remote code execution | Breaking Cybersecurity News | The Hacker News

A security researcher has publicly disclosed two critical zero-day vulnerabilities in Vanilla Forums, an open source software that powers discussion on over 500,000 websites, which could allow unauthenticated, remote attackers to fully compromise targeted websites easily. Discovered by Polish security researcher Dawid Golunski of Legal Hackers, two separate unpatched vulnerabilities, a remote code execution ( CVE-2016-10033 ) and host header injection ( CVE-2016-10073 ), affect the latest version of Vanilla Forums 2.3, leaving hundreds of thousands of websites and their visitors vulnerable to various hacking attacks. Vanilla Forums: Remote Code Execution Flaw According to Golunski, both vulnerabilities technically exist because Vanilla Forum is still using a vulnerable version of PHPMailer , one of the most popular open source PHP libraries used to send emails. Last year Golunski reported a critical remote code execution flaw ( CVE-2016-10033 ) in PHPMailer library that al

Microsoft's own antivirus software made Windows 7, 8.1, RT and 10 computers, as well as Windows Server 2016 more vulnerable. Microsoft has just released an out-of-band security update to patch the crazy bad bug discovered by a pair of Google Project Zero researchers over the weekend. Security researchers Tavis Ormandy announced on Twitter during the weekend that he and another Project Zero researcher Natalie Silvanovich discovered "the worst Windows remote code [execution vulnerability] in recent memory." Natalie Silvanovich also published a  proof-of-concept (PoC) exploit code that fits in a single tweet. The reported RCE vulnerability , according to the duo, could work against default installations with "wormable" ability – capability to replicate itself on an infected computer and then spread to other PCs automatically. According to an advisory released by Microsoft, the remotely exploitable security flaw (CVE-2017-0290) exists in Microsoft

The introduction of Open AI's ChatGPT was a defining moment for the software industry, touching off a GenAI race with its November 2022 release. SaaS vendors are now rushing to upgrade tools with enhanced productivity capabilities that are driven by generative AI. Among a wide range of uses, GenAI tools make it easier for developers to build software, assist sales teams in mundane email writing, help marketers produce unique content at low cost, and enable teams and creatives to brainstorm new ideas.  Recent significant GenAI product launches include Microsoft 365 Copilot, GitHub Copilot, and Salesforce Einstein GPT. Notably, these GenAI tools from leading SaaS providers are paid enhancements, a clear sign that no SaaS provider will want to miss out on cashing in on the GenAI transformation. Google will soon launch its SGE "Search Generative Experience" platform for premium AI-generated summaries rather than a list of websites.  At this pace, it's just a matter of a short time befo

In Brief Google has released its monthly security patches for Android this week, addressing 17 critical vulnerabilities, 6 of which affect Android Mediaserver component that could be used to execute malicious code remotely. Besides patches for Mediaserver, Google also fixed 4 critical vulnerabilities related to Qualcomm components discovered in Android handsets, including Google's Nexus 6P, Pixel XL, and Nexus 9 devices. According to the Google security bulletin for Android  published Monday, this month's security update is one of the largest security fixes the company ever compiled in a single month. Google has split Android's monthly security bulletin into security "patch levels": Partial security patch level (2017-05-01) covers patches for vulnerabilities that are common to all Android devices. Complete security patch level (2017-05-05) includes additional fixes for hardware drivers as well as kernel components that are present only in some d

Updated: Since the below-reported vulnerability is highly critical and it would take a few weeks for sysadmins to protect their enterprise network, the research team has not yet disclosed the technical details of the vulnerability. Meanwhile, I have talked with Maksim Malyutin, a member of Embedi research team who discovered the vulnerability in March, and updated my article based on the information provided by him. A critical vulnerability has been discovered in the remote management features on computers shipped with Intel processors for past seven years (and not decade), which could allow attackers to take control of the computers remotely, affecting all Intel systems, including PC, laptops, and servers, with AMT feature enabled. As reported earlier, this critical flaw (CVE-2017-5689) is not a remote code execution, rather Malyutin confirmed to The Hacker News that it's a logical vulnerability that also gives remote attackers an opportunity to exploit this bug using add

