media player | Breaking Cybersecurity News | The Hacker News

If you use VLC media player on your computer and haven't updated it recently, don't you even dare to play any untrusted, randomly downloaded video file on it. Doing so could allow hackers to remotely take full control over your computer system. That's because VLC media player software versions prior to 3.0.7 contain two high-risk security vulnerabilities , besides many other medium- and low-severity security flaws, that could potentially lead to arbitrary code execution attacks. With more than 3 billion downloads, VLC is a hugely popular open-source media player software that is currently being used by hundreds of millions of users worldwide on all major platforms, including Windows, macOS, Linux, as well as Android and iOS mobile platforms. Discovered by Symeon Paraschoudis from Pen Test Partners and identified as CVE-2019-12874 , the first high-severity vulnerability is a double-free issue which resides in "zlib_decompress_extra" function of VideoLAN

Security researchers have discovered a serious code execution vulnerability in the LIVE555 streaming media library—which is being used by popular media players, along with a number of embedded devices capable of streaming media. LIVE555 streaming media, developed and maintained by Live Networks , is a set of C++ libraries companies and application developers use to stream multimedia over open standard protocols like RTP/RTCP, RTSP or SIP. The LIVE555 streaming media libraries support streaming, receiving, and processing of various video formats such as MPEG, H.265, H.264, H.263+, VP8, DV, and JPEG video, and several audio codecs such as MPEG, AAC, AMR, AC-3, and Vorbis. UPDATE: LIVE555 streaming media library supports both server and client, and is internally being used by many well-known media software such as VLC and MPlayer, security researchers at Talos mentioned in the advisory. Though researchers didn't specify if the vulnerable component (a server-side library)

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

Do you watch movies with subtitles? Just last night, I wanted to watch a French movie, so I searched for English subtitles and downloaded it to my computer. Though that film was excellent, this morning a new research from Checkpoint scared me. I was unaware that a little subtitle file could hand over full control of my computer to hackers, while I was enjoying the movie. Yes, you heard that right. A team of researchers at Check Point has discovered vulnerabilities in four of the most popular media player applications, which can be exploited by hackers to hijack " any type of device via vulnerabilities; whether it is a PC, a smart TV, or a mobile device " with malicious codes inserted into the subtitle files. " We have now discovered malicious subtitles could be created and delivered to millions of devices automatically, bypassing security software and giving the attacker full control of the infected device and the data it holds, " he added. These