Dec 30, 2022Ravie LakshmananBug Bounty / Privacy A security researcher was awarded a bug bounty of $107,500 for identifying security issues in Google Home smart speakers that could be exploited to install backdoors and turn them into wiretapping devices. The flaws "allowed an attacker within wireless proximity to install a 'backdoor' account on the device, enabling them to … [Read more...] about Researcher Uncovers Potential Wiretapping Bugs in Google Home Smart Speakers
researcher
Researcher Releases PoC for Recent Java Cryptographic Vulnerability
A proof-of-concept (PoC) code demonstrating a newly disclosed digital signature bypass vulnerability in Java has been shared online. The high-severity flaw in question, CVE-2022-21449 (CVSS score: 7.5), impacts the following version of Java SE and Oracle GraalVM Enterprise Edition - Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18 Oracle GraalVM Enterprise Edition: 20.3.5, … [Read more...] about Researcher Releases PoC for Recent Java Cryptographic Vulnerability
Israeli Researcher Cracked Over 3500 Wi-Fi Networks in Tel Aviv City
Over 70% of Wi-Fi networks from a sample size of 5,000 were hacked with "relative ease" in the Israeli city of Tel Aviv, highlighting how unsecure Wi-Fi passwords can become a gateway for serious threats to individuals, small businesses, and enterprises alike. CyberArk security researcher Ido Hoorvitch, who used a Wi-Fi sniffing equipment costing about $50 to collect 5,000 … [Read more...] about Israeli Researcher Cracked Over 3500 Wi-Fi Networks in Tel Aviv City
What Does It Take To Be a Cybersecurity Researcher?
Behind the strategies and solutions needed to counter today's cyber threats are—dedicated cybersecurity researchers. They spend their lives dissecting code and analyzing incident reports to discover how to stop the bad guys. But what drives these specialists? To understand the motivations for why these cybersecurity pros do what they do, we decided to talk with cybersecurity … [Read more...] about What Does It Take To Be a Cybersecurity Researcher?
Google Researcher Reported 3 Flaws in Apache Web Server Software
If your web-server runs on Apache, you should immediately install the latest available version of the server application to prevent hackers from taking unauthorized control over it.Apache recently fixed multiple vulnerabilities in its web server software that could have potentially led to the execution of arbitrary code and, in specific scenarios, even could allow attackers to … [Read more...] about Google Researcher Reported 3 Flaws in Apache Web Server Software
Researcher Demonstrates Several Zoom Vulnerabilities at DEF CON 28
Popular video conferencing app Zoom has addressed several security vulnerabilities, two of which affect its Linux client that could have allowed an attacker with access to a compromised system to read and exfiltrate Zoom user data—and even run stealthy malware as a sub-process of a trusted application.According to cybersecurity researcher Mazin Ahmed, who presented his findings … [Read more...] about Researcher Demonstrates Several Zoom Vulnerabilities at DEF CON 28
Researcher Demonstrates 4 New Variants of HTTP Request Smuggling Attack
A new research has identified four new variants of HTTP request smuggling attacks that work against various commercial off-the-shelf web servers and HTTP proxy servers.Amit Klein, VP of Security Research at SafeBreach who presented the findings today at the Black Hat security conference, said that the attacks highlight how web servers and HTTP proxy servers are still … [Read more...] about Researcher Demonstrates 4 New Variants of HTTP Request Smuggling Attack
Researcher Drops phpMyAdmin Zero-Day Affecting All Versions
A cybersecurity researcher recently published details and proof-of-concept for an unpatched zero-day vulnerability in phpMyAdmin—one of the most popular applications for managing the MySQL and MariaDB databases.phpMyAdmin is a free and open source administration tool for MySQL and MariaDB that's widely used to manage the database for websites created with WordPress, Joomla, and … [Read more...] about Researcher Drops phpMyAdmin Zero-Day Affecting All Versions