Remember the Reverse RDP Attack?Earlier this year, researchers disclosed clipboard hijacking and path-traversal issues in Microsoft's Windows built-in RDP client that could allow a malicious RDP server to compromise a client computer, reversely.(You can find details and a video demonstration for this security vulnerability, along with dozens of critical flaws in other … [Read more...] about Reverse RDP Attack Also Enables Guest-to-Host Escape in Microsoft Hyper-V
data breaches
SWAPGS Attack — New Speculative Execution Flaw Affects All Modern Intel CPUs
A new variant of the Spectre (Variant 1) side-channel vulnerability has been discovered that affects all modern Intel CPUs, and probably some AMD processors as well, which leverage speculative execution for high performance, Microsoft and Red Hat warned.Identified as CVE-2019-1125, the vulnerability could allow unprivileged local attackers to access sensitive information stored … [Read more...] about SWAPGS Attack — New Speculative Execution Flaw Affects All Modern Intel CPUs
New Flaws in Qualcomm Chips Expose Millions of Android Devices to Hacking
A series of critical vulnerabilities have been discovered in Qualcomm chipsets that could allow hackers to compromise Android devices remotely just by sending malicious packets over-the-air with no user interaction.Discovered by security researchers from Tencent's Blade team, the vulnerabilities, collectively known as QualPwn, reside in the WLAN and modem firmware of Qualcomm … [Read more...] about New Flaws in Qualcomm Chips Expose Millions of Android Devices to Hacking
Researchers Discover New Ways to Hack WPA3 Protected WiFi Passwords
The same team of cybersecurity researchers who discovered several severe vulnerabilities, collectively dubbed as Dragonblood, in the newly launched WPA3 WiFi security standard few months ago has now uncovered two more flaws that could allow attackers to hack WiFi passwords.WPA, or WiFi Protected Access, is a WiFi security standard that has been designed to authenticate wireless … [Read more...] about Researchers Discover New Ways to Hack WPA3 Protected WiFi Passwords
Cisco ‘Knowingly’ Sold Hackable Video Surveillance System to U.S. Government
Cisco Systems has agreed to pay $8.6 million to settle a lawsuit that accused the company of knowingly selling video surveillance system containing severe security vulnerabilities to the U.S. federal and state government agencies.It's believed to be the first payout on a 'False Claims Act' case over failure to meet cybersecurity standards.The lawsuit began eight years ago, in … [Read more...] about Cisco ‘Knowingly’ Sold Hackable Video Surveillance System to U.S. Government
DHS Warns Small Airplanes Vulnerable to Flight Data Manipulation Attacks
What could be more horrifying than knowing that a hacker can trick the plane's electronic systems into displaying false flight data to the pilot, which could eventually result in loss of control?Of course, the attacker would never wish to be on the same flight, so in this article, we are going to talk about a potential loophole that could allow an attacker to exploit a … [Read more...] about DHS Warns Small Airplanes Vulnerable to Flight Data Manipulation Attacks
Critical Flaws in ‘OXID eShop’ Software Expose eCommerce Sites to Hacking
If your e-commerce website runs on the OXID eShop platform, you need to update it immediately to prevent your site from becoming compromised.Cybersecurity researchers have discovered a pair of critical vulnerabilities in OXID eShop e-commerce software that could allow unauthenticated attackers to take full control over vulnerable eCommerce websites remotely in less than a few … [Read more...] about Critical Flaws in ‘OXID eShop’ Software Expose eCommerce Sites to Hacking
Google Researchers Disclose PoCs for 4 Remotely Exploitable iOS Flaws
Google's cybersecurity researchers have finally disclosed details and proof-of-concept exploits for 4 out of 5 security vulnerabilities that could allow remote attackers to target Apple iOS devices just by sending a maliciously-crafted message over iMessage.All the vulnerabilities, which required no user interaction, were responsibly reported to Apple by Samuel Groß and Natalie … [Read more...] about Google Researchers Disclose PoCs for 4 Remotely Exploitable iOS Flaws
Capital One Data Breach Affects 106 Million Customers; Hacker Arrested
Another week, another massive data breach.Capital One, the fifth-largest U.S. credit-card issuer and banking institution, has recently suffered a data breach exposing the personal information of more than 100 million credit card applicants in the United States and 6 million in Canada.The data breach that occurred on March 22nd and 23rd this year allowed attackers to steal … [Read more...] about Capital One Data Breach Affects 106 Million Customers; Hacker Arrested
Critical Flaws Found in VxWorks RTOS That Powers Over 2 Billion Devices
Security researchers have discovered almost a dozen zero-day vulnerabilities in VxWorks, one of the most widely used real-time operating systems (RTOS) for embedded devices that powers over 2 billion devices across aerospace, defense, industrial, medical, automotive, consumer electronics, networking, and other critical industries.According to a new report Armis researchers … [Read more...] about Critical Flaws Found in VxWorks RTOS That Powers Over 2 Billion Devices