It's 2017, and opening a simple MS Word file could compromise your system. Security researchers are warning of a new in-the-wild attack that silently installs malware on fully-patched computers by exploiting a serious — and yet unpatched — zero-day vulnerability in all current versions of Microsoft Office. The Microsoft Office zero-day attack, uncovered by researchers from security firms McAfee and FireEye, starts simply with an email that attaches a malicious Word file containing a booby-trapped OLE2link object. When opened, the exploit code gets executed and makes a connection to a remote server controlled by the attacker, from where it downloads a malicious HTML application file (HTA) that's disguised as a document created in Microsoft's RTF (Rich Text Format). The HTA file then gets executed automatically with attackers gaining full code execution on the victim's machine, downloading additional payloads from "different well-known malware families"

What could be more exciting for hackers than exploiting a vulnerability in a widely used software without having to struggle too much? One such easy-to-exploit, but critical vulnerability has been discovered in ESET's antivirus software that could allow any unauthenticated attackers to remotely execute arbitrary code with root privileges on a Mac system. The critical security flaw, tracked as CVE-2016-9892, in ESET Endpoint Antivirus 6 for macOS was discovered by Google Security Team's researchers Jason Geffner and Jan Bee at the beginning of November 2016. As detailed in the full disclosure , all a hacker needs to get root-level remote code execution on a Mac computer is to intercept the ESET antivirus package's connection to its backend servers using a self-signed HTTPS certificate, put himself in as a man-in-the-middle (MITM) attacker, and exploit an XML library flaw. The actual issue was related to a service named esets_daemon, which runs as root. The service

It's not necessary to break into your computer or smartphone to spy on you. Today all devices in our home are becoming more connected to networks than ever to make our lives easy. But what's worrisome is that these connected devices can be turned against us, anytime, due to lack of stringent security measures and insecure encryption mechanisms implemented in these Internet of Things (IoTs) devices. The most recent victim of this issue is the Samsung's range of SmartCam home security cameras. Yes, it's hell easy to hijack the popular Samsung SmartCam security cameras, as they contain a critical remote code execution (RCE) vulnerability that could let hackers gain root access and take full control of these devices. SmartCam is one of the Samsung's SmartThings range of devices, which allows its users to connect, manage, monitor and control "smart" devices in their home using their smartphones or tablets. Back in 2014, the hacking group Exploiteer

In Brief Microsoft has issued its first Patch Tuesday for 2017 , and it's one of the smallest ever monthly patch releases for the company, with only four security updates to address vulnerabilities in its Windows operating system as well as Adobe Flash Player. Meanwhile, Adobe has also released patches for more than three dozen security vulnerabilities in its Flash Player and Acrobat/Reader for Windows, MacOS, and Linux desktops. According to the Microsoft Advisory, only one security bulletin is rated critical, while other three are important. The bulletins address security vulnerabilities in Microsoft's Windows, Windows Server, Office, Edge and Flash Player. The only security bulletin rated as critical is the one dedicated to Adobe Flash Player, for which Microsoft distributed security patches through Windows Update. Other security bulletins that addresses flaws in Microsoft products are as follows: Bulletin 1 — MS17-001 This security update resolves just one v

A security researcher recently reported a critical vulnerability in one of the most popular open source PHP libraries used to send emails that allowed a remote attacker to execute arbitrary code in the context of the web server and compromise a web application. Disclosed by Polish security researcher Dawid Golunski of Legal Hackers, the issue ( CVE-2016-10033 ) in PHPMailer used by more than 9 Million users worldwide was thought to be fixed with the release of version 5.2.18. However, Golunski managed to bypass the patched version of PHPMailer that was given a new CVE ( CVE-2016-10045 ), which once again put millions of websites and popular open source web apps, including WordPress, Drupal, 1CRM, SugarCRM, Yii, and Joomla, at risk of remote code execution attack. PHPMailer eventually fixed the issue with an update, version 5.2.20 . All versions of PHPMailer before this critical release are affected, so web administrators and developers are strongly recommended to update to t

A critical vulnerability has been discovered in PHPMailer , which is one of the most popular open source PHP libraries to send emails used by more than 9 Million users worldwide. Millions of PHP websites and popular open source web applications, including WordPress, Drupal, 1CRM, SugarCRM, Yii, and Joomla comes with PHPMailer library for sending emails using a variety of methods, including SMTP to their users. Discovered by Polish security researcher Dawid Golunski of Legal Hackers , the critical vulnerability ( CVE-2016-10033 ) allows an attacker to remotely execute arbitrary code in the context of the web server and compromise the target web application. "To exploit the vulnerability an attacker could target common website components such as contact/feedback forms, registration forms, password email resets and others that send out emails with the help of a vulnerable version of the PHPMailer class," Golunski writes in the advisory published today. Golunski respo

