecom Subscription Data as on 30th September, 2019 – PAGE 14  ] And the second largest mobile network operator in the world with over 411.42 million subscribers. [ Ref :  Wikipedia  ] What Is The Flaw? The flaw existed in one of their API that allows you to fetch sensitive user information of any Airtel subscriber. It Revealed information like First & Last Name, Gender, Email, Date of Birth, Address, Subscription Information, Device Capability informat...

Wireshark 3.0.7 released with a number of security updates and fixed several other bugs that reside in the Wireshark components. Wireshark also updated Protocol Support for various protocols such as BGP, HomePlug AV, IEEE 802.11, and  TLS . Wireshark 3.0.7  fixed the vulnerability {CVE-2019-19553)) that resides in the  CMS dissector  that affected the Wireshark version 3.0.0 to 3.0.6, 2.6.0 to 2.6.12. “It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.” Other Fixed Bugs in Wireshark 3.0.7 ws_pipe_wait_for_pipe() can wait on closed handles.  Bug 15696 . Support for 11ax in PEEKREMOTE.  Bug 15740 . The temporary file …​ could not be opened: Invalid argument.  Bug 15751 . Reassembling of the two TLS records is not working correctly.  Bug 16109 . Display Filter Area: Dropdown Missing pkt_comment and tcp.options.sack_perm (like...

OpenBSD, an open-source operating system built with security in mind, has been found vulnerable to four new high-severity security vulnerabilities, one of which is an old-school type authentication bypass vulnerability in BSD Auth framework. The other three vulnerabilities are privilege escalation issues that could allow local users or malicious software to gain privileges of an auth group, root, as well as of other users, respectively. The vulnerabilities were discovered and reported by Qualys Research Labs earlier this week, in response to which OpenBSD developers released security patches for  OpenBSD 6.5  and  OpenBSD 6.6  just yesterday—that's in less than 40 hours. Here's a brief explanation of all four security vulnerabilities in OpenBSD—a free and open-source BSD-based Unix-like operating system—along with their assigned CVE identifiers OpenBSD Authentication Bypass (CVE-2019-19521) The authentication bypass vulnerability resides in the way OpenBSD's...

A team of cybersecurity researchers has disclosed a new severe vulnerability affecting most Linux and Unix-like operating systems, including FreeBSD, OpenBSD, macOS, iOS, and Android, that could allow remote 'network adjacent attackers' to spy on and tamper with encrypted VPN connections. The vulnerability, tracked as CVE-2019-14899, resides in the networking stack of various operating systems and can be exploited against both IPv4 and IPv6 TCP streams. Since the vulnerability does not rely on the VPN technology used, the attack works against widely implemented virtual private network protocols like OpenVPN, WireGuard, IKEv2/IPSec, and more, the researchers confirmed. This vulnerability can be exploited by a network attacker — controlling an access point or connected to the victim's network — just by sending unsolicited network packets to a targeted device and observing replies, even if they are encrypted. As explained by the researchers, though there are variations f...