Browsing CategoryCVE/vulnerability

Cisco high-security flaws

Cisco fixes high-security flaws with IP Cameras, Webex Teams, and Identity Services Engine let attackers execute remotely on an affected device. Along with this Cisco also fixes eleven medium-severity vulnerabilities in various Cisco devices. Cisco Webex Windows DLL Hijacking Vulnerability The vulnerability resides with specific DLLs in the Cisco Webex Teams client for Windows allow […]

The post Cisco Fixes High-severity Flaws in Webex, IP Cameras and ISE appeared first on GBHackers On Security.

Flaws in Popular Antivirus Softwares Let Attackers to Escalate Privileges

Security researchers from CyberARK discovered security bugs with anti-malware software that allows attackers to escalate privileges on an infected machine. Bugs with anti-malware pose high risks than other applications, as it has high privileges that let attackers run malware at elevated privileges. Cause for the Flaw According to researchers, the main cause of the bug […]

The post Flaws in Popular Antivirus Softwares Let Attackers to Escalate Privileges appeared first on GBHackers On Security.

Code Scanning Tool

GitHub launches a new code scanning tool that helps developers to detect vulnerability before the application reaches production. The tool was announced initially in May at the GitHub Satellite conference, since that time it is available for GitHub beta testers. GitHub Code Scanning Tool Now the GitHub code scanning tool is available for all users […]

The post GitHub Launches Code Scanning Tool to Find Security Vulnerabilities – Available for All Users appeared first on GBHackers On Security.

Zerologon

Microsoft Patchs the new critical vulnerability in Zerologon, A feature of Netlogon allows the domain controller to authenticate computers and update passwords in the Active Directory. “The elevation of privilege vulnerability for Zerologon, or CVE-2020-147, exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol […]

The post Beware of the New Critical Zerologon Vulnerability in The Windows Server appeared first on GBHackers On Security.

Instagram Hacked

A critical security vulnerability with the Instagram app lets attackers take over the victim’s Instagram account and can change their phone as a spying tool. All the attackers need is a malicious image, once the image file opened in the Instagram app it would give the hacker full access to the Instagram account. Instagram is […]

The post Instagram Hacked – Critical Vulnerability Let Attackers Take Complete Control over Account appeared first on GBHackers On Security.

BLURtooth

Security researchers from at the École Polytechnique Fédérale de Lausanne (EPFL) and Purdue University discovered vulnerabilities related to Cross-Transport Key Derivation (CTKD) with Bluetooth BR/EDR and LE in Bluetooth Specifications 4.0 through 5.0. Bluetooth BR/EDR and LE that using Cross-Transport Key Derivation (CTKD) are vulnerable to key overwrite which allows attackers to gain additional access […]

The post BLURtooth – A new Vulnerability Let Attackers to Overwrite the Authentication Keys appeared first on GBHackers On Security.

Google Maps XSS Bug

Google fixed the vulnerability with Google Maps that was reported through Google Vulnerability Reward Program (VRP) and in return, the researchers are paid with financial rewards. The XSS vulnerability with Google Maps discovered by Zohar Shachar, Head of Application Security at Wix, and reported to Google through their bug bounty program. XSS with Google Maps […]

The post Google Maps XSS Bug – Bounty Doubled After the Original Fix had Failed appeared first on GBHackers On Security.

Critical Code Execution Flaws With Adobe InDesign, Framemaker, and Experience Manager – Update Now!

Adobe has released updates that fix critical vulnerabilities in the Adobe InDesign, Framemaker, and Experience Manager. Attackers can exploit the vulnerability to execute code in the context of the current user. Adobe InDesign | APSB20-52 The update addresses multiple critical security vulnerabilities with Adobe InDesign that allows an attacker to execute arbitrary code in the […]

The post Critical Code Execution Flaws With Adobe InDesign, Framemaker, and Experience Manager – Update Now! appeared first on GBHackers On Security.

CWE Top 25 – Mitre Released Top 25 Most Dangerous Software Bugs

Recently, Mitre released the top 25 most dangerous software bugs 2020; this list is a definitive list of the most popular and impactful issues that are encountered in CWE Top 25 (2019). The security experts asserted that these software bugs are dangerous, as they are usually easy to find and exploit. Moreover, it enables attackers […]

The post CWE Top 25 – Mitre Released Top 25 Most Dangerous Software Bugs appeared first on GBHackers On Security.

New Jenkins Vulnerability Let Hackers Steal Sensitive Information By Obtain HTTP Response Headers

Recently, the security experts have detected a new vulnerability in Jenkins Server that was termed as CVE-2019-17638. This vulnerability could occur in memory exploitation, and it causes private data exposure.  Jenkins is a free and open source automation server that written in JAVA to helps developers around the world to reliably build, test, and deploy […]

The post New Jenkins Vulnerability Let Hackers Steal Sensitive Information By Obtain HTTP Response Headers appeared first on GBHackers On Security.