No software is immune to being Hacked! Not even Linux. A security researcher has discovered a critical vulnerability in Ubuntu Linux operating system that would allow an attacker to remotely compromise a target computer using a malicious file. The vulnerability affects all default Ubuntu Linux installations versions 12.10 (Quantal) and later. Researcher Donncha O'Cearbhaill discovered the security bug which actually resides in the Apport crash reporting tool on Ubuntu. A successful exploit of this CrashDB code injection issue could allow an attacker to remotely execute arbitrary code on victim's machine. All an attacker needs is to trick the Ubuntu user into opening a maliciously booby-trapped crash file. This would inject malicious code in Ubuntu OS's crash file handler, which when parsed, executes arbitrary Python code. "The code first checks if the CrashDB field starts with { indicating the start of a Python dictionary," O'Cearbhaill explain

For the last Patch Tuesday for this year, Microsoft has released 12 security bulletins, half of which are rated 'critical' as they give attackers remote code execution capabilities on the affected computers. The security bulletins address vulnerabilities in Microsoft's Windows, Office, Internet Explorer and Edge. The first critical security bulletin, MS16-144 , patches a total of 8 security vulnerabilities in Internet Explorer, 3 of which had publicly been disclosed before Microsoft issued patches for them, though the company said they're not being exploited in the wild. The 3 publicly disclosed vulnerabilities include a Microsoft browser information disclosure vulnerability (CVE-2016-7282), a Microsoft browser security feature bypass bug (CVE-2016-7281) and a scripting engine memory corruption vulnerability (CVE-2016-7202) that allow remote code execution on the affected computer. The remaining 5 security flaws include a scripting engine memory corruption b

North Korea's own homegrown computer operating system, that's supposed to be fully hacker proof and more secure than foreign OS, like Microsoft's Windows, can easily be hacked remotely. A group of hackers managed to break into Red Star OS — North Korea's government sanctioned Linux-based OS — using just a link. Red Star OS is North Korea's own homegrown OS that looks remarkably just like Apple's OS X and gives North Korean authorities more control over the computers, providing not only security but also spying tools that help track files in a way that if the government wants, every bit of user's data can be traced easily. According to the information security company Hacker House , Red Star OS contains a critical vulnerability that makes it possible for hackers to gain remote access to any PC running North Korea's OS just by tricking victims into opening a hyperlink. The latest version of Red Star OS ships with a Firefox-based web browser cal

Here's some bad news for Android users again. Nearly 3 Million Android devices worldwide are vulnerable to man-in-the-middle (MITM) attacks that could allow attackers to remotely execute arbitrary code with root privileges, turning over full control of the devices to hackers. According to a new report from security rating firm BitSight, the issue is due to a vulnerability in the insecure implementation of the OTA (Over-the-Air) update mechanism used by certain low-cost Android devices, including BLU Studio G from US-based Best Buy. Backdoor/Rootkit Comes Pre-installed The vulnerable OTA mechanism, which is associated with Chinese mobile firm Ragentek Group, contains a hidden binary — resides as /system/bin/debugs — that runs with root privileges and communicates over unencrypted channels with three hosts. According to the researchers, this privileged binary not only exposes user-specific information to MITM attackers but also acts as a rootkit, potentially allowing

Hey Webmasters, are you using Memcached to boost the performance of your website? Beware! It might be vulnerable to remote hackers. Three critical Remote Code Execution vulnerabilities have been reported in Memcached by security researcher Aleksandar Nikolich at Cisco Talos Group that expose major websites, including Facebook, Twitter, YouTube, Reddit, to hackers. Memcached is a fabulous piece of open-source distributed caching system that allows objects to be stored in memory. It has been designed to speed up dynamic web applications by reducing stress on the database that helps administrators to increase performance and scale web applications. Memcached is widely used by thousands upon thousands of websites, including popular social networking sites such as Facebook, Flickr, Twitter, Reddit, YouTube, Github, and many more. Nikolich says that he discovered multiple integer overflow bugs in Memcached that could be exploited to remotely run arbitrary code on the targeted s

