Hacks

A new Zoom flaw lets hackers record Zoom meeting sessions and to capture the chat text without the knowledge of meeting participants’ even though host disables recording option for the participants. Zoom is an online video communication platform that has features such as video conferencing, online meetings, chat, and mobile collaboration. Zoom Malware Injection Process Security researchers from Morphisec Labs observed a new vulnerability that lets malware injects into the Zoom process without any interaction even the recording option disabled for the user. At the time of recording none of the participants aware that the session is recorded and the Zoom malware has full control over the outputs. This opens a way for hackers to spy on Zoom sessions, as hackers already started selling thousands of  Compromised Usernames and Passwords  of Zoom Accounts Listed on Dark Web Forum. “Furthermore, Zoom is usually a trusted application; turning it into an info-stealer in...

Attention! Are you using Firefox as your web browsing software on your Windows, Linux, or Mac systems? If yes, you should immediately update your free and open-source Firefox web browser to the latest version available on Mozilla's website. Why the urgency? Mozilla earlier today released  Firefox 72.0.1  and  Firefox ESR 68.4.1  versions to patch a critical zero-day vulnerability in its browsing software that an undisclosed group of hackers is actively exploiting in the wild. Tracked as ' CVE-2019-17026 ,' the bug is a critical 'type confusion vulnerability' that resides in the IonMonkey just-in-time (JIT) compiler of the Mozilla's JavaScript engine SpiderMonkey. In general, a type confusion vulnerability occurs when the code doesn't verify what objects it is passed to and blindly uses it without checking its type, allowing attackers to crash the application or achieve code execution. Without revealing details about the security flaw and any ...

A zero-day vulnerability in Dropbox for Windows allows attackers to escalate privileges from simple windows users privilege to the reserved SYSTEM privilege. The vulnerability resides in the  DropBoxUpdater service , which is responsible for keeping the client application up to date. Dropbox Updater Vulnerability The vulnerability was discovered by security researcher Decoder and  Chris Danieli  and they have created a  PoC  to test the vulnerability. The DropBoxUpdater is the component of the Dropbox Client Software suite, the updater installed as a service and keeps 2 scheduled tasks running with SYSTEM permissions. Dropboxupdate writes the log files in the directory “c:\ProgramData\Dropbox\Update\Log”, any users can access the directories or to add, delete the files. Another notable thing is that SetSecurity call made through SYSTEM privileges on the files, this allows an attacker to exploit via  hardlink . “But we have a problem h...

Another day, another revelation of a critical unpatched zero-day vulnerability, this time in the world's most widely used mobile operating system, Android. What's more? The Android zero-day vulnerability has also been found to be exploited in the wild by the Israeli surveillance vendor NSO Group—infamous for selling zero-day exploits to governments—or one of its customers, to gain control of their targets' Android devices. Discovered by Project Zero researcher Maddie Stone, the details and a proof-of-concept exploit for the high-severity security vulnerability, tracked as CVE-2019-2215, has been made public today—just seven days after reporting it to the Android security team. The zero-day is a use-after-free vulnerability in the Android kernel's binder driver that can allow a local privileged attacker or an app to escalate their privileges to gain root access to a vulnerable device and potentially take full remote control of the device. Vulnerable Android Devices...