hypervisors | Breaking Cybersecurity News | The Hacker News

Remember the Reverse RDP Attack ? Earlier this year, researchers disclosed clipboard hijacking and path-traversal issues in Microsoft's Windows built-in RDP client that could allow a malicious RDP server to compromise a client computer, reversely. (You can find details and a video demonstration for this security vulnerability, along with dozens of critical flaws in other third-party RDP clients, in a previous article written by Swati Khandelwal for The Hacker News.) At the time when researchers responsibly reported this path-traversal issue to Microsoft, in October 2018, the company acknowledged the issue, also known as " Poisoned RDP vulnerability ," but decided not to address it. Now, it turns out that Microsoft silently patched this vulnerability  (CVE-2019-0887) just last month as part of its July Patch Tuesday updates after Eyal Itkin, security researcher at CheckPoint, found the same issue affecting Microsoft's Hyper-V technology as well. Microsoft

An independent exploit developer and vulnerability researcher has publicly disclosed a zero-day vulnerability in VirtualBox —a popular open source virtualization software developed by Oracle—that could allow a malicious program to escape virtual machine (guest OS) and execute code on the operating system of the host machine. The vulnerability occurs due to memory corruption issues and affects Intel PRO / 1000 MT Desktop (82540EM) network card (E1000) when the network mode is set to NAT (Network Address Translation). The flaw is independent of the type of operating system being used by the virtual and host machines because it resides in a shared code base. VirtualBox Zero-Day Exploit and Demo Video Released Sergey Zelenyuk published Wednesday a detailed technical explanation of the zero-day flaw on GitHub, which affects all current versions (5.2.20 and prior) of VirtualBox software and is present on the default Virtual Machine (VM) configuration. According to Zelenyuk, t

The introduction of Open AI's ChatGPT was a defining moment for the software industry, touching off a GenAI race with its November 2022 release. SaaS vendors are now rushing to upgrade tools with enhanced productivity capabilities that are driven by generative AI. Among a wide range of uses, GenAI tools make it easier for developers to build software, assist sales teams in mundane email writing, help marketers produce unique content at low cost, and enable teams and creatives to brainstorm new ideas.  Recent significant GenAI product launches include Microsoft 365 Copilot, GitHub Copilot, and Salesforce Einstein GPT. Notably, these GenAI tools from leading SaaS providers are paid enhancements, a clear sign that no SaaS provider will want to miss out on cashing in on the GenAI transformation. Google will soon launch its SGE "Search Generative Experience" platform for premium AI-generated summaries rather than a list of websites.  At this pace, it's just a matter of a short time befo

2018 has been quite a tough year for Intel. While the chip-maker giant is still dealing with Meltdown and Spectre processor vulnerabilities, yet another major speculative execution flaw has been revealed in Intel's Core and Xeon lines of processors that may leave users vulnerable to cyber-attacks. Dubbed Foreshadow , alternatively called L1 Terminal Fault or L1TF, the new attacks include three new speculative execution side-channel vulnerabilities affecting Intel processors. The Foreshadow attacks could allow a hacker or malicious application to gain access to the sensitive data stored in a computer's memory or third-party clouds, including files, encryption keys, pictures, or passwords. The three Foreshadow vulnerabilities have been categorized into two variants: 1.) Foreshadow Foreshadow ( PDF ) targets a new technology originally been designed to protect select code and users' data from disclosure or modification, even if the entire system falls under a