Vulnerability related cybersecurity articles - The Hacker News
The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: Vulnerability

Install Latest Chrome Update to Patch 0-Day Bug Under Active Attacks

Install Latest Chrome Update to Patch 0-Day Bug Under Active Attacks
February 25, 2020Ravie Lakshmanan
Google yesterday released a new critical software update for its Chrome web browser for desktops that will be rolled out to Windows, Mac, and Linux users over the next few days. The latest Chrome 80.0.3987.122 includes security fixes for three new vulnerabilities , all of which have been marked 'HIGH' in severity, including one that (CVE-2020-6418) has been reportedly exploited in the wild. The brief description of the Chrome bugs, which impose a significant risk to your systems if left unpatched, are as follows: Integer overflow in ICU — Reported by André Bargull on 2020-01-22 Out of bounds memory access in streams (CVE-2020-6407) — Reported by Sergei Glazunov of Google Project Zero on 2020-01-27 Type confusion in V8 (CVE-2020-6418) — Reported by Clement Lecigne of Google's Threat Analysis Group on 2020-02-18 The Integer Overflow vulnerability was disclosed by André Bargull privately to Google last month, earning him $5,000 in rewards, while the other two

New OpenSMTPD RCE Flaw Affects Linux and OpenBSD Email Servers

New OpenSMTPD RCE Flaw Affects Linux and OpenBSD Email Servers
February 25, 2020Mohit Kumar
OpenSMTPD has been found vulnerable to yet another critical vulnerability that could allow remote attackers to take complete control over email servers running BSD or Linux operating systems. OpenSMTPD , also known as OpenBSD SMTP Server, is an open-source implementation of the Simple Mail Transfer Protocol (SMTP) to deliver messages on a local machine or to relay them to other SMTP servers. It was initially developed as part of the OpenBSD project but now comes pre-installed on many UNIX-based systems. Discovered by experts at Qualys Research Labs, who also reported a similar RCE flaw in the email server application last month, the latest out-of-bounds read issue, tracked as  CVE-2020-8794 , resides in a component of the OpenSMTPD's client-side code that was introduced nearly 5 years ago. Just like the previous issue, which attackers started exploiting in the wild just a day after its public disclosure, the new OpenSMTPD flaw could also let remote hackers execute arbit

Critical Bug in WordPress Theme Plugin Opens 200,000 Sites to Hackers

Critical Bug in WordPress Theme Plugin Opens 200,000 Sites to Hackers
February 17, 2020Swati Khandelwal
A popular WordPress theme plugin with over 200,000 active installations contains a severe but easy-to-exploit software vulnerability that, if left unpatched, could let unauthenticated remote attackers compromise a wide range of websites and blogs. The vulnerable plugin in question is ' ThemeGrill Demo Importer ' that comes with free as well as premium themes sold by the software development company ThemeGrill. ThemeGrill Demo Importer plugin has been designed to allow WordPress site admins to import demo content, widgets, and settings from ThemeGrill, making it easier for them to quickly customize the theme. According to a report WebARX security company shared with The Hacker News, when a ThemeGrill theme is installed and activated, the affected plugin executes some functions with administrative privileges without checking whether the user running the code is authenticated and is an admin. The flaw could eventually allow unauthenticated remote attackers to wipe the e

A Dozen Vulnerabilities Affect Millions of Bluetooth LE Powered Devices

A Dozen Vulnerabilities Affect Millions of Bluetooth LE Powered Devices
February 17, 2020Wang Wei
A team of cybersecurity researchers late last week disclosed the existence of 12 potentially severe security vulnerabilities, collectively named ' SweynTooth ,' affecting millions of Bluetooth-enabled wireless smart devices worldwide—and worryingly, a few of which haven't yet been patched. All SweynTooth flaws basically reside in the way software development kits (SDKs) used by multiple system-on-a-chip (SoC) have implemented Bluetooth Low Energy (BLE) wireless communication technology—powering at least 480 distinct products from several vendors including Samsung, FitBit and Xiaomi. According to the researchers, hackers in close physical proximity to vulnerable devices can abuse this vulnerability to remotely trigger deadlocks, crashes, and even bypass security in BLE products, allowing them to arbitrary read or write access to device's functions that are otherwise only allowed to be accessed by an authorized user. "As of today, SweynTooth vulnerabilities a

