Posts

Showing posts from December, 2019

Microsoft Information Disclosure Vulnerability

Image
Information Disclosure Vulnerability in Microsoft Open Enclave SDK ( CVE-2019-1370 ) Overview  A vulnerability has been reported in Microsoft Open Enclave SDK Which could lead to Disclosure of sensitive information in the context of the current user. Description An information disclosure vulnerability exists in microsoft Open Enclave SDK due to improper handling of objects in memory.  An  attacker could exploit this vulnerability by compromising the host application running the open Enclave.  Sucessful exploitation  of this vulnerability could allow an attacker to obtain informnation stored in the open Enclave.

FIRE-CHAT APP--> Chat without internet

Image
The app was first introduced in March 2014 for iPhone's, followed on April 3 by a version for Android devices. In July 2015, Fire-Chat introduced private messaging. Until then, it had only been possible to post messages to public chatroom's. In May 2016, Fire-Chat introduced Fire-Chat Alerts to allow users to send push alerts during a specific time and place. This feature was aimed for aid workers doing disaster relief and was developed from a partnership with Marikina a city in the Philippines. Fire-Chat first became popular in 2014 in Iraq following government restrictions on internet use , and thereafter during the 2014 Hong Kong protests. In 2015, Fire-Chat was also promoted by protesters during the 2015 Ecuadorian protests . On September 11, 2015, during the pro-independence demonstration called Free Way to the Catalan Republic, Fire-Chat was used 131,000 times. Fire-Chat is a proprietary mobile app, developed by Open Garden, which uses wireless mesh netwo...

Multiple Vulnerabilities in Intel Products

Image
Multiple Vulnerabilities in Intel Products Multiple vulnerabilities have been reported in Intel products which could allow local attacker to escalate privileges, cause denial of service (DoS) conditions or access sensitive information on a targeted system. Description 1. Escalation of Privilege Vulnerability in Intel RST CVE-2019-14568 This vulnerability exists in the Intel Rapid Storage Technology (RST) due to improper handling of permissions by the affected software. An authenticated attacker could exploit this vulnerability through local access to the system. Successful exploitation of this vulnerability could allow the attacker to get escalated privileges on the targeted system. 2. Vulnerability in multiple Intel Processors (CVE-2019-14607) This vulnerability exists in multiple Intel Processors due to improper checking of conditions by the firmware. An attacker could exploit these vulnerabilities through local access to the targeted system. Successful exploitat...

Apple Opens Its Invite-Only Bug Bounty Program

Image
Apple launching a bug bounty program for the bug hunters to show there skills into the field and get rewards for it.  The Researchers can report vulnerability in any product of the Apple like   iOS, macOS, watchOS, tvOS, iPadOS, and iCloud to the company. Since its launch three years ago, Apple's bug bounty program was open only for selected security researchers based on invitation and was only rewarded for reporting vulnerabilities in the iOS mobile operating system. However, speaking at a hacking conference in August this year, Ivan Krstić, head of Apple Security Engineering and Architecture at Apple, announced the company's upcoming extended bug bounty program which included three main highlights: an enormous increase in the maximum reward from $200,000 to $1.5 million, accepting bug reports for all of its operating systems and latest hardware, opening the program for all researchers. Even after submitting a valid security bug, researchers need to follow some ...

IBM Cloud Park System Cross Site Script Vulnerability

Image
IBM Cloud Park System Cross Site Script Vulnerability This vulnerability exists in IBM Cloud Park system fails to properly sanitize the user-supplied input. An attacker could exploit this  vulnerability to execute arbitrary Javascript code in the browser of an affected system Successful exploitation of this vulnerability could allow the attacker to embed arbitrary Javascript code in the Web UI thus Altering the intended functionally potentially leading to credentials disclosure within a trusted session.

Google Crashed!!!!!

Image
When Google 'crashed' on asking this iPhone question A funny bug was reported yesterday (December 19) by Android smartphone users where if they wanted to search “what is iMessage” on Google, the app simply crashed.  We tried it on four different Android smartphones — Samsung Galaxy Note 10+, Asus ROG Phone II, OnePlus 7 Pro and Xiaomi Mi A3 — and just couldn’t ask about this popular iPhone feature on Google Search.  However, it did appear that Google had fixed the bug as after a couple of hours, we were able to search for “what is iMessage” on Android smartphones. This issue wasn’t restricted to India alone it seems. According to a report by Android Authority, Reddit users also pointed out the issue on their Android smartphones. A Reddit user who was facing the ‘issue’ explained in on the forum , “From my little 30-min testing, this is what I made out. This (the app crash) happens due to some internal function conflict between Google app's "web search" ...

