Vulnerable

Popular Android Apps Like Xiaomi, WPS Office Vulnerable to File Overwrite Flaw

May 2, 2024 by iHash Leave a Comment

May 02, 2024NewsroomVulnerability / Android Several popular Android applications available in Google Play Store are susceptible to a path traversal-affiliated vulnerability that could be exploited by a malicious app to overwrite arbitrary files in the vulnerable app's home directory. "The implications of this vulnerability pattern include arbitrary code execution and token … [Read more...] about Popular Android Apps Like Xiaomi, WPS Office Vulnerable to File Overwrite Flaw

AI-as-a-Service Providers Vulnerable to PrivEsc and Cross-Tenant Attacks

Apr 5, 2024 by iHash Leave a Comment

Apr 05, 2024NewsroomArtificial Intelligence / Supply Chain Attack New research has found that artificial intelligence (AI)-as-a-service providers such as Hugging Face are susceptible to two critical risks that could allow threat actors to escalate privileges, gain cross-tenant access to other customers' models, and even take over the continuous integration and continuous … [Read more...] about AI-as-a-Service Providers Vulnerable to PrivEsc and Cross-Tenant Attacks

Alert: Over 178,000 SonicWall Firewalls Potentially Vulnerable to Exploits

Jan 16, 2024 by iHash Leave a Comment

Jan 16, 2024NewsroomVulnerability / Network Security Over 178,000 SonicWall firewalls exposed over the internet are exploitable to at least one of the two security flaws that could be potentially exploited to cause a denial-of-service (DoS) condition and remote code execution (RCE). "The two issues are fundamentally the same but exploitable at different HTTP URI paths due to … [Read more...] about Alert: Over 178,000 SonicWall Firewalls Potentially Vulnerable to Exploits

How One Vulnerable Device Can Spell Disaster

Dec 20, 2023 by iHash Leave a Comment

Dec 20, 2023NewsroomNetwork Security / Data Breach Ransomware groups are increasingly switching to remote encryption in their attacks, marking a new escalation in tactics adopted by financially motivated actors to ensure the success of their campaigns. "Companies can have thousands of computers connected to their network, and with remote ransomware, all it takes is one … [Read more...] about How One Vulnerable Device Can Spell Disaster

Atlassian’s Jira Software Found Vulnerable to Critical Authentication Vulnerability

Feb 3, 2023 by iHash Leave a Comment

Feb 03, 2023Ravie LakshmananCloud Security / Vulnerability Atlassian has released fixes to resolve a critical security flaw in Jira Service Management Server and Data Center that could be abused by an attacker to pass off as another user and gain unauthorized access to susceptible instances. The vulnerability is tracked as CVE-2023-22501 (CVSS score: 9.4) and has been … [Read more...] about Atlassian’s Jira Software Found Vulnerable to Critical Authentication Vulnerability

How Exploit Intel Makes You Less Vulnerable

Feb 4, 2022 by iHash Leave a Comment

New research shows effective and efficient vulnerability management hinges on a key ingredient: exploit intel. The data arrives just in time. An expanding threat landscape In 2021, a record-breaking 20,130 Common Vulnerabilities and Exposures (CVEs) were published in the National Vulnerability Database. CVEs are exploding just as attackers are growing more sophisticated, … [Read more...] about How Exploit Intel Makes You Less Vulnerable

India’s Koo, a Twitter-like Service, Found Vulnerable to Critical Worm Attacks

Aug 6, 2021 by iHash Leave a Comment

Koo, India's homegrown Twitter clone, recently patched a serious security vulnerability that could have been exploited to execute arbitrary JavaScript code against hundreds of thousands of its users, spreading the attack across the platform. The vulnerability involves a stored cross-site scripting flaw (also known as persistent XSS) in Koo's web application that allows … [Read more...] about India’s Koo, a Twitter-like Service, Found Vulnerable to Critical Worm Attacks

Nearly All Wi-Fi Devices Are Vulnerable to New FragAttacks

May 12, 2021 by iHash Leave a Comment

Three design and multiple implementation flaws have been disclosed in IEEE 802.11 technical standard that undergirds Wi-Fi, potentially enabling an adversary to take control over a system and plunder confidential data. Called FragAttacks (short for FRgmentation and AGgregation attacks), the weaknesses impact all Wi-Fi security protocols, from Wired Equivalent Privacy (WEP) all … [Read more...] about Nearly All Wi-Fi Devices Are Vulnerable to New FragAttacks

Agora SDK Bug Left Several Video Calling Apps Vulnerable to Snooping

Feb 17, 2021 by iHash Leave a Comment

A severe security vulnerability in a popular video calling software development kit (SDK) could have allowed an attacker to spy on ongoing private video and audio calls. That's according to new research published by the McAfee Advanced Threat Research (ATR) team today, which found the aforementioned flaw in Agora.io's SDK used by several social apps such as eHarmony, Plenty of … [Read more...] about Agora SDK Bug Left Several Video Calling Apps Vulnerable to Snooping

Popular Mobile Browsers Found Vulnerable To Address Bar Spoofing Attacks

Oct 21, 2020 by iHash Leave a Comment

Graphic for illustrationCybersecurity researchers on Tuesday disclosed details about an address bar spoofing vulnerability affecting multiple mobile browsers, such as Apple Safari and Opera Touch, leaving the door open for spear-phishing attacks and delivering malware. Other impacted browsers include UCWeb, Yandex Browser, Bolt Browser, and RITS Browser. The flaws were … [Read more...] about Popular Mobile Browsers Found Vulnerable To Address Bar Spoofing Attacks

JBL Flip 6 Portable Bluetooth Speaker (Open Box) for $74

Navee V25 300W Foldable e-Scooter for $299

Smart Tracker Includes Key Ring – Works with Apple Find My App (2-Pack) for $34

Harmony Premium Plan Lifetime Subscription for $99

Lenovo 11.6" 100e Chromebook 2nd Gen (2019) MediaTek MT8173C 4GB RAM 16GB eMMC (Refurbished) for $54