Researchers at the University of California, Riverside, have discovered three ways in which hackers can use GPUs to break user security and privacy defenses. These technologies can be used to monitor browser activity, steal passwords,...
On November 7th, Cisco officially issued a security notice that it fixed two high-risk vulnerabilities in Cisco Stealthwatch Management Console and Cisco Unity Express. CVE-2018-15394, the vulnerability stems from a hidden danger in the system...
New zero-day vulnerability details about VirtualBox was revealed by a security researcher, and the researcher has released proof-of-concept videos. VirtualBox E1000 Guest-to-Host Escape from Sergey Zelenyuk on Vimeo. According to the vulnerability description, this...
Recently, Apache Tomcat officially released the mod_jk access control bypass vulnerability (CVE-2018-11759) security notice, the current PoC has been made public, please pay attention to relevant users, take timely preventive measures. Apache Tomcat JK...
Often SSD vendors offer hardware encryption when they make their products, but researchers have found that hardware encryption can be bypassed even without a password. Two Researchers, Carlo Meijer and Bernard van Gastel from Radboud University...
New zero-day vulnerability details about Microsoft Edge may be coming soon, as researchers have released preliminary proof-of-concept videos. The vulnerability is a sandbox escape vulnerability, and therefore the severity is relatively high, at least...
The latest analysis released by the Israeli security company ARMIS pointed out that there are two serious security vulnerabilities, bleedingbit in the low-power Bluetooth chip produced by Texas Instruments. These security vulnerabilities allow an attacker...
Recently, five researchers at the Tampere Polytechnic University in Finland and the Havana Technical University in Cuba have discovered a new PortSmash side-channel vulnerability which can lead to the disclosure of encrypted information. It...
Recently, Cisco officially issued a security bulletin to fix high-risk vulnerabilities in its various products. These vulnerabilities are a denial of service CVE-2018-15454 and a remote code execution CVE-2018-16986. CVE-2018-15454 A vulnerability in the...
Canonical has released a new Ubuntu 16.04 LTS Kernel Patch for the Ubuntu 16.04 LTS operating system which fixes four known security vulnerabilities for all users who use the original Linux Kernel 4.4. The...
Recently, Gitlab officially released a security update notice that revealed a remote code execution vulnerability that could allow an attacker to gain direct access to the server. The Gitlab Wiki API is a set...
Felix Wilhelm of the Google Security Research team discovered the systemd vulnerability and applied for the CVE number CVE-2018-15688, which could allow an exploiter to modify the target system memory with an individual DHCPv6...
Two security researchers recently announced that Cisco’s WebEx online video conferencing software was affected by a critical vulnerability that could be exploited to provide permissions and execute arbitrary commands. The vulnerability was discovered by...
Recently, X.Org Foundation developers released X.Org Server 1.20.3 to fix privilege escalation vulnerabilities. This issue has been assigned CVE-2018-14665. The vulnerability was caused by the server not correctly verifying the two parameters, “-modulepath” and “-logfile“. The -modulepath...
Microsoft originally planned UWP applications to improve overall security. After all, all apps can only be downloaded by users through Microsoft audit. At the same time, UWP applications can only run in their independent...
The new 0day vulnerability has been disclosed and will affect all recent versions of Windows, including Windows 10. Researchers with the username “SandboxEscaper” shared a Proof of Concept on Twitter and GitHub to confirm the existence of this...