The Rise of the Open Bug Bounty Project

The Rise of the Open Bug Bounty Project
February 06, 2020The Hacker News
Can you imagine launching a global bug bounty platform with almost 500,000 submissions and 13,000 researchers without consuming a cent from venture capitalists? If not, this success story is for you. The once skyrocketing bug bounty industry seems to be not in the best shape today. While prominent security researchers are talking about a growing multitude of hurdles they experience with the leading commercial bug bounty platforms, the latter are trying to reinvent themselves as "next-generation penetration testing" or similar services. You be the judge of how successful they will be. Generous venture funds have poured many millions into rapidly spending bug bounty startups that have not replaced Managed Penetration Testing (MPT) services (as some declared). However, these startups have positively improved the price/quality ratio of pen testing services on the global market. Amid the uncertainty for the future of commercial bug bounty platforms, the not-for-profit Op

5 High Impact Flaws Affect Cisco Routers, Switches, IP Phones and Cameras

5 High Impact Flaws Affect Cisco Routers, Switches, IP Phones and Cameras
February 05, 2020Swati Khandelwal
Several Cisco-manufactured network equipments have been found vulnerable to five new security vulnerabilities that could allow hackers to take complete control over them, and subsequently, over the enterprise networks they power. Four of the five high-severity bugs are remote code execution issues affecting Cisco routers, switches, and IP cameras, whereas the fifth vulnerability is a denial-of-service issue affecting Cisco IP phones. Collectively dubbed ' CDPwn ,' the reported vulnerabilities reside in the various implementations of the Cisco Discovery Protocol (CDP) that comes enabled by default on virtually all Cisco devices and can not be turned OFF. Cisco Discovery Protocol (CDP) is an administrative protocol that works at Layer 2 of the Internet Protocol (IP) stack. The protocol has been designed to let devices discover information about other locally attached Cisco equipment in the same network. According to a report Armis research team shared with The Hacker N

Google Accidentally Shared Private Videos of Some Users With Others

Google Accidentally Shared Private Videos of Some Users With Others
February 04, 2020Wang Wei
Google might have mistakenly shared your private videos saved on the company's servers with other users, the tech giant admitted yesterday in a security notification sent quietly to an undisclosed number of affected users. The latest privacy mishap is the result of a "technical issue" in Google's Takeout , a service that backs up all your Google account data into a single file and then lets you download it straight away. According to a screenshot Jon Oberheide of Duo Security shared on Twitter, the issue reportedly remained active between 21st November and 25th November last year, during which "some videos in Google Photos [service] were incorrectly exported to unrelated user's archives." Vice versa, if you had also requested for your account backup during the same 5-day period, you might have even received unrelated videos from other Google accounts. So, the data leak incident potentially affects only those who used Google Takeout service

Sudo Bug Lets Non-Privileged Linux and macOS Users Run Commands as Root

Sudo Bug Lets Non-Privileged Linux and macOS Users Run Commands as Root
February 03, 2020Mohit Kumar
Joe Vennix of Apple security has found another significant vulnerability in sudo utility that under a specific configuration could allow low privileged users or malicious programs to execute arbitrary commands with administrative ('root') privileges on Linux or macOS systems. Sudo is one of the most important, powerful, and commonly used utilities that comes as a core command pre-installed on macOS and almost every UNIX or Linux-based operating system. Sudo has been designed to let users run apps or commands with the privileges of a different user without switching environments. Sudo Vulnerability (CVE-2019-18634) The newly discovered privilege escalation vulnerability, tracked as CVE-2019-18634 , in question stems from a stack-based buffer overflow issue that resides in Sudo versions before 1.8.26. According to Vennix, the flaw can only be exploited when the " pwfeedback " option is enabled in the sudoers configuration file, a feature that provides visua

