Authentication bypass Cyber Security FreeBSD OpenBSD privilege escalation Security Vulnerability

Severe Auth Bypass and Priv-Esc Vulnerabilities Disclosed in OpenBSD

OpenBSD, an open-source operating system built with security in mind, has been found vulnerable to four new high-severity security vulnerabilities, one of which is an old-school type authentication bypass vulnerability in BSD Auth framework. The other three vulnerabilities are privilege escalation issues that could allow local users or malicious software to gain privileges of an […]

arbitrary code execution Connected devices Cyber Security GoAhead Web server hacking smart device Internet of Things Security smart device Vulnerability web server website security

Critical Flaw in GoAhead Web Server Could Affect Wide Range of IoT Devices

Cybersecurity researchers today uncovered details of two new vulnerabilities in the GoAhead web server software, a tiny application widely embedded in hundreds of millions of Internet-connected smart devices. One of the two vulnerabilities, assigned as CVE-2019-5096, is a critical code execution flaw that can be exploited by attackers to execute malicious code on vulnerable devices […]

Android android banking trojan Android Malware Android Vulnerability Mobile Security Security Strandhogg Vulnerability

Unpatched Strandhogg Android Vulnerability Actively Exploited in the Wild

Cybersecurity researchers have discovered a new unpatched vulnerability in the Android operating system that dozens of malicious mobile apps are already exploiting in the wild to steal users’ banking and other login credentials and spy on their activities. Dubbed Strandhogg, the vulnerability resides in the multitasking feature of Android that can be exploited by a […]

Android android banking trojan Android Malware Android Vulnerability Mobile Security Security Strandhogg Vulnerability

New Unpatched Strandhogg Android Vulnerability Actively Exploited in the Wild

Cybersecurity researchers have discovered a new unpatched vulnerability in the Android operating system that dozens of malicious mobile apps are already exploiting in the wild to steal users’ banking and other login credentials and spy on their activities. Dubbed Strandhogg, the vulnerability resides in the multitasking feature of Android that can be exploited by a […]

Cyber Security hacking news remote code execution Security server security virtual network computing VNC protocol vnc viewer Vulnerability

Dozens of Severe Flaws Found in 4 Popular Open Source VNC Software

Four popular open-source VNC remote desktop applications have been found vulnerable to a total of 37 security vulnerabilities, many of which went unnoticed for the last 20 years and most severe could allow remote attackers to compromise a targeted system. VNC (virtual network computing) is an open source graphical desktop sharing protocol based on RFB […]

Android ARM TrustZone Cyber Security hacking news hardware encryption Qualcomm Security Vulnerability

Qualcomm Chip Flaws Let Hackers Steal Private Data From Android Devices

Hundreds of millions of devices, especially Android smartphones and tablets, using Qualcomm chipsets, are vulnerable to a new set of potentially serious vulnerabilities. According to a report cybersecurity firm CheckPoint shared with The Hacker News, the flaws could allow attackers to steal sensitive data stored in a secure area that is otherwise supposed to be […]

Cyber Security hacking news intel chipset intel processor intel vulnerability MDS attacks Security side channel vulnerability Skylake Processor speculative execution Vulnerability Zombieload Attack

New ZombieLoad v2 Attack Affects Intel’s Latest Cascade Lake CPUs

Zombieload is back. This time a new variant (v2) of the data-leaking side-channel vulnerability also affects the most recent Intel CPUs, including the latest Cascade Lake, which are otherwise resistant against attacks like Meltdown, Foreshadow and other MDS variants (RIDL and Fallout). Initially discovered in May this year, ZombieLoad is one of the three novel […]

hack wifi password hacking IoT devices hacking news How To Hack WIFI Password iot devices Ring Video Doorbell secure smart devices Security Smart Doorbell smart home technology Vulnerability

Amazon’s Ring Video Doorbell Lets Attackers Steal Your Wi-Fi Password

Security researchers at Bitdefender have discovered a high-severity security vulnerability in Amazon’s Ring Video Doorbell Pro devices that could allow nearby attackers to steal your WiFi password and launch a variety of cyberattacks using MitM against other devices connected to the same network. In case you don’t own one of these, Amazon’s Ring Video Doorbell […]

hacking web server hosting web server NGINX php 7 php security PHP Vulnerability PHP-FPM Security Vulnerability website security

New PHP Flaw Could Let Attackers Hack Sites Running On Nginx Servers

If you’re running any PHP based website on NGINX server and have PHP-FPM feature enabled for better performance, then beware of a newly disclosed vulnerability that could allow unauthorized attackers to hack your website server remotely. The vulnerability, tracked as CVE-2019-11043, affects websites with certain configurations of PHP-FPM that is reportedly not uncommon in the […]