Most Common Passwords Found From Breaches

Image
Here are the Most Common Passwords Found From Breaches in 2019 Researchers analyzed data leaked in various data breaches to bring this study forward. Passwords ‘12345,’ ‘123456,’ and ‘123456789’ were the most common passwords, followed by ‘test1’ and, of course, the password ‘password’. A bunch of independent anonymous researchers composed a list of 200 most popular passwords that were leaked in data breaches during 2019 and shared it with security firm Nord Pass. The notorious Collections #1-5 breaches alone exposed 3 billion records. Weak password logic also included strings of letters forming a horizontal or vertical line on the keyboard, such as asdfghjkl, qazwsx, 1qaz2wsx, etc. The most obvious—‘password’— remained popular with 830,846 people still using it. Passwords ‘12345,’ ‘123456,’ and ‘123456789’ were the most common passwords, followed by ‘test1’ and, the password ‘password’. Passwords containing popular female names included Nicole, Jessica, Hannah, etc....

Find Sub Domains in a minute

Image
What is a Sub Domain? A subdomain is a domain that is part of a larger domain, the only domain that is not also a subdomain is the root domain. For example, www.google.com is the Root domain and www.google.in or wwww.google.uk are the subdomains. What is the use of Discovering Subdomains? Discovering subdomains of a domain is an essential part of hacking reconnaissance and thanks to following online tools which makes life easier. Having an unsecured subdomain can lead to a serious risk to your business, and lately, there were some security incidents where the hacker used subdomains tricks. Censys Censys is probably one of the first search engines to check for subdomains. Along with subdomain, you can also find some of the exciting stuff as following. IP details ( can be useful to find origin IP ) Certificate details Allowed port SSL/TLS handshake protocol and cipher suites (useful to find weak cipher/protocol) Pentest-Tools Pentest-tools search f...

StrandHogg vulnerability in Google Android

Image
StrandHogg vulnerability in Google Android A vulnerability that has been named "StrandHogg" has been reported to be present in the Android operating system. The vulnerability allows a malicious application to masquerade as any other app. The vulnerability exploits an Android control setting called "task affinity" which allows an application to assume any identity in the multitasking system.

Ransomware bypass windows Anti-Virus

Image
The authors of the Snatch ransomware are using a never-before-seen trick to bypass antivirus software and encrypt victims' files without being detected. The trick relies on rebooting an infected computer into Safe Mode and running the ransomware's file encryption process from there. The reason for this step is that most antivirus software does not start in Windows Safe Mode, a Windows state meant for debugging and recovering a corrupt operating system. Cybersecurity researchers have spotted a new variant of the Snatch ransomware that first reboots infected Windows computers into Safe Mode and only then encrypts victims' files to avoid antivirus detection. Unlike traditional malware, the new Snatch ransomware chooses to run in Safe Mode because in the diagnostic mode Windows operating system starts with a minimal set of drivers and services without loading most of the third-party startup programs, including antivirus software. Snatch has been active since at leas...

Denial of Service Vulnerability in Linux Kernel

Image
This vulnerability exists in the rwsem_down_write_slowpath of the file "kernel/locking/rwsem.c" of the component btrfs Image Mount Handler in Linux Kernel. A local attacker could exploit this vulnerability by mounting a crafted btrfs image twice leading to a use-after-free error.

Windows 0-Day Under Active Attack

Image
With its latest and last Patch Tuesday for 2019, Microsoft is warning billions of its users of a new Windows zero-day vulnerability that attackers are actively exploiting in the wild in combination with a Chrome exploit to take remote control over vulnerable computers. Microsoft's December security updates include patches for a total of 36 vulnerabilities, where 7 are critical, 27 important, 1 moderate, and one is low in severity—brief information on which you can find later in this article. Tracked as CVE-2019-1458 and rated as Important, the newly patched zero-day Win32k privilege escalation vulnerability, reported by Kaspersky, was used in Operation WizardOpium attacks to gain higher privileges on targeted systems by escaping the Chrome sandbox. Although Google addressed the flaw in Chrome 78.0.3904.87 with the release of an emergency update last month after Kaspersky disclosed it to the tech giant, hackers are still targeting users who are using vulnerable versions of t...

The Navy will build cyber teams

Image
The Navy will create tactical cyber teams in early 2020 as part of an order from the service’s top officer. In a new strategy document released Dec. 4, Chief of Naval Operations Adm. Michael Gilday said he wanted the service to develop a plan to field small tactical cyber teams by February 2020. He directed the Information Warfare Type Command and Fleet Cyber Command/10th Fleet to make it happen. “I want to give tactical cyber teams, small tactical cyber teams to fleet commanders so that we can confuse the enemy and put ourselves in a position of advantage in a fight right off the bat,” Gilday said at the USNI Defense Forum Dec. 5. Additional details regarding the makeup of these teams and what their focus will be were not immediately available. U.S. Cyber Command orchestrates cyber operations within the Department of Defense. The services provide the 133 offensive and defensive cyber teams through the cyber mission force to Cyber Command. The individual services, such ...

