Items tagged with exploit
If you're not a Linux sysadmin, you might not be familiar with Control Web Panel, but if you are a Linux sysadmin, you almost certainly are at least aware of the app. Control Web Panel, or CWP, is a free Linux control panel for various web services. It used to be called CentOS Web Panel, but these days it's supported...
Read more...
Server admins and security-heads take note: there's a new Windows zero-day that's like leaving the key in the lock. It just requires access to any standard user account, and provides administrative privileges with the execution of a single application. There's pretty much no defense against it as it stands, so keep...
Read more...
On the eve of its big iPhone 13 unveil, Apple was forced to issue a new software update for its iPhone, iPad, and Mac product lines. As a result, iOS 14.8 and iPadOS 14.8 are now available for the iPhone and iPad, respectively, while Apple issued macOS 11.6 for Macs.
One of the driving factors behind the release of...
Read more...
Earlier in July, the PrintNightmare vulnerability was discovered, wherein a threat actor could exploit the vulnerability to gain system-level access to a device. This was only speculation at first, but that has now changed, as cybersecurity researcher Benjamin Delpy has shown.
Since the discovery of PrintNightmare...
Read more...
Hackers and threat actors are constantly searching for new ways to breach systems for cybersecurity research or exploitation, respectively. Thankfully, French researcher Gilles Lionel got to an NTLM Relay Attack, dubbed PetitPotam, first. Now, Microsoft has released a mitigation technique that IT admins should...
Read more...
Yesterday, we reported that CD Projekt Red sent out a warning that was effectively against "downloading mods", but it appears that we did not have the full story from the developers of Cyberpunk 2077. According to users on the CD Projekt Red forums, the Cyberpunk 2077 devs are partially to blame for what seems to be...
Read more...
In May of this year, Apple patched a silent but deadly exploit that went after iPhones using specially crafted wireless payloads. This exploit is a simple memory corruption attack that allows any malicious person to do whatever they want to an iPhone: be it collecting data such as images and messages, or shutting down...
Read more...
Attackers with physical access to a device can generally do the most damage to a machine. This remains true with CVE-2020-8705, where an attacker with physical access can gain control of the system firmware while the device resumes from a sleep state. This means there could be privilege escalations, data loss, and...
Read more...
TCL Android TVs have been crowding retail stores since their initial launch earlier this year. The Chinese-manufactured TVs have been a “budget-option” that works well enough for most and is a steal compared to the competition. When you get a TCL 65” TV for $229, though, is cybersecurity at the top of your mind? If...
Read more...
Get ready to patch your Windows systems as a new bug has been discovered that can lead to the dreaded Blue Screen of Death. This bug, labeled the “Bad Neighbor” exploit (CVE-2020-16898), enables an attacker who crafts an IPv6 packet to completely crash a system.
The team at Sophos Labs explains that in “tcpip.sys, a...
Read more...
Earlier in the week, we reported on a dangerous exploit with Windows domain controllers called Zerologon. Now, the Cybersecurity and Infrastructure Security Agency (CISA), under the Department of Homeland Security direction, is issuing warnings about the exploit and is pushing government agencies to patch the...
Read more...
If any of you out there are running the Firefox browser app for Android, please update immediately. Versions below Firefox version 79 on mobile are vulnerable to exploitation of Android intent URIs. This attack uses SSDP payloads to trigger actions without user interaction.
According to exploit researcher Chris...
Read more...
Secura digital security advisors and researchers, have discovered a highly critical vulnerability with Active Directory domain controllers. Rated as a 10 of 10 on the Common Vulnerability Scoring System (CVSS), this exploit, dubbed Zerologon, allows nefarious people to take over the domain controller and execute...
Read more...
A new security vulnerability has now been detailed that exposes portions of your device’s Wi-Fi traffic to nefarious individuals. The Kr00k vulnerability was disclosed today by ESET researchers presenting at the RSA Security Conference.
The problem lies with Wi-Fi chips that were manufactured by Broadcom and...
Read more...
It seems as though we can't escape a single week without hearing about a new widespread security exploit that puts us all at risk. This week, the newly detailed attack taking center stage is called Simjacker, and it was revealed by the folks at AdaptiveMobile Security.
As its name implies, Simjacker works primarily...
Read more...
In the web browser world, Google Chrome is tops and is offered on multiple platforms including Windows 10, macOS, Linus, iOS and Android. however, web developer named Jim Fisher has found an exploit that nefarious developers can use to trick Chrome on Android users into thinking they are on a legitimate...
Read more...
Most of the security vulnerabilities we write about at HotHardware fortunately won't affect the vast majority of readers. Either these exploits require user interaction to kick-start, or you have to be of particular interest as a target for someone to go through the effort of executing more complex attacks against you...
Read more...
It appears that T-Mobile has only recently squashed a rather serious bug that affected one of the company's subdomains used by staff. In this case, promotool.t-mobile.com was not password protected, allowing anyone that stumbled across it to access stored data.
According to ZDNet, which first reported on the website...
Read more...
New Spectre flaws have been revealed by the former head of Intel's advanced thread team, Yuriy Bulygin. This is a man who knows what he's doing, so his opinions and findings are not to be treated as fly-by-night like some others. Through his new security agency, Eclypsium (a neat name, it must be said), Bulygin posts...
Read more...
WhatsApp users have been forwarding a message around that some might find incredibly annoying. The message will cause the app to hang for a bit, after which it will then function normally. No malicious content is transferred with the message according to reports.
The message reads "If you touch the black point your...
Read more...
If you grabbed the free Super Mario Odyssey DLC that landed this week and have encountered what appear to be cheaters in Nintendo's Luigi's Balloon World game, you know the frustration that some folks are likely going through right now. These cheating players are using a glitch in a game that allows them to move...
Read more...
If you've been following the tech or security news for the past few days, then you no doubt know of a security vulnerability that reportedly affects all Intel processors. OS vendors have been working to mitigate the issue with kernel patches, but those software Band-Aids can come with some performance handicaps as a...
Read more...
