Skip to main content

Posts

Showing posts from January 12, 2020

Cable Haunt – Critical Vulnerability Let Hackers Control Cable Modems Remotely

Researchers discovered as critical vulnerability dubbed Cable Haunt affects cable modems from different manufacturers across the globe. The vulnerability enables a remote attacker to gain complete control over the modem through its endpoint. Successful exploitation allows attackers to intercept private messages, redirect traffic, or participate in botnets. Cable Haunt vulnerability was discovered by a team of Danish security researchers in Broadcom cable modems. Cable Haunt Attacks Middleware The vulnerability targets the middleware running on the chip used in the Broadcom  cable  modems, the middleware is the real-time operating system in cable modems that runs all the networking tasks. It affects multiple vendors as the same software being used by various cable modem manufacturers to create their cable modem firmware. All the traffic goes through the cable modem middleware (CM), by gaining control over it attackers can manipulate any traffic going through t...

PoC Exploits Released for Citrix ADC and Gateway RCE Vulnerability

It's now or never to prevent your enterprise servers running vulnerable versions of Citrix application delivery, load balancing, and Gateway solutions from getting hacked by remote attackers. Why the urgency? Earlier today, multiple groups publicly released weaponized proof-of-concept exploit code [ 1 ,  2 ] for a recently disclosed remote code execution vulnerability in Citrix's NetScaler ADC and Gateway products that could allow anyone to leverage them to take full control over potential enterprise targets. Just before the last Christmas and year-end holidays, Citrix  announced  that its Citrix Application Delivery Controller (ADC) and Citrix Gateway are vulnerable to a critical path traversal flaw (CVE-2019-19781) that could allow an unauthenticated attacker to perform arbitrary code execution on vulnerable servers. Citrix confirmed that the flaw affects all supported version of the software, including: Citrix ADC and Citrix Gateway version 13.0 all supporte...

Critical Firefox 0-Day Under Active Attacks – Update Your Browser Now!

Attention! Are you using Firefox as your web browsing software on your Windows, Linux, or Mac systems? If yes, you should immediately update your free and open-source Firefox web browser to the latest version available on Mozilla's website. Why the urgency? Mozilla earlier today released  Firefox 72.0.1  and  Firefox ESR 68.4.1  versions to patch a critical zero-day vulnerability in its browsing software that an undisclosed group of hackers is actively exploiting in the wild. Tracked as ' CVE-2019-17026 ,' the bug is a critical 'type confusion vulnerability' that resides in the IonMonkey just-in-time (JIT) compiler of the Mozilla's JavaScript engine SpiderMonkey. In general, a type confusion vulnerability occurs when the code doesn't verify what objects it is passed to and blindly uses it without checking its type, allowing attackers to crash the application or achieve code execution. Without revealing details about the security flaw and any ...