Please consider updating your browser. Some parts of the website may not function as intended.

Hot seat – Hotspot Shield VPN New Privilege Escalation Vulnerability

hotspot

A high-risk vulnerability, rated as 7.8 in CVSS v3.1, affecting Windows 10.3.0 and earlier exists in the Hotspot Shield VPN client software. This allows an authorised user to potentially perform local privilege escalation. The impact: The flaw exists in improper directory permissions on a log folder for the software client. It allows a local user […]

Netlogon Elevation of Privilege Vulnerability

The Zero logon flaw is not new but can still pose a risk to organisations that have not patched it yet. The name elevation of privilege vulnerability comes from a flaw in the login process, where the initialization vector is set to all zeroes when it should be a random number. The CVSS v3.0 score […]

A Flaw in the Windows TCP/IP Protocol Stack

TCP/IP Protocol Stack

A flaw in the Windows TCP/IP protocol stack implementation has been discovered, this is related to driver handling of IPv6 (IP version 6), whereby a threat actor can perform a Denial of Service (DoS) attack and may gain the ability to execute arbitrary code on the target. This works by exploiting a logic error in […]

“Playing Leapfrog” Default Password Usage Allows for Jfrog Artifactory Account Compromise

Jfrog Artifactory

Jfrog Artifactory is a DevOps solution that aims to provide automation throughout an application delivery process and its goal is to improve productivity. It boasts many useful features for the deployment of applications and can be integrated with a client’s cloud infrastructure. However, a vulnerability exists where administrator accounts do not require a password to […]

T2 Security Chip in Mac a Computer Contains an “Unpatchable” Vulnerability

Security researchers have discovered a flaw, wherein two techniques are used to remove the restrictions apple puts in place (commonly known as Jailbreaking) are combined. Together, the Jailbreaking techniques exploit a vulnerability in Mac computers’ T2 Security Chip, which in turn allows an attacker to decrypt data and or plant malware on the device. Unpatchable […]

“Shark on the Router” (Authentication Bypass in Wireless Router Chipsets)

Multiple wireless router chipsets were discovered to be vulnerable to authentication bypass, giving a threat actor control of network traffic passing through the affected device(s). A successful attack occurs when an attacker injects arbitrary (unencrypted) packets into networks with WPA2 protection. Upon injection, the packets are considered to be legitimately routed traffic and encrypted responses […]

BLE Vulnerability Leads to Broken Authentication and Malicious Data Transfer

A successful Bluetooth Low Energy Spoofing Attack (BLESA) allows threat actors to connect with a device (by getting around reconnection authentication requirements) and send spoofed data to the device. This first starts with malicious packets fooling the device into behaving abnormally and attackers manipulating the device to feed it misleading information. The vulnerability affects Linux, Android, […]

File Manager Plugin in WordPress Contains a Remote Code Execution Vulnerability

WordPress’ popular plugin File Manager (versions 6.0-6.8) contains a vulnerability that allows an attacker to upload files and execute commands. Indicators of compromise include filenames such as “hardfork.php”, “hardfind.php” and “x.php”. The root of this problem is connector.minimal.php, which is due to a recent name change and executes directly — allowing the upload of malicious […]

Multiple Vulnerabilities found in Microsoft Azure Sphere

Vulnerability

Microsoft Azure Sphere versions 20.07 and 20.06 contain vulnerabilities such as remote code execution and privileges escalation. This could allow an attacker to gain access to sensitive information and possibly get admin-level permissions on the affected machine.​ These vulnerabilities could have severe consequences, so make sure you patch it before it is used against you. […]

Amazon Alexa subdomains are not safe for work

Alexa

Amazon Alexa subdomains have been found to be vulnerable to Cross-Origin Resource Sharing and Cross-Site Scripting. Exploiting these would have allowed an attacker to install or remove apps without the user’s knowledge and gather information about the device and the user(s). It would have only required one click from a specially crafted amazon link. IoT […]

Do NOT follow this link or you will be banned from the site!