A new variant of the Spectre (Variant 1) side-channel vulnerability has been discovered that affects all modern Intel CPUs, and probably some AMD processors as well, which leverage speculative execution for high performance, Microsoft and Red Hat warned.Identified as CVE-2019-1125, the vulnerability could allow unprivileged local attackers to access sensitive information stored … [Read more...] about SWAPGS Attack — New Speculative Execution Flaw Affects All Modern Intel CPUs
Flaw
Zoom RCE Flaw Also Affects Its Rebranded Versions RingCentral and Zhumu
The same security vulnerabilities that were recently reported in Zoom for macOS also affect two other popular video conferencing software that under the hood, are just a rebranded version of Zoom video conferencing software.Security researchers confirmed The Hacker News that RingCentral, used by over 350,000 businesses, and Zhumu, a Chinese version of Zoom, also runs a hidden … [Read more...] about Zoom RCE Flaw Also Affects Its Rebranded Versions RingCentral and Zhumu
This Flaw Could Have Allowed Hackers to Hack Any Instagram Account Within 10 Minutes
Watch out! Facebook-owned photo-sharing service has recently patched a critical vulnerability that could have allowed hackers to compromise any Instagram account without requiring any interaction from the targeted users.Instagram is growing quickly—and with the most popular social media network in the world after Facebook, the photo-sharing network absolutely dominates when it … [Read more...] about This Flaw Could Have Allowed Hackers to Hack Any Instagram Account Within 10 Minutes
Zoom Video Conferencing for macOS Also Vulnerable to Critical RCE Flaw
The chaos and panic that the disclosure of privacy vulnerability in the highly popular and widely-used Zoom video conferencing software created earlier this week is not over yet.As suspected, it turns out that the core issue—a locally installed web server by the software—was not just allowing any website to turn on your device webcam, but also could allow hackers to take … [Read more...] about Zoom Video Conferencing for macOS Also Vulnerable to Critical RCE Flaw
Important Flaw in Outlook App for Android Affects Over 100 Millions Users
Update (22 July 2019) — More technical details and proof-of-concept for the OutLook for Android vulnerability has been released that we have covered in a separate article here.Microsoft today released an updated version of its "Outlook for Android" that patches an important security vulnerability in the popular email app that is currently being used over 100 million … [Read more...] about Important Flaw in Outlook App for Android Affects Over 100 Millions Users
PoC Released for Outlook Flaw that Microsoft Patched 6 Month After Discovery
As we reported two days ago, Microsoft this week released an updated version of its Outlook app for Android that patches a severe remote code execution vulnerability (CVE-2019-1105) that impacted over 100 million users.However, at that time, very few details of the flaw were available in the advisory, which just revealed that the earlier versions of the email app contained a … [Read more...] about PoC Released for Outlook Flaw that Microsoft Patched 6 Month After Discovery
Critical Flaw Reported in Popular Evernote Extension for Chrome Users
Cybersecurity researchers discover a critical flaw in the popular Evernote Chrome extension that could have allowed hackers to hijack your browser and steal sensitive information from any website you accessed.Evernote is a popular service that helps people taking notes and organize their to-do task lists, and over 4,610,000 users have been using its Evernote Web Clipper … [Read more...] about Critical Flaw Reported in Popular Evernote Extension for Chrome Users
Hacker Discloses Second Zero-Day to Bypass Patch for Windows EoP Flaw
An anonymous security researcher going by the name of SandboxEscaper today publicly shared a second zero-day exploit that can be used to bypass a recently patched elevation of privilege vulnerability in the Microsoft Windows operating system.SandboxEscaper is known for publicly dropping zero-day exploits for unpatched Windows vulnerabilities. In the past year, the hacker has … [Read more...] about Hacker Discloses Second Zero-Day to Bypass Patch for Windows EoP Flaw
Nearly 1 Million Computers Still Vulnerable to “Wormable” BlueKeep RDP Flaw
Nearly 1 million Windows systems are still unpatched and have been found vulnerable to a recently disclosed critical, wormable, remote code execution vulnerability in the Windows Remote Desktop Protocol (RDP)—two weeks after Microsoft releases the security patch.If exploited, the vulnerability could allow an attacker to easily cause havoc around the world, potentially much … [Read more...] about Nearly 1 Million Computers Still Vulnerable to “Wormable” BlueKeep RDP Flaw
PoC Exploit For Unpatched Windows 10 Zero-Day Flaw Published Online
An anonymous hacker with an online alias "SandboxEscaper" today released proof-of-concept (PoC) exploit code for a new zero-day vulnerability affecting Windows 10 operating system—that's his/her 5th publicly disclosed Windows zero-day exploit [1, 2, 3] in less than a year.Published on GitHub, the new Windows 10 zero-day vulnerability is a privilege escalation issue that could … [Read more...] about PoC Exploit For Unpatched Windows 10 Zero-Day Flaw Published Online