Search results for root 2 | Breaking Cybersecurity News | The Hacker News

Seagate , a popular vendor of hardware solutions, has a critical zero-day vulnerability in its Network Attached Storage (NAS) device software that possibly left thousands of its users vulnerable to hackers. Seagate's Business Storage 2-Bay NAS product , found in home and business networks, is vulnerable to a zero-day Remote Code Execution vulnerability, currently affecting more than 2,500 publicly exposed devices on the Internet. Seagate is one of the world’s largest vendor of hardware solutions, with products available worldwide. After Western Digital, Seagate ranked second and holds 41% of the market worldwide in supplying storage hardware products. A security researcher, named OJ Reeves , discovered the zero-day remote code execution vulnerability on 7th October last year and, reported to the company totally in the white hat style. But even after 130 days of responsible disclosure, the zero-day bug remains unpatched till now. In order to exploit the vulnerability, an atta...

Cybersecurity researchers have uncovered a never-before-seen botnet comprising an army of small office/home office (SOHO) and IoT devices that are likely operated by a Chinese nation-state threat actor called Flax Typhoon (aka Ethereal Panda or RedJuliett). The sophisticated botnet, dubbed Raptor Train by Lumen's Black Lotus Labs, is believed to have been operational since at least May 2020, hitting a peak of 60,000 actively compromised devices in June 2023. "Since that time, there have been more than 200,000 SOHO routers, NVR/DVR devices, network attached storage (NAS) servers, and IP cameras; all conscripted into the Raptor Train botnet, making it one of the largest Chinese state-sponsored IoT botnets discovered to-date," the cybersecurity company said in a 81-page report shared with The Hacker News. The infrastructure powering the botnet is estimated to have ensnared hundreds of thousands of devices since its formation, with the network powered by a three-tiered...

Are you looking for methods on how to run two WhatsApp accounts in one phone, or how to use 2 WhatsApp in 1 phone? In this tutorial, we have shared various techniques that allow mobile users to run multiple or dual WhatsApp accounts in one single phone. WhatsApp is one of the most popular and commonly used Instant messaging apps these days, and due to its simplicity and easy-to-use interface, users are able to use it without any hassle. WhatsApp lets its users send and receive messages that are end-to-end encrypted so that only you and the person you're communicating with can read the content of the message, and nobody in between, not even WhatsApp. Each and everything on WhatsApp comes quite handy, but what is the most disturbing part that you come across? For me it is... How to install 2 WhatsApp accounts in 1 Android smartphone? If you have a dual SIM smartphone, you might be willing to enjoy two separate WhatsApp accounts for your two different phone number. Is...

Another terrible news for OnePlus users. Just over a month after OnePlus was caught collecting personally identifiable information on its users, the Chinese smartphone company has been found leaving a backdoor on almost all OnePlus handsets. A Twitter user, who goes by the name "Elliot Anderson" ( named after Mr. Robot's main character ), discovered a backdoor (an exploit) in all OnePlus devices running OxygenOS that could allow anyone to obtain root access to the devices. The application in question is " EngineerMode ," a diagnostic testing application made by Qualcomm for device manufacturers to easily test all hardware components of the device. This APK comes pre-installed ( accidentally left behind ) on most OnePlus devices, including OnePlus 2, 3, 3T, and the newly-launched OnePlus 5. We can confirm its existence on the OnePlus 2, 3 and 5. You can also check if this application is installed on your OnePlus device or not. For this, simply go t...

OpenSSH 3.5p1 Remote Root Exploit for FreeBSD OpenSSH 3.5p1 Remote Root Exploit for FreeBSD has been shared by kcope on twitter . The Released note is as given below : OpenSSH 3.5p1 Remote Root Exploit for FreeBSD Discovered and Exploited By Kingcope Year 2011 -- The last two days I have been investigating a vulnerability in OpenSSH affecting at least FreeBSD 4.9 and 4.11. These FreeBSD versions run OpenSSH 3.5p1 in the default install. The sshd banner for 4.11-RELEASE is "SSH-1.99-OpenSSH_3.5p1 FreeBSD-20060930". A working Remote Exploit which spawns a root shell remotely and previous to authentication was developed. The bug can be triggered both through ssh version 1 and ssh version 2 using a modified ssh client. During the investigation of the vulnerability it was found that the bug resides in the source code file "auth2-pam-freebsd.c". http://www.freebsd.org/cgi/cvsweb.cgi/src/crypto/openssh/Attic/auth2-pam-freebsd.c This file does not exist in Fre...

