Showing posts with the label Vulnerabilities

Two Critical Vulnerabilities Uncovered in vBulletin

Inside the framework of the Beyond Security's SecuriTeam Secure Disclosure program, subtle elements were uncovered around two basic vulnerabilities in the vBulletin that were found by the masters of the Italian organisation TRUEL IT and an autonomous master who made a request to stay mysterious. No less than one of the issues enables a remote assailant to execute subjective code with regards to the vBulletin application server.  In spite of the fact that the issues influence promptly the last five forms of vBulletin, there are no revisions for them yet. Beyond Security said that they are endeavoring to contact the engineers of vBulletin from the end of November 2017, however they didn't get a reaction from the organization. Delegates of vBulletin told the media that they didn't get any letters identified with the depicted issues, and are as of now dealing with making patches.  The main issue is depicted as a bug identified with the consideration of

Keeper Ain't Keeping Our Password Secure

Google Project Zero pro and surely understood baghunter Tavis Ormandy uncovered a major issue in the outsider secret word director Keeper, which is incorporated into the OS since the arrival of Windows 10 Anniversary Update (variant 1607). The truth of the matter is that with the arrival of this adaptation, Microsoft has included the Content Delivery Manager capacity to the working framework, which can stow away different "suggested applications".  I don't want to hear about how even a password manager with a trivial remote root that shares all your passwords with every website is better than nothing. People really tell me this. 🙄 — Tavis Ormandy (@taviso) 15 December 2017 "I've heard about Keeper before, and I remember how some time ago I found a bug related to how they implement a privileged UI on the page, " Ormandy writes . "I rechecked and found that they continue to do the same in the new version." The expet clarif

Backdoor Exploit Discovered in Popular Bitcoin Mining Equipment

BitMain is one of the leading Bitcoin mining equipment manufacturers in the world. The company’s AntMiner range of specialized hardware mining equipment makes up for over 70 percent of all the mining hardware, which could be at risk following the discovery of Antbleed security flaw. Antminer S9 An anonymous researcher raised a storm in mayningovom community spread through Twitter about backdoor Antbleed, detected in the equipment companies Bitmain, which is the world's largest supplier of equipment for mining cryptocurrency. Why does @BitMainTech have the ability to selectively shut off any miner with their secret backdoor? Find out at . — AntBleed (@antbleed) April 26, 2017 It turned out that the backdoor appeared in the firmware code in July 2016, and researchers have been trying to inform Bitmain about the issue in September 2016, through the GitHub repository company, however this application ignored up until an unknown well-wishe

Samsung Smart TV Wi-Fi Direct Improper Authentication

Samsung Smart TVs running Tizen OS are prone to a security vulnerability that allows an attacker to impersonate a trusted device to obtain unrestricted access without authentication when connected via Wi-Fi Direct. Researchers at   Neseso   which is an independent security consulting company with more than 10 years of experience in security research and vulnerability assessment told about the problem .  According to Researchers , the problem lies in the implementation of authentication with Wi-Fi Direct technology, which is used in Samsung TVs. This mechanism allows users to not to authenticate every time, instead the TV can be "paired" with any trusted device whose MAC-address eventually gets added to the white list. The user will be notified that the device is connected from the white list from the TV, but no further authentication is required. Once connected the attacker have access to all the services provided by the TV, such as remote control service or D