Jump to content

Search the Community

Showing results for tags 'vulnerability'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Categories

  • Drivers
  • Filesharing
    • BitTorrent
    • eDonkey & Direct Connect (DC)
    • NewsReaders (Usenet)
    • Other P2P Clients & Tools
  • Internet
    • Download Managers & FTP Clients
    • Messengers
    • Web Browsers
    • Other Internet Tools
  • Multimedia
    • Codecs & Converters
    • Image Viewers & Editors
    • Media Players
    • Other Multimedia Software
  • Security
    • Anti-Malware
    • Firewalls
    • Other Security Tools
  • System
    • Benchmarking & System Info
    • Customization
    • Defrag Tools
    • Disc & Registry Cleaners
    • Management Suites
    • Other System Tools
  • Other Apps
    • Burning & Imaging
    • Document Viewers & Editors
    • File Managers & Archivers
    • Miscellaneous Applications
  • Linux Distributions

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

  1. InternetNZ discloses vulnerability that can be used to carry out cyberattacks A new vulnerability against authoritative DNS servers has been disclosed by InternetNZ. It includes servers run by top-level domain (TLD) operators, including .nz. InternetNZ says the vulnerability could be exploited to carry out Denial-of-Service (DoS) attacks across the world. InternetNZ is a a non-profit organisation and is the home and guardian for the .nz domain, Its mission is to "create an internet for all New Zealanders that is safe, accessible and a place for good".
  2. A New Facebook Bug Exposes Millions of Email Addresses A recently discovered vulnerability discloses user email addresses even when they’re set to private. PHOTOGRAPH: MIRAGEC/GETTY IMAGES STILL SMARTING FROM last month's dump of phone numbers belonging to 500 million Facebook users, the social media giant has a new privacy crisis to contend with: a tool that, on a massive scale, links Facebook accounts with their associated email addresses, even when users choose settings to keep them from being public. A video circulating
  3. WhatsApp Vulnerability Discovered That Could Allow Attackers to Suspend Your Account Remotely WhatsApp has suggested that users could avoid the problem by providing their email address with the two-step verification. WhatsApp users are at risk even if they’ve enabled two-factor authentication (2FA) on their accounts WhatsApp is found to have a vulnerability that can allow an attacker to suspend your account remotely using your phone number. The flaw that has now been found by security researchers appears to have existed on the instant messaging app for quite
  4. Trustwave Uncovers Vulnerability in Popular Website CMS Cybersecurity firm Trustwave has uncovered a security vulnerability in the popular website CMS, Umbraco. In a blog post on its website, Trustwave researchers outlined details of a privilege escalation issue which allows low privileged users to elevate themselves to the status of admin. The problem resides in an API endpoint that does not properly check the user’s authorization prior to returning results found to the application’s logging section. In the CMS, higher privileged users, i.e. ad
  5. T-Mobile, Verizon, AT&T Stop SMS Hijacks After Motherboard Investigation All the mobile carriers have mitigated a major SMS security loophole that allowed a hacker to hijack text messages for just $16. IMAGE: LJUBAPHOTO VIA GETTY IMAGES All of the major carriers made a significant change to how SMS messages are routed to prevent hackers being able to easily reroute a target's texts, according to an announcement from Aerialink, a communications company that helps route text messages. The move comes after a Motherboard investigation in which a hacker, with
  6. Recently Patched Android Vulnerability Exploited in Attacks Google has warned Android users that a recently patched vulnerability has been exploited in attacks. The vulnerability in question, tracked as CVE-2020-11261, was patched by Google with the Android security updates released in January 2021. The vulnerability is a high-severity improper input validation issue affecting a display/graphics component from Qualcomm. The flaw was reported to Qualcomm through Google in July 2020 and it affects a long list of chipsets. In Qualcomm’s advisory, CV
  7. Critical F5 BIG-IP vulnerability now targeted in ongoing attacks On Thursday, cybersecurity firm NCC Group said that it detected successful in the wild exploitation of a recently patched critical vulnerability in F5 BIG-IP and BIG-IQ networking devices. The exploitation attempts have started earlier this week and have escalated during the last 24 hours, with mass scanning activity being detected by NCC Group and Bad Packets. "Starting this week and especially in the last 24 hours (March 18th, 2021) we have observed multiple exploitation attempts agains
