buffer overflow vulnerability | Breaking Cybersecurity News | The Hacker News

Security researchers have discovered a critical remotely exploitable vulnerability in an open-source software development library used by major manufacturers of the Internet-of-Thing devices that eventually left millions of devices vulnerable to hacking. The vulnerability (CVE-2017-9765), discovered by researchers at the IoT-focused security firm Senrio, resides in the software development library called gSOAP toolkit (Simple Object Access Protocol) — an advanced C/C++ auto-coding tool for developing XML Web services and XML application. Dubbed " Devil's Ivy ," the stack buffer overflow vulnerability allows a remote attacker to crash the SOAP WebServices daemon and could be exploited to execute arbitrary code on the vulnerable devices. The Devil's Ivy vulnerability was discovered by researchers while analysing an Internet-connected security camera manufactured by Axis Communications. "When exploited, it allows an attacker to remotely access a video

A critical vulnerability has been discovered in Microsoft-owned most popular free web messaging and voice calling service Skype that could allow hackers to remotely execute malicious code and crash systems. Skype is a free online service that allows users to communicate with peers by voice, video, and instant messaging over the Internet. The service was acquired by Microsoft Corporation in May 2011 for US$8.5 Billion due to its worldwide popularity. Security researcher Benjamin Kunz-Mejri from Germany-based security firm Vulnerability Lab discovered the previously unknown stack buffer overflow vulnerability, which is documented in CVE-2017-9948 , in Skype Web's messaging and call service during a team conference call. The vulnerability is considered a high-security risk with a 7.2 CVSS score and affects Skype versions 7.2, 7.35, and 7.36 on Windows XP, Windows 7 and Windows 8, Mejri said in a public security disclosure published on Monday. "The issue can be exploi

If forecasters are right, over the course of today, consumers will spend  $13.7 billion . Just about every click, sale, and engagement will be captured by a CRM platform. Inventory applications will trigger automated re-orders; communication tools will send automated email and text messages confirming sales and sharing shipping information.  SaaS applications supporting retail efforts will host nearly all of this behind-the-scenes activity. While retailers are rightfully focused on sales during this time of year, they need to ensure that the SaaS apps supporting their business operations are secure. No one wants a repeat of one of the biggest retail cyber-snafus in history, like when one U.S.-based national retailer had 40 million credit card records stolen.  The attack surface is vast and retailers must remain vigilant in protecting their entire SaaS app stack. For example, many often use multiple instances of the same application. They may use a different Salesforce tenant for eve

A simple but shockingly dangerous vulnerability has been uncovered in the NetUSB component, putting Millions of modern routers and other embedded devices across the globe at risk of being compromised by hackers. The security vulnerability, assigned CVE-2015-3036 , is a remotely exploitable kernel stack buffer overflow flaw resides in Taiwan-based KCodes NetUSB . NetUSB is a Linux kernel module that allows for users to flash drives, plug printers and other USB-connected devices into their routers so that they can be accessed over the local network. NetUSB component is integrated into modern routers sold by some major manufacturers including D-Link, Netgear, TP-Link, ZyXEL and TrendNet. The security flaw, reported by Stefan Viehbock of Austria-based SEC Consult Vulnerability Lab, can be triggered when a client sends the computer name to the server deployed on the networking device (TCP port 20005) in order to establish a connection. However, if a connecting comp

The GHOST vulnerability is a buffer overflow condition that can be easily exploited locally and remotely, which makes it extremely dangerous. This vulnerability is named after the GetHOSTbyname function involved in the exploit. Attackers utilize buffer overflow vulnerabilities like this one by sending specific packets of data to a vulnerable system. The attack allows the attacker to execute arbitrary code and take control of the victim's vulnerable machine. Unfortunately, the vulnerability exists in the GNU C Library (glibc) , a code library originally released in 2000, meaning it has been widely distributed. Many derivative programs utilize the glibc to carry out common tasks. Although an update released by Linux in 2013 mitigated this vulnerability, most systems and products have not installed the patch. What Can I Do About GHOST Vulnerability? Like with any vulnerability, the best way to mitigate GHOST vulnerability is to identify vulnerable systems, prioritize th