Hacks

Researchers discovered as critical vulnerability dubbed Cable Haunt affects cable modems from different manufacturers across the globe. The vulnerability enables a remote attacker to gain complete control over the modem through its endpoint. Successful exploitation allows attackers to intercept private messages, redirect traffic, or participate in botnets. Cable Haunt vulnerability was discovered by a team of Danish security researchers in Broadcom cable modems. Cable Haunt Attacks Middleware The vulnerability targets the middleware running on the chip used in the Broadcom  cable  modems, the middleware is the real-time operating system in cable modems that runs all the networking tasks. It affects multiple vendors as the same software being used by various cable modem manufacturers to create their cable modem firmware. All the traffic goes through the cable modem middleware (CM), by gaining control over it attackers can manipulate any traffic going through t...

It's now or never to prevent your enterprise servers running vulnerable versions of Citrix application delivery, load balancing, and Gateway solutions from getting hacked by remote attackers. Why the urgency? Earlier today, multiple groups publicly released weaponized proof-of-concept exploit code [ 1 ,  2 ] for a recently disclosed remote code execution vulnerability in Citrix's NetScaler ADC and Gateway products that could allow anyone to leverage them to take full control over potential enterprise targets. Just before the last Christmas and year-end holidays, Citrix  announced  that its Citrix Application Delivery Controller (ADC) and Citrix Gateway are vulnerable to a critical path traversal flaw (CVE-2019-19781) that could allow an unauthenticated attacker to perform arbitrary code execution on vulnerable servers. Citrix confirmed that the flaw affects all supported version of the software, including: Citrix ADC and Citrix Gateway version 13.0 all supporte...

Attention! Are you using Firefox as your web browsing software on your Windows, Linux, or Mac systems? If yes, you should immediately update your free and open-source Firefox web browser to the latest version available on Mozilla's website. Why the urgency? Mozilla earlier today released  Firefox 72.0.1  and  Firefox ESR 68.4.1  versions to patch a critical zero-day vulnerability in its browsing software that an undisclosed group of hackers is actively exploiting in the wild. Tracked as ' CVE-2019-17026 ,' the bug is a critical 'type confusion vulnerability' that resides in the IonMonkey just-in-time (JIT) compiler of the Mozilla's JavaScript engine SpiderMonkey. In general, a type confusion vulnerability occurs when the code doesn't verify what objects it is passed to and blindly uses it without checking its type, allowing attackers to crash the application or achieve code execution. Without revealing details about the security flaw and any ...

TikTok , the 3rd most downloaded app in 2019, is under intense scrutiny over users' privacy, censoring politically controversial content and on national-security grounds—but it's not over yet, as the security of billions of TikTok users would be now under question. The famous Chinese viral video-sharing app contained potentially dangerous vulnerabilities that could have allowed remote attackers to hijack any user account just by knowing the mobile number of targeted victims. Cybersecurity researchers at Check Point revealed that chaining multiple vulnerabilities allowed them to remotely execute malicious code and perform unwanted actions on behalf of the victims without their consent. The reported vulnerabilities include low severity issues like SMS link spoofing, open redirection, and cross-site scripting (XSS) that when combined could allow a remote attacker to perform high impact attacks, including: delete any videos from victims' TikTok profile, upload un...

Critical SQLite vulnerabilities named “Magellan 2.0” discovered in World’s most popular browser Google Chrome let hackers exploit the Chromium render process and execute the remote code. SQLite is a well-known database that widely used in popular embedded database software, and SQLite is a popular choice for local/client storage in application software such as web browsers and operating systems. The vulnerability affects the users who all are using Chrome that is prior to 79.0.3945.79 with WebSQL enabled, and the researchers confirmed that the other devices such as PC/Mobile devices/IoT devices may also be affected depends on the attack surface. The vulnerability was initially discovered by the Tencent Blade Team, and they have successfully tested in Chrome and exploited the vulnerability in Chromium render process. Tencent Blade Team @tencent_blade Magellan 2.0 on its way! Blade researcher @ leonwxqian found another set of vulnerabilities in # SQLite...

Internet-connected devices have been one of the most remarkable developments that have happened to humankind in the last decade. Although this development is a good thing, it also stipulates a high security and privacy risk to personal information. In one such recent privacy mishap, smart IP cameras manufactured by Chinese smartphone maker Xiaomi found mistakenly sharing surveillance footage of Xiaomi users with other random users without any permission. The issue appears to affect Xiaomi IP cameras only when streamed through connected Google's Nest Hub, which came into light when a  Reddit user  claimed that his Google Nest Hub is apparently pulling random feeds from other users instead of his own Xiaomi Mijia cameras. The Reddit user also shared some photos showing other people's homes, an older adult sleeping on a chair, and a baby sleeping in its crib that appeared on his Nest Hub screen. It appears the issue doesn't reside in Google products; instead, it co...