Microsoft Azure Flaws Could Have Let Hackers Take Over Cloud Servers

Microsoft Azure Flaws Could Have Let Hackers Take Over Cloud Servers
January 30, 2020Mohit Kumar
Cybersecurity researchers at Check Point today disclosed details of two recently patched potentially dangerous vulnerabilities in Microsoft Azure services that, if exploited, could have allowed hackers to target several businesses that run their web and mobile apps on Azure. Azure App Service is a fully-managed integrated service that enables users to create web and mobile apps for any platform or device, and easily integrate them with SaaS solutions, on-premises apps to automate business processes. According to a report researchers shared with The Hacker News, the first security vulnerability ( CVE-2019-1234 ) is a request spoofing issue that affected Azure Stack, a hybrid cloud computing software solution by Microsoft. If exploited, the issue would have enabled a remote hacker to unauthorizedly access screenshots and sensitive information of any virtual machine running on Azure infrastructure—it doesn't matter if they're running on a shared, dedicated or isolated vir

Critical OpenSMTPD Bug Opens Linux and OpenBSD Mail Servers to Hackers

Critical OpenSMTPD Bug Opens Linux and OpenBSD Mail Servers to Hackers
January 30, 2020Wang Wei
Cybersecurity researchers have discovered a new critical vulnerability ( CVE-2020-7247 ) in the OpenSMTPD email server that could allow remote attackers to take complete control over BSD and many Linux based servers. OpenSMTPD is an open-source implementation of the server-side SMTP protocol that was initially developed as part of the OpenBSD project but now comes pre-installed on many UNIX-based systems. According to Qualys Research Labs, who discovered this vulnerability, the issue resides in the OpenSMTPD's sender address validation function, called smtp_mailaddr(), which can be exploited to execute arbitrary shell commands with elevated root privileges on a vulnerable server just by sending specially crafted SMTP messages to it. The flaw affects OpenBSD version 6.6 and works against the default configuration for both, the locally enabled interface as well as remotely if the daemon has been enabled to listen on all interfaces and accepts external mail. "Exploit

Citrix Releases Patches for Critical ADC Vulnerability Under Active Attack

Citrix Releases Patches for Critical ADC Vulnerability Under Active Attack
January 20, 2020Mohit Kumar
Citrix has finally started rolling out security patches for a critical vulnerability in ADC and Gateway software that attackers started exploiting in the wild earlier this month after the company announced the existence of the issue without releasing any permanent fix. I wish I could say, "better late than never," but since hackers don't waste time or miss any opportunity to exploit vulnerable systems, even a short window of time resulted in the compromise of hundreds of Internet exposed Citrix ADC and Gateway systems. As explained earlier on The Hacker News, the vulnerability, tracked as CVE-2019-19781 , is a path traversal issue that could allow unauthenticated remote attackers to execute arbitrary code on several versions of Citrix ADC and Gateway products, as well as on the two older versions of Citrix SD-WAN WANOP. Rated critical with CVSS v3.1 base score 9.8, the issue was discovered by Mikhail Klyuchnikov, a security researcher at Positive Technologies, w

Microsoft Warns of Unpatched IE Browser Zero-Day That's Under Active Attacks

Microsoft Warns of Unpatched IE Browser Zero-Day That's Under Active Attacks
January 18, 2020Mohit Kumar
Internet Explorer is dead, but not the mess it left behind. Microsoft earlier today issued an emergency security advisory warning millions of Windows users of a new zero-day vulnerability in Internet Explorer (IE) browser that attackers are actively exploiting in the wild — and there is no patch yet available for it. The vulnerability, tracked as CVE-2020-0674 and rated moderated, is a remote code execution issue that exists in the way the scripting engine handles objects in memory of Internet Explorer and triggers through JScript.dll library. A remote attacker can execute arbitrary code on targeted computers and take full control over them just by convincing victims into opening a maliciously crafted web page on the vulnerable Microsoft browser. "The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as

