A flaw in the Windows TCP/IP protocol stack implementation has been discovered, this is related to driver handling of IPv6 (IP version 6), whereby a threat actor can perform a Denial of Service (DoS) attack and may gain the ability to execute arbitrary code on the target. This works by exploiting a logic error in […]
Security Alerts
“Playing Leapfrog” Default Password Usage Allows for Jfrog Artifactory Account Compromise
14
Oct
Oct
Jfrog Artifactory is a DevOps solution that aims to provide automation throughout an application delivery process and its goal is to improve productivity. It boasts many useful features for the deployment of applications and can be integrated with a client’s cloud infrastructure. However, a vulnerability exists where administrator accounts do not require a password to […]
08
Oct
Oct
Security researchers have discovered a flaw, wherein two techniques are used to remove the restrictions apple puts in place (commonly known as Jailbreaking) are combined. Together, the Jailbreaking techniques exploit a vulnerability in Mac computers’ T2 Security Chip, which in turn allows an attacker to decrypt data and or plant malware on the device. Unpatchable […]
01
Oct
Oct
Multiple wireless router chipsets were discovered to be vulnerable to authentication bypass, giving a threat actor control of network traffic passing through the affected device(s). A successful attack occurs when an attacker injects arbitrary (unencrypted) packets into networks with WPA2 protection. Upon injection, the packets are considered to be legitimately routed traffic and encrypted responses […]
17
Sep
Sep
A successful Bluetooth Low Energy Spoofing Attack (BLESA) allows threat actors to connect with a device (by getting around reconnection authentication requirements) and send spoofed data to the device. This first starts with malicious packets fooling the device into behaving abnormally and attackers manipulating the device to feed it misleading information. The vulnerability affects Linux, Android, […]