Browsing CategoryCVE/vulnerability

cPanel 2FA Bypass

Digital Defense, Inc., a leader in vulnerability and threat management solutions, announced that its Vulnerability Research Team (VRT) exposed a previously undisclosed vulnerability affecting the cPanel & WebHost Manager (WHM) web hosting platform. cPanel & WHM is a suite of tools built for Linux OS that enables hosting providers and users the ability to automate server management and […]

The post cPanel 2FA Bypass Exposes Tens of Millions of Websites to Hack appeared first on GBHackers On Security.

Spotify Vulnerability

Spotify is a Swedish-based audio streaming and media services provider, with over 299 million active monthly users in 2020. Noam Rotem and Ran Locar, vpnMentor’s research team have discovered a potential credential stuffing operation whose origins are unknown, but that affected some online users who even have Spotify accounts. Credential stuffing is a hacking technique that takes advantage of […]

The post Spotify Hack – Over 300k Accounts Hacked in Credential Stuffing Attack appeared first on GBHackers On Security.

Facebook Messenger Bug

Tamagotchi hacker, Natalie Silvanovich, who works as a Security Engineer on Prjoect Zero at Google recently received a bounty of $60,000 for identifying a bug in Facebook Messenger which allows a call to connected much before the callee has answered the call. The bug seems to exist on the Android Facebook messenger app only. Facebook […]

The post Facebook Messenger Bug Let Android Users Spy On Each Other appeared first on GBHackers On Security.

Multiple Critical Flaws in Cisco Security Manager Let Attackers to Execute Remote Code

Cisco, this week, published an advisory, CVE-2020-27130, stating that a vulnerability was identified and resolved in Cisco Security Manager that could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is severe and has been scored 9.1 on the Common Vulnerability Scoring System (CVSS). Affected products and versions This vulnerability affects […]

The post Multiple Critical Flaws in Cisco Security Manager Let Attackers to Execute Remote Code appeared first on GBHackers On Security.

Chrome 87 Released with Improved Performance and Security Updates

Google has released Chrome 87 on November 17th, 2020, to the Stable desktop channel, and it includes numerous performance improvements, security fixes, and new features. With Chrome 87, 33 bug that affected previous version of the Chrome. Users are recommended to update with the latest stable version. With Chrome 87 now promoted to the Stable channel, Chrome […]

The post Chrome 87 Released with Improved Performance and Security Updates appeared first on GBHackers On Security.

Critical Vulnerabilities Discovered in World’s Largest Android TVs Manufacturer

Television is a mass medium for entertainment, advertising, news, and sports. In advent with the technology, inbuilt integration offered with apps like Netflix, YouTube, etc. TCL is the world’s 3rd largest TV manufacturer, beating tons of noteworthy rivals. Recently, a security report by the Researcher has found several serious vulnerabilities in TCL Android TVs. Initial Research […]

The post Critical Vulnerabilities Discovered in World’s Largest Android TVs Manufacturer appeared first on GBHackers On Security.

WebLogic Servers Flaw

Attackers are found to be exploiting Oracle WebLogic Servers via CVE-2020–14882 to install Cobalt Strike which will allow persistent remote access to the compromised devices. Testing the vulnerability The latter half of last week saw a flurry of scans against Oracle’s WebLogic Server to check the vulnerability of CVE-2020-14882. It is important to note that […]

The post Hackers Attacking WebLogic Servers via CVE-2020–14882 Flaw to install Cobalt Strike Malware appeared first on GBHackers On Security.

Oracle Emergency Patch

IT giant Oracle, on 1st November 2020, issued a Security Alert Advisory, CVE-2020-14750, regarding a remote code execution vulnerability on Oracle WebLogic Server. Oracle WebLogic Server is a Java EE application server. The latest version being WebLogic Server 14c(14.1.1) released on March 30, 2020. Security Alert Advisory The Security Alert offers recommendations to the vulnerability […]

The post Oracle Issues Emergency Patch for Remote Code Execution Vulnerability in Oracle WebLogic Server appeared first on GBHackers On Security.

Cisco IOS XR Software

Cisco warns of high severity flaw Cisco Discovery Protocol implementation for Cisco IOS XR Software that allows attackers to execute arbitrary code on the affected device. Cisco IOS XR is a modern network OS to simplify your network with a flexible, modular design that uses less memory, boots up faster, and can be loaded into […]

The post Cisco Warns of Attackers Targeting High Severity Router vulnerability appeared first on GBHackers On Security.

Microsoft October 2020 Patch Tuesday Fixes 87 Security Bugs Including 21 RCE

Microsoft has released an emergency security updates for critical vulnerabilities that allow attackers to execute arbitrary code on the vulnerable machine. The updates patched 87 vulnerabilities that include 12 are classified as Critical, and 74 are classified as Important, and one as moderate. The October security release includes security updates for the following software: Microsoft […]

The post Microsoft October 2020 Patch Tuesday Fixes 87 Security Bugs Including 21 RCE appeared first on GBHackers On Security.