Adobe Releases First 2020 Patch Tuesday Software Updates

Adobe Releases First 2020 Patch Tuesday Software Updates
January 14, 2020Mohit Kumar
Adobe today released software updates to patch a total of 9 new security vulnerabilities in two of its widely used applications, Adobe Experience Manager and Adobe Illustrator. It's the first Patch Tuesday for the year 2020 and one of the lightest patch releases in a long time for Adobe users. Moreover, none of the security vulnerabilities patched this month were either publicly disclosed or found being actively exploited in the wild. 5 of the 9 security vulnerabilities are 'critical' in severity, and all of them affect Adobe Illustrator CC versions 24.0 and earlier, which were reported to the company by Fortinet's FortiGuard Labs researcher Honggang Ren. According to an advisory published by Adobe, all five critical issues in Adobe Illustrator software are memory corruption bugs that could allow an attacker to execute arbitrary code on targeted systems in the context of the current user. The rest 4 security vulnerabilities affect Adobe Experience Manager —

This Bug Could Have Let Anyone Crash WhatsApp Of All Group Members

This Bug Could Have Let Anyone Crash WhatsApp Of All Group Members
December 17, 2019Swati Khandelwal
WhatsApp, the world's most popular end-to-end encrypted messaging application, patched an incredibly frustrating software bug that could have allowed a malicious group member to crash the messaging app for all members of the same group, The Hacker News learned. Just by sending a maliciously crafted message to a targeted group, an attacker can trigger a fully-destructive WhatsApp crash-loop, forcing all group members to completely uninstall the app, reinstall it, and remove the group to regain normal function. Since the group members can't selectively delete the malicious message without opening the group window and re-triggering the crash-loop, they have to lose the entire group chat history, indefinitely, to get rid of it. Discovered by researchers at Israeli cybersecurity firm Check Point , the latest bug resided in the WhatsApp's implementation of XMPP communication protocol that crashes the app when a member with invalid phone number drops a message in the grou

Flaw in Elementor and Beaver Addons Let Anyone Hack WordPress Sites

Flaw in Elementor and Beaver Addons Let Anyone Hack WordPress Sites
December 13, 2019Swati Khandelwal
Attention WordPress users! Your website could easily get hacked if you are using " Ultimate Addons for Beaver Builder ," or " Ultimate Addons for Elementor " and haven't recently updated them to the latest available versions. Security researchers have discovered a critical yet easy-to-exploit authentication bypass vulnerability in both widely-used premium WordPress plugins that could allow remote attackers to gain administrative access to sites without requiring any password. What's more worrisome is that opportunistic attackers have already started exploiting this vulnerability in the wild within 2 days of its discovery in order to compromise vulnerable WordPress websites and install a malicious backdoor for later access. Both vulnerable plugins, made by software development company Brainstorm Force, are currently powering over hundreds of thousands of WordPress websites using Elementor and Beaver Builder frameworks, helping website admins and de

New PlunderVolt Attack Targets Intel SGX Enclaves by Tweaking CPU Voltage

New PlunderVolt Attack Targets Intel SGX Enclaves by Tweaking CPU Voltage
December 11, 2019Swati Khandelwal
A team of cybersecurity researchers demonstrated a novel yet another technique to hijack Intel SGX, a hardware-isolated trusted space on modern Intel CPUs that encrypts extremely sensitive data to shield it from attackers even when a system gets compromised. Dubbed Plundervolt and tracked as CVE-2019-11157, the attack relies on the fact that modern processors allow frequency and voltage to be adjusted when needed, which, according to researchers, can be modified in a controlled way to induce errors in the memory by flipping bits. Bit flip is a phenomenon widely known for the Rowhammer attack wherein attackers hijack vulnerable memory cells by changing their value from 1 to a 0, or vice versa—all by tweaking the electrical charge of neighboring memory cells. However, since the Software Guard Extensions (SGX) enclave memory is encrypted, the Plundervolt attack leverages the same idea of flipping bits by injecting faults in the CPU before they are written to the memory. Plundervo