Researchers have disclosed a critical zero-day vulnerability in the JPEG 2000 image file format parser implemented in OpenJPEG library , which could allow an attacker to remotely execute arbitrary code on the affected systems. Discovered by security researchers at Cisco Talos group, the zero-day flaw, assigned as TALOS-2016-0193/ CVE-2016-8332 , could allow an out-of-bound heap write to occur that triggers the heap corruption and leads to arbitrary code execution. OpenJPEG is an open-source JPEG 2000 codec. Written in C language, the software was developed for coding and encoding JPEG2000 images, a format that is often used for tasks like embedding image files within PDF documents through popular software including PdFium, Poppler, and MuPDF. Hackers can exploit the security vulnerability by tricking the victim into opening a specially crafted, malicious JPEG2000 image or a PDF document containing that malicious file in an email. The hacker could even upload the malicious JP

Cyber attacks get bigger, smarter, more damaging. P*rnHub launched its bug bounty program two months ago to encourage hackers and bug bounty hunters to find and responsibly report flaws in its services and get rewarded. Now, it turns out that the world's most popular p*rn*graphy site has paid its first bounty payout. But how much? US $20,000! Yes,  P*rnHub  has paid $20,000 bug bounty to a team of three researchers, who gained Remote Code Execution (RCE) capability on its servers using a zero-day vulnerability in PHP – the programming language that powers  P*rnHub 's website. The team of three researchers, Dario Weißer (@haxonaut), cutz and Ruslan Habalov (@evonide), discovered two use-after-free vulnerabilities ( CVE-2016-5771/CVE-2016-5773 ) in PHP's garbage collection algorithm when it interacts with other PHP objects. One of those is PHP's unserialize function on the website that handles data uploaded by users, like hot pictures, on multiple paths,

Just yesterday, I wrote a warning article announcing that Drupal – the popular open source content management system – will release patches for several highly critical Remote Code Execution (RCE) bugs that could allow attackers to fully take over any affected site. Below are the three separate Drupal modules that affect up to 10,000 websites: 1. RESTful Web Services – a popular module used for creating REST APIs, which is currently installed on at least 5,804 websites. The vulnerability in RESTWS alters the default page callbacks for entities to provide additional functionality, allowing attackers to "send specially crafted requests resulting in arbitrary PHP execution." Since anonymous users can exploit this vulnerability and there isn't any mitigating factor, users are advised to patch their websites as soon as possible. Admins using RESTful Web Services versions 7.x-2.x prior to 7.x-2.6 and versions 7.x-1.x prior to 7.x-1.7 for their Drupal websites are

How to Hack Facebook? That's the most commonly asked question during this decade. It's a hacker dream to hack Facebook website for earning bug bounty or for any malicious purpose. Facebook security team recently found that someone, probably a blackhat hacker with malicious intent, has breached into its server and installed a backdoor that was configured to steal Facebook employees' login credentials. Since the backdoor discovered in the Facebook's corporate server, not on its main server, Facebook user accounts are not affected by this incident. Though the company would have never known about the backdoor if a whitehat hacker had never spotted the backdoor script while hunting for vulnerabilities. Also Read: Ever Wondered How Facebook Decides, How much Bounty Should be Paid? Security researcher Orange Tsai of Taiwanese security vendor DEVCORE accidentally came across a backdoor script on one of Facebook's corporate servers while finding bugs to earn cash reward fr

Security researchers have discovered a remotely exploitable vulnerability in Called ID app " Truecaller " that could expose personal details of Millions of its users. Truecaller is a popular service that claims to "search and identify any phone number," as well as helps users block incoming calls or SMSes from phone numbers categorized as spammers and telemarketers. The service has mobile apps for Android, iOS, Windows, Symbian devices and BlackBerry phones. The vulnerability, discovered by Cheetah Mobile Security Research Lab , affects Truecaller Android version of the app that has been downloaded more than 100 Million times. The actual problem resides in the way Truecaller identify users in its systems. While installation, Truecaller Android app asks users to enter their phone number, email address, and other personal details, which is verified by phone call or SMS message. After this, whenever users open the app, no login screen is ever