#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

WebRTC | Breaking Cybersecurity News | The Hacker News

Category — WebRTC
Urgent: New Chrome Zero-Day Vulnerability Exploited in the Wild - Update ASAP

Urgent: New Chrome Zero-Day Vulnerability Exploited in the Wild - Update ASAP

Dec 21, 2023 Vulnerability / Zero-Day
Google has rolled out security updates for the Chrome web browser to address a high-severity zero-day flaw that it said has been exploited in the wild. The vulnerability, assigned the CVE identifier  CVE-2023-7024 , has been described as a  heap-based buffer overflow bug  in the WebRTC framework that could be exploited to result in program crashes or arbitrary code execution. Clément Lecigne and Vlad Stolyarov of Google's Threat Analysis Group (TAG) have been credited with discovering and reporting the flaw on December 19, 2023. No other details about the security defect have been released to prevent further abuse, with Google  acknowledging  that "an exploit for CVE-2023-7024 exists in the wild." Given that WebRTC is an open-source project and that it's also supported by Mozilla Firefox and Apple Safari, it's currently not clear if the flaw has any impact beyond Chrome and Chromium-based browsers. The development marks the resolution of the eighth activel...
Google Details Patched Bugs in Signal, FB Messenger, JioChat Apps

Google Details Patched Bugs in Signal, FB Messenger, JioChat Apps

Jan 20, 2021
In January 2019, a  critical flaw  was reported in Apple's FaceTime group chats feature that made it possible for users to initiate a FaceTime video call and eavesdrop on targets by adding their own number as a third person in a group chat even before the person on the other end accepted the incoming call. The vulnerability was deemed so severe that the iPhone maker removed the FaceTime group chats feature altogether before the issue was resolved in a subsequent iOS update. Since then, a number of similar shortcomings have been discovered in multiple video chat apps such as Signal, JioChat, Mocha, Google Duo, and Facebook Messenger — all thanks to the work of Google Project Zero researcher Natalie Silvanovich. "While [the Group FaceTime] bug was soon fixed, the fact that such a serious and easy to reach vulnerability had occurred due to a logic bug in a calling state machine — an attack scenario I had never seen considered on any platform — made me wonder whether other sta...
Facebook Messenger Bug Lets Hackers Listen to You Before You Pick Up the Call

Facebook Messenger Bug Lets Hackers Listen to You Before You Pick Up the Call

Nov 20, 2020
Facebook has patched a bug in its widely installed Messenger app for Android that could have allowed a remote attacker to call unsuspecting targets and listen to them before even they picked up the audio call. The flaw was discovered and reported to Facebook by  Natalie Silvanovich  of Google's Project Zero bug-hunting team last month on October 6 with a 90-day deadline, and impacts version 284.0.0.16.119 (and before) of Facebook Messenger for Android. In a nutshell, the vulnerability could have granted an attacker who is logged into the app to simultaneously initiate a call and send a specially crafted message to a target who is signed in to both the app as well as another Messenger client such as the web browser. "It would then trigger a scenario where, while the device is ringing, the caller would begin receiving audio either until the person being called answers or the call times out," Facebook's Security Engineering Manager Dan Gurfinkel  said . According t...
cyber security

Creating, Managing and Securing Non-Human Identities

websitePermisoCybersecurity / Identity Security
A new class of identities has emerged alongside traditional human users: non-human identities (NHIs). Permiso Security's new eBook details everything you need to know about managing and securing non-human identities, and strategies to unify identity security without compromising agility.
Expert Insights / Articles Videos
Cybersecurity Resources