  8. Apple releases iOS 14.4.1 and macOS 11.2.3 to address a WebKit vulnerability The company recommends downloading the updates as soon as possible. Chris Velazco / Engadget Apple has released a set of updates it recommends all iPhone, iPad and Mac users download as soon as possible. No, iOS 14.5 and Big Sur 11.3 aren’t out yet. Instead, what we have are iOS 14.4.1 and macOS 11.2.3. When you download them on your devices, all you’ll get is a terse explanation from Apple saying that they’re “important.” However, the support pages spotted b
  9. Bug in Apple's Find My Feature Could've Exposed Users' Location Histories Cybersecurity researchers on Thursday disclosed two distinct design and implementation flaws in Apple's crowdsourced Bluetooth location tracking system that can lead to a location correlation attack and unauthorized access to the location history of the past seven days, thereby by deanonymizing users. The findings are a consequence of an exhaustive review undertaken by the Open Wireless Link (OWL) project, a team of researchers from the Secure Mobile Networking Lab at the Technical Un
  10. GRUB2 boot loader reveals multiple high severity vulnerabilities GRUB, a popular boot loader used by Unix-based operating systems has fixed multiple high severity vulnerabilities. In 2020, BleepingComputer had reported on the BootHole vulnerability in GRUB2 that could have let attackers compromise an operating system's booting process even if the Secure Boot verification mechanism was active. Threat actors could further abuse the flaw to hide arbitrary code ("bootkit") within the OS that would run on every boot.
  11. Exclusive: Flaws in Zoom’s Keybase App Kept Chat Images From Being Deleted A serious flaw in Zoom’s Keybase secure chat application left copies of images contained in secure communications on Keybase users’ computers after they were supposedly deleted. The flaw in the encrypted messaging application (CVE-2021-23827) does not expose Keybase users to remote compromise. However, it could put their security, privacy and safety at risk, especially for users living under authoritarian regimes in which apps like Keybase and Signal are increasingly relied on as a w
  12. Vulnerability in Chess.com allowed access to 50 Million user records The vulnerability could have been exploited to access any account on the site including the Chess.com administrator account. An IT security researcher identified a critical set of vulnerabilities in chess.com’s API, an immensely popular online chess playing site and app. The vulnerability could have been exploited to access any account on the site. It could also be used to gain full access to the site through its admin panel. What Happened? Cybersecurity researcher Sam Curry spent a lot o
  13. Vulnerabilities in Realtek Wi-Fi Module Expose Many Devices to Remote Attacks Major vulnerabilities in the Realtek RTL8195A Wi-Fi module expose embedded devices used in a myriad of industries to remote attacks, researchers with automated device security platform provider Vdoo reveal. The low-power Wi-Fi module is designed for use in embedded devices, and is being used in a broad range of industries, including automotive, agriculture, energy, healthcare, industrial, and security. The RTL8195A chip supports WEP, WPA and WPA2 authentication modes, and Vdoo disc
  14. US federal payroll agency hacked using SolarWinds software flaw The FBI has discovered that the National Finance Center (NFC), a U.S. Department of Agriculture (USDA) federal payroll agency, was compromised by exploiting a SolarWinds Orion software flaw, according to a Reuters report. NFC provides human resources and payroll services to roughly 170 federal agencies and over 650,000 federal employees since 1973. USDA confirms data breach The software vulnerability used to break into NFC's systems is different than the one used by suspected Russian n
  15. Shazam Vulnerability exposed location of Android, iOS users The vulnerability in Shazam was identified in 2019 but the details of it were only revealed last week. Can’t find out what’s the name of that song on television? You know who’ll help – Shazam. Recently though, a vulnerability found in the popular app which could allow a malicious actor to know a victim’s location has come to light. The vulnerability affected more than 100 million users at the time having the potential to compromise the physical security of these users marking its severity.
  16. VoIP vulnerability: CoTURN patches access control protection bypass Affected organizations also urged to implement protective configurations Attackers can bypass CoTURN servers’ default access control rules and access network services behind the firewall, security researchers have discovered. One researcher speculated that, under certain circumstances, an attacker could go on to achieve remote code execution (RCE) (although he emphasized that the documented vulnerability was not itself an RCE flaw). Berlin-based Enable Security has urged or
