Items tagged with remote code execution

Counter-Strike: Global Offensive (CS:GO) has been going strong since 2012, regularly hitting the “Top Games By Current Player Count” list on Steam. With this thriving community, it could make for a great opportunity to try and hack players through the game, and it seems that is indeed a potential threat. Researchers recently found a way to get reliable remote code execution on players’ computers just by joining a malicious community server. The Secret Club is a group of like-minded hackers and researchers who believe in open research about security, reverse engineering malware, and game hacking. Concerning the last part about game hacking, it seems they targeted CS:GO due to... Read more...
A new set of nine vulnerabilities that affect popular TCP/IP stacks, specifically relating to Domain Name Systems (DNS) implementations, were revealed yesterday. According to researchers at Forescout and JSOF, these vulnerabilities, collectively identified as NAME: WRECK, could impact at least 100 million IoT devices, leading to denial of service (DoS) and remote code execution. Forescout reports that the NAME:WRECK vulnerabilities are bugs within TCP/IP stacks FreeBSD, Nucleus NET, IPnet, and NetX. These stacks are used in millions of different devices, and when paired with the “often external exposure of vulnerable DNS clients,” the attack surface can be quite a large target. The... Read more...
With everyone using Zoom for both work and school, a vulnerability in the software can be especially concerning. This week, researchers competing in a zero-day hunting competition found a bug in Zoom that allowed them to remotely execute code without any necessary action from the target. This find netted the researchers a sum of cash and the concern of Zoom customers everywhere. Pwn2Own is a zero-day hunting contest organized by the Zero Day Initiative, which brings white hat hackers together to make software better by finding vulnerabilities. The multi-day event uncovered many issues in software, but the most interesting one that could have the most impact is with Zoom. We're still confirming... Read more...
A new Bluetooth security vulnerability has appeared, and this time Linux is under the gun. Andy Nguyen, an information security researcher, discovered the vulnerabilities. They are collectively known as BleedingTooth, which allows for zero-click remote code execution on Linux devices within Bluetooth range. The code can be executed with kernel privileges, and Intel has rated the exploit at an 8.3 on the common vulnerability scoring system (CVSS). According to the research page for CVE-2020-12351, BleedingTooth is a "Heap-Based Type Confusion in L2CAP." What this means is that a malicious user can send data to the Bluetooth subsystem (BlueZ program) in Linux, after which the code for the subsystem... Read more...