Avast and AVG Browser Extensions Spying On Chrome

Image
Avast and AVG Browser Extensions Spying On Chrome and Firefox Users If your Firefox or Chrome browser has any of the below-listed four extensions offered by Avast and its subsidiary AVG installed, you should disable or remove them as soon as possible. Avast Online Security AVG Online Security Avast SafePrice AVG SafePrice Why? Because these four widely installed browser extensions have been caught collecting a lot more data on its millions of users than they are intended to, including your detailed browsing history. What users' data is being sent to Avast? Full URL of the page you are on, including query part and anchor data, A unique user identifier (UID) generated by the extension for tracking, Page title, Referrer URL, How you landed on a page, e.g., by entering the address directly, using a bookmark or clicking a link, A value that tells whether you visited a page before, Your country code Browser name and its exact version number, Your operating...

Pegasus Spyware Hacked 20 User Whatsapp

Image
WhatsApp informed the government in September that 121 Indian citizens may have been targeted by an Israeli company’s spyware , an official at the mobile messaging services company said, detailing what was a second alert over a possible snooping attempt that came to light earlier in the week. The official, who asked not to be named, said the company had responded to the ministry of electronics and information technology’s calls for an explanation over the kind of breach and what steps it had taken to protect users. The two alerts – one in May and the September communication – were reiterated in the response, which was sent ahead of the November 4 deadline set by the government, this person said, asking not to be named . WhatsApp also told CERT-In that the vulnerability could no longer be exploited to carry out attacks. Prasad said the government is committed to protecting the fundamental rights of citizens, including the right to privacy. "The government operates stric...

BUG in Joomla

Image
Vunerability Note CIVN-2019-0187 Information Disclosure Vulnerability in Joomla Overview  A vulnerability has been reported in Joomla which could be exploited by a remote attacker to obtain potentially sensitive information on a targeted system. VULNERABILITY: This vulnerability exists in phputf8 mapping files of Joomla due to improper access cheeks. A remote attacker could gain  information about the file system structure of the server where the website is hosted. Successful exploitation of this vulnerability could allow the attacker to obtain sensitive information of the target system which  could lead to further attacks

Chrome Password Stealing Trojan

Image
Chrome Password Stealing Trojan Sends Passwords To Remote MongoDB Database Researchers have found a new password stealer targeting Google Chrome. What’s different about this Chrome Password Stealing Trojan is that it stores all stolen passwords to a remote MongoDB database. Chrome Password Stealing Trojan Reportedly, researchers have discovered a new password-stealing Trojan targeting Google Chrome. Identified as CStealer, the Trojan has nothing special except its peculiar way of storing stolen passwords. According to BleepingComputer, the malware first caught the attention of MalwareHunterTeam and then of a researcher James. Specifically, the Trojan connects to the database via MongoDB C Driver, for which, it also has the credentials. So, right after gaining access to the passwords stored in Chrome Password Manager, it connects to the database to share data. Risk Of Password Breaches As observed by the researchers, the Trojan presently works as a password stealer. Howe...

Stop Sharing your Streaming Service Accounts Immediately

Image
Stop Sharing your Streaming Service Accounts Immediately You might want to reconsider sharing the login details of your steaming service account with friends and family to avoid the risk of falling victim to fraud or identity theft at the hands of tech-savvy organized crime groups. The warning comes as thousands of Disney Plus customers reported hackers were accessing their profiles, changing their login credentials and selling their accounts on the dark web. Disney was adamant it did not suffer a data breach, saying the login details were "leaked from previous breaches at other companies, pre-dating the launch of (the streaming service)". The so-called "credential stuffing" attack is a popular technique used by hackers who obtain passwords and usernames via malicious means before seeing if those details will gain access to accounts on different websites. This is achieved by applying through perseverance –  trying various combinations of usernames and pa...

Whatsapp some new great features

Image
Whatsapp some new great features Whatsapp is constantly keeping its app updating with new features. This time the main motive is to give smooth calling to its user. Some of the features are still under development while a few have been rolled out as stable updates for both Android and iOS users. Call waiting support: In the updated version, 2.19.120 WhatsApp introduced call waiting for support. Currently, the update is only available for iPhone users. The Android update will be rolled out soon, according to reports. In this update, users will be able to receive another WhatsApp call while they are already on one call. Before this, the user didn't receive any notification on coming to another call instead it shows a message of "MISSED CALL" after the user ends up with the ongoing call. Self-destructing message feature: Although currently available on the Android Beta version, this update will automatically delete a message after a particular period of time...