Severe Auth Bypass and Priv-Esc Vulnerabilities Disclosed in OpenBSD

Severe Auth Bypass and Priv-Esc Vulnerabilities Disclosed in OpenBSD
December 05, 2019Mohit Kumar
OpenBSD, an open-source operating system built with security in mind, has been found vulnerable to four new high-severity security vulnerabilities, one of which is an old-school type authentication bypass vulnerability in BSD Auth framework. The other three vulnerabilities are privilege escalation issues that could allow local users or malicious software to gain privileges of an auth group, root, as well as of other users, respectively. The vulnerabilities were discovered and reported by Qualys Research Labs earlier this week, in response to which OpenBSD developers released security patches for OpenBSD 6.5 and OpenBSD 6.6 just yesterday—that's in less than 40 hours. Here's a brief explanation of all four security vulnerabilities in OpenBSD—a free and open-source BSD-based Unix-like operating system—along with their assigned CVE identifiers OpenBSD Authentication Bypass (CVE-2019-19521) The authentication bypass vulnerability resides in the way OpenBSD's auth

Critical Flaw in GoAhead Web Server Could Affect Wide Range of IoT Devices

Critical Flaw in GoAhead Web Server Could Affect Wide Range of IoT Devices
December 04, 2019Mohit Kumar
Cybersecurity researchers today uncovered details of two new vulnerabilities in the GoAhead web server software, a tiny application widely embedded in hundreds of millions of Internet-connected smart devices. One of the two vulnerabilities, assigned as CVE-2019-5096, is a critical code execution flaw that can be exploited by attackers to execute malicious code on vulnerable devices and take control over them. The first vulnerability resides in the way multi-part/form-data requests are processed within the base GoAhead web server application, affecting GoAhead Web Server versions v5.0.1, v.4.1.1, and v3.6.5. According to the researchers at Cisco Talos, while processing a specially crafted HTTP request, an attacker exploiting the vulnerability can cause use-after-free condition on the server and corrupt heap structures, leading to code execution attacks. The second vulnerability, assigned as CVE-2019-5097, also resides in the same component of the GoAhead Web Server and can be

Unpatched Strandhogg Android Vulnerability Actively Exploited in the Wild

Unpatched Strandhogg Android Vulnerability Actively Exploited in the Wild
December 02, 2019Swati Khandelwal
Cybersecurity researchers have discovered a new unpatched vulnerability in the Android operating system that dozens of malicious mobile apps are already exploiting in the wild to steal users' banking and other login credentials and spy on their activities. Dubbed Strandhogg , the vulnerability resides in the multitasking feature of Android that can be exploited by a malicious app installed on a device to masquerade as any other app on it, including any privileged system app. In other words, when a user taps the icon of a legitimate app, the malware exploiting the Strandhogg vulnerability can intercept and hijack this task to display a fake interface to the user instead of launching the legitimate application. By tricking users into thinking they are using a legitimate app, the vulnerability makes it possible for malicious apps to conveniently steal users' credentials using fake login screens, as shown in the video demonstration. "The vulnerability allows an attacke

Dozens of Severe Flaws Found in 4 Popular Open Source VNC Software

Dozens of Severe Flaws Found in 4 Popular Open Source VNC Software
November 23, 2019Swati Khandelwal
Four popular open-source VNC remote desktop applications have been found vulnerable to a total of 37 security vulnerabilities, many of which went unnoticed for the last 20 years and most severe could allow remote attackers to compromise a targeted system. VNC (virtual network computing) is an open source graphical desktop sharing protocol based on RFB (Remote FrameBuffer) that allows users to remotely control another computer, similar to Microsoft's RDP service. The implementation of the VNC system includes a "server component," which runs on the computer sharing its desktop, and a "client component," which runs on the computer that will access the shared desktop. In other words, VNC allows you to use your mouse and keyboard to work on a remote computer as if you are sitting in front of it. There are numerous VNC applications, both free and commercial, compatible with widely used operating systems like Linux, macOS, Windows, and Android. Considering
Exclusive Offers

Cybersecurity Newsletter — Stay Informed

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.