Hacks

A researcher discovered a critical Account takeover vulnerability in Facebook’s Authorization feature “Login with Facebook” and, it allowed attackers to steal the Access_Token and completely take over the victim’s Facebook account. Facebook using  OAuth 2.0  as an Authorization protocol that helps to exchange the token from Facebook and other third party websites. The vulnerability resides in the “Login with Facebook” feature that allowed attackers to set up a malicious website, and steak the Access token for several apps including Instagram, Oculus, Netflix, Tinder, Spotify, etc along with Facebook accounts. Once the attacker compromised the targeted accounts using the stolen tokens, he/she could able to gain full read/write privileges such as messages, photos, videos even if privacy control is set to the “only me”. Indian Security Researcher  Amol Baikar   who found this Vulnerability told  GBHackers on Security  ” This critical Faceboo...

If your web server is running on Apache Tomcat, you should immediately install the latest available version of the server application to prevent hackers from taking unauthorized control over it. Yes, that's possible because all versions (9.x/8.x/7.x/6.x) of the Apache Tomcat released in the past 13 years have been found vulnerable to a new high-severity (CVSS 9.8) ' file read and inclusion bug '—which can be exploited in the default configuration. But it's more concerning because several proof-of-concept exploits ( 1 ,  2 ,  3 ,  4  and  more ) for this vulnerability have also been surfaced on the Internet, making it easy for anyone to hack into publicly accessible vulnerable web servers. Dubbed ' Ghostcat ' and tracked as  CVE-2020-1938 , the flaw could let unauthenticated, remote attackers read the content of any file on a vulnerable web server and obtain sensitive configuration files or source code, or execute arbitrary code if the server allows fil...

Researchers discovered a widespread Iranian malware campaign called Fox Kitten that targeting the several organization networks by exploiting the Vulnerabilities in VPN. The organization its targets are mainly related to IT, Telecommunication, Oil and Gas, Aviation, Government, and Security sectors around the world. Once the attacker successfully exploited the network, they are gaining the persistence access to the internal system and foothold in the networks of numerous companies. Fox Kitten campaign believed to be originated from Iran, and infamous Iranian offensive group APT34-OilRig are behind this attack also researchers suspected that this campaign has some connection with PT33-Elfin and APT39-Chafer groups. Large infrastructure is used for this campaign to perform a various malicious operation on behalf of the attack including: Develop and maintain access routes to the targeted organizations Steal valuable information from the targeted organizations Maintain ...

Researchers discovered as critical vulnerability dubbed Cable Haunt affects cable modems from different manufacturers across the globe. The vulnerability enables a remote attacker to gain complete control over the modem through its endpoint. Successful exploitation allows attackers to intercept private messages, redirect traffic, or participate in botnets. Cable Haunt vulnerability was discovered by a team of Danish security researchers in Broadcom cable modems. Cable Haunt Attacks Middleware The vulnerability targets the middleware running on the chip used in the Broadcom  cable  modems, the middleware is the real-time operating system in cable modems that runs all the networking tasks. It affects multiple vendors as the same software being used by various cable modem manufacturers to create their cable modem firmware. All the traffic goes through the cable modem middleware (CM), by gaining control over it attackers can manipulate any traffic going through t...

Critical SQLite vulnerabilities named “Magellan 2.0” discovered in World’s most popular browser Google Chrome let hackers exploit the Chromium render process and execute the remote code. SQLite is a well-known database that widely used in popular embedded database software, and SQLite is a popular choice for local/client storage in application software such as web browsers and operating systems. The vulnerability affects the users who all are using Chrome that is prior to 79.0.3945.79 with WebSQL enabled, and the researchers confirmed that the other devices such as PC/Mobile devices/IoT devices may also be affected depends on the attack surface. The vulnerability was initially discovered by the Tencent Blade Team, and they have successfully tested in Chrome and exploited the vulnerability in Chromium render process. Tencent Blade Team @tencent_blade Magellan 2.0 on its way! Blade researcher @ leonwxqian found another set of vulnerabilities in # SQLite...