A Google security researcher has discovered a critical remote command injection vulnerability in the DHCP client implementation of Red Hat Linux and its derivatives like Fedora operating system. The vulnerability, tracked as CVE-2018-1111, could allow attackers to execute arbitrary commands with root privileges on targeted systems. Whenever your system joins a network, it’s the DHCP client application which allows your system to automatically receive network configuration...
Read More
Here’s the story of how a casual conversation uncovered a huge security hole in one of the most reliable messaging services. Story time It was Thursday afternoon: we were chatting as usual and suddenly Alfredo shows us an XSS in an Argentinian government site (don’t worry, it’s been reported). He was using the Signal add-on for Chrome. Javier and I were using the desktop version,...
Read More
An important warning for people using widely used email encryption tools—PGP and S/MIME—for sensitive communication. A team of European security researchers has released a warning about a set of critical vulnerabilities discovered in PGP and S/Mime encryption tools that could reveal your encrypted emails in plaintext. What’s worse? The vulnerabilities also impact encrypted emails you sent in the past. PGP, or Pretty Good Privacy, is...
Read More
Description: Multiple vulnerabilities have been discovered in Mozilla Firefox and Firefox Extended Support Release (ESR), the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet. Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations. Impact: Successful exploitation of the most severe of these vulnerabilities could...
Read More
Description: Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for code execution. There are reports of a remote code execution vulnerability (CVE-2018-8174) being actively exploited in the wild as part of a cyber-espionage campaign. Impact: Successful exploitation of the most severe of these vulnerabilities could result in an attacker gaining the same privileges as the logged on user....
Read More
Description: A vulnerability has been discovered in Adobe Flash Player, which could allow for arbitrary code execution. Adobe Flash Player is a widely distributed multimedia and application player used to enhance the user experience when visiting web pages or reading email messages. Impact: Successful exploitation of this vulnerability could allow for arbitrary code execution in the context of the user running the application. Depending on...
Read More
Description: Multiple Dell EMC Products are prone to multiple remote command-injection vulnerabilities. Dell EMC Unity Operating Environment (OE) versions prior to 4.3.0.1522077968 are affected by multiple OS command injection vulnerabilities. Impact: A remote application admin user could potentially exploit the vulnerabilities to execute arbitrary OS commands as system root on the system where Dell EMC Unity is installed. Mitigation: Updates are available. Please see the...
Read More
Description: Apple Swift is prone to an arbitrary code-execution vulnerability. Impact: A remote attacker may exploit this issue to execute arbitrary code in the context of the affected application. Failed attempts will likely cause a denial-of-service condition. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://support.apple.com/en-us/HT208804 https://lists.apple.com/archives/security-announce/2018/May/msg00000.html https://www.securityfocus.com/bid/104085/info https://swift.org/
Description: A hardware vulnerability in GPU memory modules allows attackers to accelerate micro-architectural attacks through the use of the JavaScript WebGL API. Impact: Upon visiting a malicious or compromised website with a vulnerable device, an attacker may be able to bypass security features provided by the web browser. Mitigation: Apply an update. Google Chrome and Mozilla Firefox have released updates which disable high precision timers...
Read More
Grant West, a cunning hacker who goes by the online handle of “Courvoisier” on the Dark Web has been arrested by British police. The 26-year-old hacker is known for hacking over 200 companies around the world including Apple, Asda, Uber, and Just Eat, Groupon, and Nectar etc. West not only breached the security of these companies but also stole their user data before selling them on the...
Read More
