Tag Archives: Vulnerability
A macOS 0-day vulnerability let hackers take screenshots
A macOS 0-day vulnerability lets hackers take screenshots of your screen. Hackers have been exploiting a vulnerability in fully updated versions of macOS that allowed them to take screenshots on infected Macs without having to get permissions from any users. However, this attack is finally getting patched with the latest macOS 11.4 update released on May…
VMware vCenter VMSA-2021-0010 Advisory
In this VMware vCenter VMSA-2021-0010 Advisory, VMware vCenter Server updates address remote code execution and authentication vulnerabilities (CVE-2021-21985, CVE-2021-21986). VMware Impacted Products? VMware vCenter Server (vCenter Server) VMware Cloud Foundation (Cloud Foundation) Who is affected? VMware Security Advisories always list the specific product versions that are affected. In this case it is vCenter Server 6.5,…
Lost your iPhone? Someone can use Checkm8 and Checkra1n to jailbreak it.
If you lost your iPhone you should be worried. Someone can hack into it with free software called Checkm8 and Checkra1n to jailbreak it. Essentially they would be able to hack into your phone and by pass any security you have in place. Why should we care about Checkm8? The Checkm8 vulnerability works on 11 generations…
Jetty Vulnerability using Invalid Large TLS Frame causes 100% CPU Usage
This Jetty vulnerability is to be considered as a service availability issue. When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. The following packages have been upgraded to a…
Microsoft released one-click solution for Exchange Vulnerability
To combat the severe vulnerability facing exchange servers, Microsoft has released a one-click solution to help server administrators mitigate the problem. Microsoft Stated “We realized that there was a need for a simple, easy to use, automated solution that would meet the needs of customers using both current and out-of-support versions of on-premises Exchange Server,”…
Hackers Bypassing cPanel 2FA All Day Long
Researchers have discovered quite a big issue with cPanel which Hackers can exploit your 2FA authentication to obtain access to your cPanel Hosting service. What was found by Digtial Defense, Inc. “Digital Defense, Inc., a leader in vulnerability and threat management solutions, today announced that its Vulnerability Research Team (VRT) uncovered a previously undisclosed vulnerability affecting…
Mobile Users Falling Victims To URL Spoofing
Yikes, aren’t there enough mobile vulnerabilities already? Now we have to tend to URL Spoofing and determining if the website is real or not? A Rapid7 researcher named Tod Beardsley, which disclosed the vulnerability, said this flaw, is an instance of CWE-451 from the Common Weakness Enumeration. It is cause for concern because these victims…
Netgear Zero-Day Vulnerability Allows Full Takeover
A cybersecurity researcher found a Netgear Zero-Day vulnerability which allows full takeover of about 79 Netgear router models. “The specific flaw exists within the httpd service, which listens on TCP Port 80 by default,” according to the ZDI report, which covers the bug’s presence in the R6700 series Netgear routers. “The issue results from the…
CISA Alerts in Ongoing Ransomware Exploiting Vulnerabilities in RDP and VPNs
The DHS Cybersecurity & Infrastructure Security Agency (CISA) has issued an alert regarding an on going Nefilim ransomware campaign, after the New Zealand Computer Emergency Response Team (CERT NZ) issuing an alert as well. Nefilim ransomware is the successor of Nemty ransomware and was first discovered in February 2020. The developers of the ransomware conduct…
Recent Plex Vulnerability Allows Full System Takeover
Recently it was found that Plex had a vulnerability that allowed hackers to do a full system takeover. The three vulnerabilities that were found are CVE-2020-5740, CVE-2020-5741, and CVE-2020-5742 which was detected by Tenable security researcher Chris Lyne and reported to Plex on May 31st. If hackers are able to exploit this vulnerability they could execute code…
Loading ...