The Underground Cyber Hacking Challenge ! ~~~ Menu of the day ~~~  0x00 - 0p3nH4x #1 2011 - Ezine #1  0x01 - The structure of 0p3nH4x #1 2011  0x02 - About the targets  0x03 - Goals  0x04 - Points system  0x05 - Reporting and Documentation  0x06 - Prizes, biatchez  0x07 - Rules  0x08 - Registrations and information  0x09 - About the idea and final words [ 0x00 - 0p3nH4x #1 2011 - Ezine #1 ] 0p3nH4x is the first of its kind "underground cyber hacking challenge". A challenge by hackers for hackers to test real skills in the field.  We are challenging all hackers no matter if you are black or white "hatted". It's time to prove that your preferred community is not so skid. Through 0p3nH4x we are trying to wake up the scene(or what's left of it) and get it to a new improved "skin" but with the same original concept in the background. Through these ezines we will be "reporting" main events and progress around 0p3nH4...

While Windows users are currently in fear of getting their systems hijacked by the WannaCry ransomware outbreak, Apple users are sitting relaxed, thinking that malware attacks are something that happens to Windows users, and not Apple. But you are mistaken – Apple products are also not immune to the hack attacks and malware infections, as an ebook can hack your Mac, iPhone, and iPad. Apple on Monday pushed out software updates for iOS, macOS, Safari, tvOS, iCloud, iTunes, and watchOS to fix a total of 67 unique security vulnerabilities, many of which allows attackers to perform remote code execution on an affected system. iOS is 10.3.2 for iPhone, iPad, and iPod Apple's mobile operating system iOS 10.3.2 for the iPhone, iPad and iPod touch addresses 41 security flaws, 23 of which resides in WebKit, including 17 remote code execution and 5 cross-site scripting (XSS) vulnerabilities. Besides this, iOS 10.3.2 also addresses a pair of flaws in iBooks for iOS (CVE-2017-24...

Waiting for the root access for your AT&T or Verizon Android phone? Then there is really a Great News for you! Geohot (aka George Hotz) - a famed cracker who was responsible for hacking the PlayStation 3 and subsequently being sued by Sony - has built and released a root tool called Towelroot on Sunday night that will let most Android smartphones users to root their Android device with one click only, as long as it has an unpatched version of the Linux kernel. EXPLOITS LINUX KERNEL VULNERABILITY  Towelroot application exploits the same vulnerability (CVE-2014-3153) which was recently disclosed by the hacker Pinkie Pie in the Linux kernel version 3.14.5 and most versions of other Android devices, which could be leveraged by hackers to potentially acquire root access on affected devices. Having root access of your device simply means you make System-level changes to your device such as accessing and modifying any file or program using any mode (single- or mu...

Over a month ago we reported about two critical zero-day vulnerabilities in the world's 2nd most popular database management software MySQL: MySQL Remote Root Code Execution (CVE-2016-6662) Privilege Escalation (CVE-2016-6663) At that time, Polish security researcher Dawid Golunski of Legal Hackers who discovered these vulnerabilities published technical details and proof-of-concept exploit code for the first bug only and promised to release details of the second bug (CVE-2016-6663) later. On Tuesday, Golunski has released proof-of-concept (POC) exploits for two vulnerabilities: One is the previously promised critical privilege escalation vulnerability ( CVE-2016-6663 ), and another is a new root privilege escalation bug ( CVE-2016-6664 ) that could allow an attacker to take full control over the database. Both the vulnerabilities affect MySQL version 5.5.51 and earlier, MySQL version 5.6.32 and earlier, and MySQL version 5.7.14 and earlier, as well as MySQL forks...