  17. Vulnerability Exposes F5 BIG-IP Systems to Remote DoS Attacks A vulnerability discovered by a researcher in a BIG-IP product from F5 Networks can be exploited to launch remote denial-of-service (DoS) attacks. The security flaw was discovered by Nikita Abramov, a researcher at cybersecurity solutions provider Positive Technologies, and it impacts certain versions of BIG-IP Access Policy Manager (APM), a secure access solution that simplifies and centralizes access to applications, APIs and data. According to F5 Networks, the vulnerability is related to a comp
  18. Google discloses 'high' severity security flaw in GitHub Google's Project Zero team is well-known for discovering vulnerabilities and bugs in Google's own software as well as that developed by other companies. Its methodology involves identifying security flaws in software and privately reporting them to vendors, giving them 90 days to fix them before public disclosure. Depending upon the complexity of the fix required, it sometimes also offers additional days in the form of a grace period. In specific scenarios, companies may even be given less than the standard 90 days to fix issue
  19. New Windows exploit lets you instantly become admin. Have you patched? Zerologon lets anyone with a network toehold obtain domain-controller password. Enlarge VGrigas (WMF) 34 with 26 posters participating Researchers have developed and published a proof-of-concept exploit for a recently patched Windows vulnerability that can allow access to an organization’s crown jewels—the Active Directory domain controllers that act as an all-powerful gatekeeper for all machines connected to a network.
  20. Insecure CTF protocol allows hackers to hijack any Windows app, escape sandboxes, get admin rights. CTF, a little-known Microsoft protocol used by all Windows operating system versions since Windows XP, is insecure and can be exploited with ease. According to Tavis Ormandy, a security researcher with Google's Project Zero elite security team and the one who discovered the buggy protocol, hackers or malware that already have a foothold on a user's computer can use the protocol to take over any app, high-privileged applications, or the entire OS, as a
  21. Devices from Samsung, LG, Huawei and Sony are affected. Bogus text messages aren't just being used to send you to malicious websites or crash your phone -- in some cases, they can hijack your emails. Check Point Research has discovered a vulnerability in phones from Huawei, LG, Samsung and Sony that lets attackers use custom SMS to intercept all email traffic on target devices. The attack uses the common Open Mobile Alliance version of over-the-air provisioning, a carrier technique for deploying settings to new phones, to access emails. The att
  22. Field-programmable gate arrays (FPGAs) are, so to say, a computer manufacturer’s “Lego bricks”: electronic components that can be employed in a more flexible way than other computer chips. Even large data centers that are dedicated to cloud services, such as those provided by some big technology companies, often resort to FPGAs. To date, the use of such services has been considered as relatively secure. Recently, however, scientists at Karlsruhe Institute of Technology (KIT) uncovered potential gateways for cyber criminals, as they explain in a report published
  23. Just one week after a previously patched vulnerability in Exim mail servers was disclosed by Qualys, attackers have begun searching out vulnerable Exim systems prompting the Cybersecurity and Infrastructure Security Agency (CISA) to encourage users to update their systems to the latest version. CISA reported the vulnerability CVE-2019-10149 was detected in exploits in the wild and highly recommends Exim users employ the update. The vulnerability affects versions 4.87 to 4.91 allows a local, or in some cases, a remote attacker to execv as root, with no memor
  24. A cross-site scripting vulnerability was discovered popular note-taking application Evernote, though the company patched it in under a week. A cross-site scripting vulnerability in Evernote's Web Clipper Chrome extension allowed hackers access to active sessions of other websites in the same browser, according to security company Guardio. The vulnerability—designated as CVE-2019-12592—allowed attackers to bypass Chrome's same-origin policy, creating a situation in which "code could be executed that could allow an attacker to perform actions on behalf of the use
  25. Windows has a new wormable vulnerability, and there’s no patch in sight Critical bug in Microsoft's SMBv3 implementation published under mysterious circumstances. Enlarge Michael Theis / Flickr 54 with 38 posters participating Word leaked out on Tuesday of a new vulnerability in recent versions of Windows that has the potential to unleash the kind of self-replicating attacks that allowed the WannaCry and NotPetya worms to cripple business networks around the world. The vulnerability exists
×
×
  • Create New...