bugs

Researcher Uncovers Potential Wiretapping Bugs in Google Home Smart Speakers

Dec 30, 2022 by iHash Leave a Comment

Dec 30, 2022Ravie LakshmananBug Bounty / Privacy A security researcher was awarded a bug bounty of $107,500 for identifying security issues in Google Home smart speakers that could be exploited to install backdoors and turn them into wiretapping devices. The flaws "allowed an attacker within wireless proximity to install a 'backdoor' account on the device, enabling them to … [Read more...] about Researcher Uncovers Potential Wiretapping Bugs in Google Home Smart Speakers

Iranian Hackers Exploiting Unpatched Log4j 2 Bugs to Target Israeli Organizations

Aug 27, 2022 by iHash Leave a Comment

Iranian state-sponsored actors are leaving no stone unturned to exploit unpatched systems running Log4j to target Israeli entities, indicating the vulnerability's long tail for remediation. Microsoft attributed the latest set of activities to the umbrella threat group tracked as MuddyWater (aka Cobalt Ulster, Mercury, Seedworm, or Static Kitten), which is linked to the Iranian … [Read more...] about Iranian Hackers Exploiting Unpatched Log4j 2 Bugs to Target Israeli Organizations

Microsoft Finds Critical Bugs in Pre-Installed Apps on Millions of Android Devices

May 28, 2022 by iHash Leave a Comment

Four high severity vulnerabilities have been disclosed in a framework used by pre-installed Android System apps with millions of downloads. The issues, now fixed by its Israeli developer MCE Systems, could have potentially allowed threat actors to stage remote and local attacks or be abused as vectors to obtain sensitive information by taking advantage of their extensive system … [Read more...] about Microsoft Finds Critical Bugs in Pre-Installed Apps on Millions of Android Devices

Critical TLStorm 2.0 Bugs Affect Widely-Used Aruba and Avaya Network Switches

May 3, 2022 by iHash Leave a Comment

Cybersecurity researchers have detailed as many as five severe security flaws in the implementation of TLS protocol in several models of Aruba and Avaya network switches that could be abused to gain remote access to enterprise networks and steal valuable information. The findings follow the March disclosure of TLStorm, a set of three critical flaws in APC Smart-UPS devices that … [Read more...] about Critical TLStorm 2.0 Bugs Affect Widely-Used Aruba and Avaya Network Switches

S3 Ep80: Ransomware news, phishing woes, NAS bugs, and a giant hole in Java [Podcast]

Apr 28, 2022 by iHash Leave a Comment

Latest episode - listen now! Source link … [Read more...] about S3 Ep80: Ransomware news, phishing woes, NAS bugs, and a giant hole in Java [Podcast]

Critical Bugs in TerraMaster TOS Could Open NAS Devices to Remote Hacking

Mar 7, 2022 by iHash Leave a Comment

Researchers have disclosed details of critical security vulnerabilities in TerraMaster network-attached storage (TNAS) devices that could be chained to attain unauthenticated remote code execution with the highest privileges. The issues reside in TOS, an abbreviation for TerraMaster Operating System, and "can grant unauthenticated attackers access to the victim's box simply by … [Read more...] about Critical Bugs in TerraMaster TOS Could Open NAS Devices to Remote Hacking

Google Details Two Zero-Day Bugs Reported in Zoom Clients and MMR Servers

Jan 20, 2022 by iHash Leave a Comment

An exploration of zero-click attack surface for the popular video conferencing solution Zoom has yielded two previously undisclosed security vulnerabilities that could have been exploited to crash the service, execute malicious code, and even leak arbitrary areas of its memory. Natalie Silvanovich of Google Project Zero, who discovered and reported the two flaws last year, said … [Read more...] about Google Details Two Zero-Day Bugs Reported in Zoom Clients and MMR Servers

Researchers Find Bugs in Over A Dozen Widely Used URL Parser Libraries

Jan 10, 2022 by iHash Leave a Comment

A study of 16 different Uniform Resource Locator (URL) parsing libraries has unearthed inconsistencies and confusions that could be exploited to bypass validations and open the door to a wide range of attack vectors. In a deep-dive analysis jointly conducted by cybersecurity firms Claroty and Synk, eight security vulnerabilities were identified in as many third-party libraries … [Read more...] about Researchers Find Bugs in Over A Dozen Widely Used URL Parser Libraries

SAILFISH System to Find State-Inconsistency Bugs in Smart Contracts

Jan 4, 2022 by iHash Leave a Comment

A group of academics from the University of California, Santa Barbara, has demonstrated what it calls a "scalable technique" to vet smart contracts and mitigate state-inconsistency bugs, discovering 47 zero-day vulnerabilities on the Ethereum blockchain in the process. Smart contracts are programs stored on the blockchain that are automatically executed when predetermined … [Read more...] about SAILFISH System to Find State-Inconsistency Bugs in Smart Contracts

Active Directory Bugs Could Let hackers Take Over Windows Domain Controllers

Dec 22, 2021 by iHash Leave a Comment

Microsoft is urging customers to patch two security vulnerabilities in Active Directory domain controllers that it addressed in November following the availability of a proof-of-concept (PoC) tool on December 12. The two vulnerabilities — tracked as CVE-2021-42278 and CVE-2021-42287 — have a severity rating of 7.5 out of a maximum of 10 and concern a privilege escalation flaw … [Read more...] about Active Directory Bugs Could Let hackers Take Over Windows Domain Controllers

CleanMyMac One-Time Purchase: Lifetime License for $62

UltraVPN Secure USA VPN Proxy: 3 Year Subscription + Free Antivirus for 30 Days for $29

Wordela Vocabulary Mastery: Lifetime Subscription for $39

Apple Watch Series SE 2nd Gen (2022) Aluminum with Silicone Band – 44mm/Starlight (Refurbished Grade A: GPS + Cellular) for $273

Scribbyo AI: Lifetime Subscription for $49