A high-severity vulnerability has been reported in Linux that could be exploited by a low privilege attacker to gain full root access on an affected system. The vulnerability, identified as CVE-2017-1000367, was discovered by researchers at Qualys Security in Sudo's "get_process_ttyname()" function for Linux that could allow a user with Sudo privileges to run commands as root or elevate privileges to root. Sudo, stands for "superuser do!," is a program for Linux and UNIX operating systems that lets standard users run specific commands as a superuser (aka root user), such as adding users or performing system updates. The flaw actually resides in the way Sudo parsed "tty" information from the process status file in the proc filesystem. On Linux machines, sudo parses the /proc/[pid]/stat file in order to determine the device number of the process's tty from field 7 (tty_nr), Qualys Security explains in its advisory . Although the fields in t...

More than a Billion of Android devices are at risk of a severe vulnerability in Qualcomm Snapdragon chip that could be exploited by any malicious application to gain root access on the device. Security experts at Trend Micro are warning Android users of some severe programming blunders in Qualcomm's kernel-level Snapdragon code that if exploited, can be used by attackers for gaining root access and taking full control of your device. Gaining root access on a device is a matter of concern, as it grants attackers access to admin level capabilities, allowing them to turn your device against you to snap your pictures, and snoop on your personal data including accounts’ passwords, emails, messages and photos. The company’s own website notes that Qualcomm Snapdragon SoCs (systems on a chip) power more than a Billion smart devices, including many Internet of Things (IoTs) as of today. Thus, the issue puts many people at risk of being attacked. Although Google has pus...

Update : Latest Hack by TiGER-M@TE :  700,000 sites on Inmotion Hosting Server hacked in one shot On the morning of Saturday, Jan 8, 2011 the biggest news of cyber world was -  Google Bangladesh website (Google.com.bd) Hacked by TiGER-M@TE  . TiGER-M@TE is a Bangladeshi Hacker, He was already connected to "The Hacker News" from last 2-3 months for providing his Hacks News ! Finally we take a small interview of this great Hacker, who make Google Down !! Unix Root          -  Tell us Some Introduction about you. TiGER-M@TE -  Me TiGER-M@TE , nationality Bangladeshi. I've Been hacking since 2007 and I work alone.I like to exploit servers rather than exploiting web application and I use only 0days and private exploits. Unix Root          -  Do you Hack Google on Jan 8, 2011 and Why ? TiGER-M@TE -  I've hacked not only Google but also local domain of Yahoo, Avast, Microsoft, Bing,...

Cisco has released updates to address two maximum-severity security flaws in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) that could permit an unauthenticated attacker to execute arbitrary commands as the root user. The vulnerabilities, assigned the CVE identifiers CVE-2025-20281 and CVE-2025-20282, carry a CVSS score of 10.0 each. A description of the defects is below - CVE-2025-20281 - An unauthenticated remote code execution vulnerability affecting Cisco ISE and ISE-PIC releases 3.3 and later that could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root CVE-2025-20282 - An unauthenticated remote code execution vulnerability affecting Cisco ISE and ISE-PIC release 3.4 that could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device and execute those files on the underlying operating system as root Cisco said CVE-2025-20281 is the result of insuffici...

The Real Story about rootkit.com , HBGary E-mail ! HBGary E-mail Viewer greg@hbgary.com Go back Original file: 27606 click here to show this e-mail with HTML markup From: jussi jaakonaho <jussij@gmail.com> To: Greg Hoglund <greg@hbgary.com> Date: Sun, 6 Feb 2011 22:15:54 +0200 Subject: Re: need to ssh into rootkit click here to show full headers Attachments: This e-mail does not have any attachments. did you open something running on high port? On Feb 6, 2011, at 9:43 PM, Greg Hoglund wrote: > ok let me know if you need me >  > On 2/6/11, jussi jaakonaho <jussij@gmail.com> wrote: >> tnx. >> i am also connected to the box, seems some people have download problems - >> have figured earlier that some chinese used chinese chars on names of files, >> which then our filtering stripped off when putting db etc. so some db >> editing >>  >>  >> _jussi ...