A zero-day vulnerability has been discovered in Zoom video conferencing software for Windows that could allow an attacker to execute arbitrary code on a victim's computer running Microsoft Windows 7 or older.To successfully exploit the zoom vulnerability, all an attacker needs to do is tricking a Zoom user into performing some typical action like opening a received document … [Read more...] about Unpatched Critical Flaw Disclosed in Zoom Software for Windows 7 or Earlier
Flaw
Critical RCE Flaw (CVSS 10) Affects F5 BIG-IP Application Security Servers
Cybersecurity researchers today issued a security advisory warning enterprises and governments across the globe to immediately patch a highly-critical remote code execution vulnerability affecting F5's BIG-IP networking devices running application security servers.The vulnerability, assigned CVE-2020-5902 and rated as critical with a CVSS score of 10 out of 10, could let remote … [Read more...] about Critical RCE Flaw (CVSS 10) Affects F5 BIG-IP Application Security Servers
First Cyber Attack ‘Mass Exploiting’ BlueKeep RDP Flaw Spotted in the Wild
Cybersecurity researchers have spotted a new cyberattack, which is believed to be the very first but amateur attempt to weaponize the infamous BlueKeep RDP vulnerability in the wild to mass compromise vulnerable systems for cryptocurrency mining.In May this year, Microsoft released a patch for a highly-critical remote code execution flaw in the Windows Remote Desktop Services, … [Read more...] about First Cyber Attack ‘Mass Exploiting’ BlueKeep RDP Flaw Spotted in the Wild
New PHP Flaw Could Let Attackers Hack Sites Running On Nginx Servers
If you're running any PHP based website on NGINX server and have PHP-FPM feature enabled for better performance, then beware of a newly disclosed vulnerability that could allow unauthorized attackers to hack your website server remotely.The vulnerability, tracked as CVE-2019-11043, affects websites with certain configurations of PHP-FPM that is reportedly not uncommon in the … [Read more...] about New PHP Flaw Could Let Attackers Hack Sites Running On Nginx Servers
Sudo Flaw Lets Linux Users Run Commands As Root Even When They’re Restricted
Attention Linux Users!A new vulnerability has been discovered in Sudo—one of the most important, powerful, and commonly used utilities that comes as a core command installed on almost every UNIX and Linux-based operating system.The vulnerability in question is a sudo security policy bypass issue that could allow a malicious user or a program to execute arbitrary commands as … [Read more...] about Sudo Flaw Lets Linux Users Run Commands As Root Even When They’re Restricted
7-Year-Old Critical RCE Flaw Found in Popular iTerm2 macOS Terminal App
A 7-year-old critical remote code execution vulnerability has been discovered in iTerm2 macOS terminal emulator app—one of the most popular open source replacements for Mac's built-in terminal app.Tracked as CVE-2019-9535, the vulnerability in iTerm2 was discovered as part of an independent security audit funded by the Mozilla Open Source Support Program (MOSS) and conducted by … [Read more...] about 7-Year-Old Critical RCE Flaw Found in Popular iTerm2 macOS Terminal App
New 0-Day Flaw Affecting Most Android Phones Being Exploited in the Wild
Another day, another revelation of a critical unpatched zero-day vulnerability, this time in the world's most widely used mobile operating system, Android.What's more? The Android zero-day vulnerability has also been found to be exploited in the wild by the Israeli surveillance vendor NSO Group—infamous for selling zero-day exploits to governments—or one of its customers, to … [Read more...] about New 0-Day Flaw Affecting Most Android Phones Being Exploited in the Wild
Over A Billion Malicious Ad Impressions Exploit WebKit Flaw to Target Apple Users
The infamous eGobbler hacking group that surfaced online earlier this year with massive malvertising campaigns has now been caught running a new campaign exploiting two browser vulnerabilities to show intrusive pop-up ads and forcefully redirect users to malicious websites.To be noted, hackers haven't found any way to run ads for free; instead, the modus operandi of eGobbler … [Read more...] about Over A Billion Malicious Ad Impressions Exploit WebKit Flaw to Target Apple Users
New SIM Card Flaw Lets Hackers Hijack Any Phone Just By Sending SMS
Cybersecurity researchers today revealed the existence of a new and previously undetected critical vulnerability in SIM cards that could allow remote attackers to compromise targeted mobile phones and spy on victims just by sending an SMS.Dubbed "SimJacker," the vulnerability resides in a particular piece of software, called the S@T Browser (a dynamic SIM toolkit), embedded on … [Read more...] about New SIM Card Flaw Lets Hackers Hijack Any Phone Just By Sending SMS
Exim TLS Flaw Opens Email Servers to Remote ‘Root’ Code Execution Attacks
A critical remote code execution vulnerability has been discovered in the popular open-source Exim email server software, leaving at least over half a million email servers vulnerable to remote hackers.Exim maintainers today released Exim version 4.92.2 after publishing an early warning two days ago, giving system administrators a heads-up on its upcoming security patches that … [Read more...] about Exim TLS Flaw Opens Email Servers to Remote ‘Root’ Code Execution Attacks