remote code execution | Breaking Cybersecurity News | The Hacker News

Google has fixed a series of serious vulnerabilities in its Chrome OS , including three high-risk bugs that could be used for code execution on vulnerable machines. Bug bounties is the cash prizes offered by open source communities to anyone who finds key software bugs have been steadily on the rise for several years now. As part of its reward program, Google paid out $31,336 to a researcher who found three of the vulnerabilities . Google's post notes : " We're pleased to reward Ralf-Philipp Weinmann $31,336 under the Chromium Vulnerability Rewards Program for a chain of three bugs, including demo exploit code and very detailed write-up. We are grateful to Ralf for his work to help keep our users safe. " The three-bug chain credited to Weinmann exploited O3D, a JavaScript API (application programming interface) designed for crafting interactive 3-D graphics-based Web applications. The API and supporting browser plug-in were created by Google, with a preliminary ve

Microsoft has released an advance notification of 9 security bulletins that it plans to release on April 9, 2013. Microsoft said it will patch nine vulnerabilities in total and two of them rated critical and that of the remaining 7 as Important. The critical vulnerabilities are remote code execution issues. First vulnerability affects Microsoft Windows and Internet Explorer while the second vulnerability affects Microsoft Windows.  The vulnerability will fix a flaw that allows a drive-by attack, which hackers can exploit to attack machines running the software using malware loaded websites. Earlier this year, Microsoft released an emergency update for Internet Explorer after all the commotion about the security holes in Java. The update aimed to patch a security vulnerability in Internet Explorer that is being used for attacks on government contractors and other organisations. The remaining 7 vulnerabilities pertain to issues affecting Microsoft Office, Microsoft Server Software a

In today's digital world, where connectivity is rules all, endpoints serve as the gateway to a business's digital kingdom. And because of this, endpoints are one of hackers' favorite targets.  According to the IDC,  70% of successful breaches start at the endpoint . Unprotected endpoints provide vulnerable entry points to launch devastating cyberattacks. With IT teams needing to protect more endpoints—and more kinds of endpoints—than ever before, that perimeter has become more challenging to defend. You need to improve your endpoint security, but where do you start? That's where this guide comes in.  We've curated the top 10 must-know endpoint security tips that every IT and security professional should have in their arsenal. From identifying entry points to implementing EDR solutions, we'll dive into the insights you need to defend your endpoints with confidence.  1. Know Thy Endpoints: Identifying and Understanding Your Entry Points Understanding your network's

Last Friday, we reported that the website of the U.S. Council of Foreign Relations was allegedly compromised by Chinese hackers who exploited the zero-day bug that was only discovered that same day. The CFR website was compromised with JavaScript that served malicious code to older IE browsers and the code then created a heap-spray attack using Adobe Flash Player. Yesterday former hacker Bryce Case Jr (YTCracker) tweeted about a new zero day exploit threatening all users of IE8, " internet explorer 6-8 0day making the rounds force them toolbar installs and keyloggers on exgf while you still can... ". On Saturday, Microsoft published a security advisory warning users of Internet Explorer 6, 7, and 8 that they could be vulnerable to remote code execution hacks. The vulnerability is a remote code execution vulnerability that exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vuln

With the release of the Microsoft security bulletins for December 2012, Company flag total 7 updates for Windows users, where one is rated as critical that could lead to remote code execution, where as other two are rated as important which fix flaws that could result in the operating system's security features being bypassed. All of the IE fixes involve use-after-free memory vulnerabilities. Where as kernel level exploits bundled into mass-exploitation kits is like Blackhole. In addition to IE, Microsoft is fixing a critical flaw in Microsoft Word that could enable attackers to execute remote code. The vulnerability could be exploited by way of a malformed Rich Text Format (RTF) document. Also Fonts can also be used as a potential attack vector, as this Patch Tuesday reveals. A pair of critical font parsing vulnerabilities are being patched this month, one for OpenType and the other for TrueType fonts. Details of all Updates : MS12-077 – All versions of

Cisco Prime DCNM is a management tools for your Storage and Ethernet Networks, provides a robust framework and comprehensive feature set that meets the routing, switching, and storage administration needs of present and future virtualized data centers. According to an  advisory released, Cisco Prime Data Center Network Manager (DCNM) contains a remote command execution vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary commands on the computer that is running the Cisco Prime DCNM application. The vulnerability exists because JBoss Application Server Remote Method Invocation (RMI) services, specifically the jboss.system:service=MainDeployer functionality, are exposed to unauthorized users. All Cisco Prime Data Center Network Manager releases prior to release 6.1(1), for both the Microsoft Windows and Linux platforms, are affected by this vulnerability. Successful exploitation of the vulnerability may allow an unauthenticated, rem