Search results for code execution?m=1 | Breaking Cybersecurity News | The Hacker News

Our favourite exploitation framework – The Metasploit Framework has been updated! We now have Metasploit version 3.5.1 ! "The Metasploit Framework is a penetration testing toolkit, exploit development platform , and research tool. The framework includes hundreds of working remote exploits for a variety of platforms. Payloads, encoders, and nop slide generators can be mixed and matched with exploit modules to solve almost any exploit-related task." This is the release log: Statistics : Metasploit now ships with 635 exploit modules and 313 auxiliary modules. 47 new modules have been added since the last point release. 45 tickets were closed and 573 commits were made since the last point release Metasploit is still about twice the size of the nearest Ruby application according to Ohloh.net (~500K lines of Ruby) New Modules : New Exploits and Auxiliaries Cisco Device HTTP Device Manager Access Cisco IOS HTTP Unauthorized Administrative Access Cisco I

With its latest announcement to increase bug bounty rewards for finding and reporting critical vulnerabilities in the Android operating system, Google yesterday set up a new challenging level for hackers that could let them win a bounty of up to $1.5 million. Starting today, Google will pay $1 million for a "full chain remote code execution exploit with persistence which compromises the Titan M secure element on Pixel devices," the tech giant said in a blog post published on Thursday. Moreover, if someone manages to achieve the same in the developer preview versions of Android, Google will pay an additional $500,000, making the total to $1.5 million—that's 7.5 times more than the previous top Android reward. Introduced within the Pixel 3 smartphones last year, Google's Titan M secure element is a dedicated security chip that sits alongside the main processor, primarily designed to protect devices against the boot-time attacks. In other words, Titan M chip

Super Low RPO with Continuous Data Protection: Dial Back to Just Seconds Before an Attack Zerto , a Hewlett Packard Enterprise company, can help you detect and recover from ransomware in near real-time. This solution leverages continuous data protection (CDP) to ensure all workloads have the lowest recovery point objective (RPO) possible. The most valuable thing about CDP is that it does not use snapshots, agents, or any other periodic data protection methodology. Zerto has no impact on production workloads and can achieve RPOs in the region of 5-15 seconds across thousands of virtual machines simultaneously. For example, the environment in the image below has nearly 1,000 VMs being protected with an average RPO of just six seconds! Application-Centric Protection: Group Your VMs to Gain Application-Level Control   You can protect your VMs with the Zerto application-centric approach using Virtual Protection Groups (VPGs). This logical grouping of VMs ensures that your whole applica

It's 2019, and just opening an innocent looking office document file on your system can still allow hackers to compromise your computer. No, I'm not talking about yet another vulnerability in Microsoft Office, but in two other most popular alternatives— LibreOffice and Apache OpenOffice —free, open source office software used by millions of Windows, MacOS and Linux users. Security researcher Alex Inführ has discovered a severe remote code execution (RCE) vulnerability in these two open source office suites that could be triggered just by opening a maliciously-crafted ODT (OpenDocument Text) file. The attack relies on exploiting a directory traversal flaw, identified as CVE-2018-16858, to automatically execute a specific python library bundled within the software using a hidden onmouseover event. To exploit this vulnerability, Inführ created  an ODT file with a white-colored hyperlink (so it can't be seen) that has an "onmouseover" event to trick victim

This year marks the 40th anniversary of Creeper, the world's first computer virus. From Creeper to Stuxnet, the last four decades saw the number of malware instances boom from 1,300 in 1990, to 50,000 in 2000, to over 200 million in 2010. Besides sheer quantity, viruses, which were originally used as academic proof of concepts, quickly turned into geek pranks, then evolved into cybercriminal tools. By 2005, the virus scene had been monetized, and virtually all viruses were developed with the sole purpose of making money via more or less complex business models. In the following story, FortiGuard Labs looks at the most significant computer viruses over the last 40 years and explains their historical significance. 1971: Creeper: catch me if you can While theories on self-replicating automatas were developed by genius mathematician Von Neumann in the early 50s, the first real computer virus was released "in lab" in 1971 by an employee of a company working on building ARPANET, the

Microsoft Windows built-in anti-malware tool, Windows Defender, has become the very first antivirus software to have the ability to run inside a sandbox environment. Sandboxing is a process that runs an application in a safe environment isolated from the rest of the operating system and applications on a computer. So that if a sandboxed application gets compromised, the technique prevents its damage from spreading outside the closed area. Since antivirus and anti-malware tools run with the highest level of privileges to scan all parts of a computer for malicious code, it has become a desired target for attackers. The need for sandboxing an antivirus tool has become necessary after multiple critical vulnerabilities were discovered in such powerful applications, including Windows Defender, in past years that could have allowed attackers to gain full control of a targeted system. That's why Microsoft announced to add a sandbox mode to its Windows Defender. So, even if an att

Discover stories about threat actors' latest tactics, techniques, and procedures from Cybersixgill's threat experts each month. Each story brings you details on emerging underground threats, the threat actors involved, and how you can take action to mitigate risks. Learn about the top vulnerabilities and review the latest ransomware and malware trends from the deep and dark web. Stolen ChatGPT credentials flood dark web markets Over the past year, 100,000 stolen credentials for ChatGPT were advertised on underground sites, being sold for as little as $5 on dark web marketplaces in addition to being offered for free. Stolen ChatGPT credentials include usernames, passwords, and other personal information associated with accounts. This is problematic because ChatGPT accounts may store sensitive information from queries, including confidential data and intellectual property. Specifically, companies increasingly incorporate ChatGPT into daily workflows, which means employees may disclose