Hacks

A high-severity vulnerability could allow cybercriminals to push malware or remotely execute code, using seemingly innocuous messages. Security researchers have identified a JavaScript vulnerability in the WhatsApp desktop platform that could allow cybercriminals to spread malware, phishing or ransomware campaigns through notification messages that appear completely normal to unsuspecting users. And, further investigation shows this could be parlayed into remote code-execution. The desktop platform has more than 1.5 billion monthly active users. The high-severity bug (rated 8.2 on the CVSS severity scale) could impact those that also use WhatsApp for iPhone, if they don’t update their desktop and mobile apps, and if they don’t use newer versions of the Chrome browser. “A vulnerability [ CVE-2019-18426 ] in WhatsApp Desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone versions prior to 2.20.10 allows cross-site scripting (XSS) and local file reading,” acc...

Since the past few weeks, software giant Citrix has privately been rolling out a critical software update to its enterprise customers that patches multiple security vulnerabilities affecting Citrix ShareFile content collaboration platform. The security advisory—about which The Hacker News learned from  Dimitri van de Giessen , an ethical hacker and system engineer—is scheduled to be available publicly later today on the  Citrix website . Citrix ShareFile is an enterprise-level file sharing solution for businesses using which employees can securely exchange proprietary and sensitive business data with each other. The software offers an on-premises secure cloud environment for data storage with auditing capabilities and regulatory compliance controls. For example, a company can remotely lock or wipe data from potentially compromised mobile devices, or they're when lost or stolen. The newly identified security issues ( CTX-CVE-2020-7473 ) specifically affect customer-m...

Attention! Are you using Firefox as your web browsing software on your Windows, Linux, or Mac systems? If yes, you should immediately update your free and open-source Firefox web browser to the latest version available on Mozilla's website. Why the urgency? Mozilla earlier today released  Firefox 72.0.1  and  Firefox ESR 68.4.1  versions to patch a critical zero-day vulnerability in its browsing software that an undisclosed group of hackers is actively exploiting in the wild. Tracked as ' CVE-2019-17026 ,' the bug is a critical 'type confusion vulnerability' that resides in the IonMonkey just-in-time (JIT) compiler of the Mozilla's JavaScript engine SpiderMonkey. In general, a type confusion vulnerability occurs when the code doesn't verify what objects it is passed to and blindly uses it without checking its type, allowing attackers to crash the application or achieve code execution. Without revealing details about the security flaw and any ...

A zero-day vulnerability in Dropbox for Windows allows attackers to escalate privileges from simple windows users privilege to the reserved SYSTEM privilege. The vulnerability resides in the  DropBoxUpdater service , which is responsible for keeping the client application up to date. Dropbox Updater Vulnerability The vulnerability was discovered by security researcher Decoder and  Chris Danieli  and they have created a  PoC  to test the vulnerability. The DropBoxUpdater is the component of the Dropbox Client Software suite, the updater installed as a service and keeps 2 scheduled tasks running with SYSTEM permissions. Dropboxupdate writes the log files in the directory “c:\ProgramData\Dropbox\Update\Log”, any users can access the directories or to add, delete the files. Another notable thing is that SetSecurity call made through SYSTEM privileges on the files, this allows an attacker to exploit via  hardlink . “But we have a problem h...

Researchers discovered a  newly patched Windows Zero-day vulnerability  exploit already used in Operation WizardOpium attacks along with Chrome Zero-day exploit in last month. The attack was initially observed by Kaspersky researchers who have already uncovered a Google Chrome 0-day exploit that was used in the part of the attack. Further detailed investigation revealed that the exploit for Google Chrome embeds a 0-day EoP exploit ( CVE-2019-1458 ) that is used to gain higher privileges on the infected machine and also escape the Chrome process sandbox. Researchers observed the 2 different stages in EoP exploit, one is a tiny PE loader and another one is an actual exploit. Kaspersky products detect this exploit with the verdict PDM: Exploit.Win32.Generic. EoP exploit indicates that the vulnerability it used belongs to the win32k.sys driver and that the EoP exploit was the 0-day exploit, and it was confirmed by the researchers when they have tested with an exp...