Instagram photo flaw could have helped malicious hackers spy via users’ cameras and microphones

Instagram photo flaw could have helped malicious hackers spy via users’ cameras and microphones

A critical vulnerability in Instagram’s Android and iOS apps could have allowed remote attackers to run malicious code, snoop on unsuspecting users, and hijack control of smartphone cameras and microphones. The security ...

Zeek in it’s sweet spot: Detecting F5’s Big-IP CVE10 (CVE-2020-5902)

By Ben Reardon, Corelight Security Researcher Having a CVE 10 unauthenticated Remote Code Execution vulnerability on a central load balancing device? That’s bad… Not being able to detect when a threat actor ...

F5 BIG-IP Exploit, WiFi Router Security Updates, Password Reuse

In episode 129 for July 13th 2020: Impact of the F5-BIG-IP critical vulnerability, security updates and your WiFi router, and details about new research that shows how billions of compromised credentials are ...
Zero-Day Flaw Allowed Attackers to Achieve RCE on Firewalls

Zero-Day Flaw Allowed Attackers to Achieve RCE on Firewalls

British security firm Sophos determined that malicious actors had abused a zero-day vulnerability to achieve remote code execution (RCE) on some of its firewall products. According to Sophos, the attack chain began ...
Untitled Goose Game security hole could have allowed hackers to wreak havoc

Untitled Goose Game security hole could have allowed hackers to wreak havoc

Is nothing sacred? The highly popular “Untitled Goose Game” has been found to be vulnerable to an attack that could allow hackers to run malicious code on your computer. “Untitled Goose Game”, ...
hell

Dell Hell Gets Hotter via Bad Bug in Every PC, Laptop

Every Dell endpoint running Windows has a nasty remote-code execution vulnerability. The security hole is in the SupportAssist module ...
Security Boulevard
Hundreds of Vulnerable Docker Hosts Exploited by Cryptocurrency Miners

Hundreds of Vulnerable Docker Hosts Exploited by Cryptocurrency Miners

Docker is a technology that allows you to perform operating system level virtualization. An incredible number of companies and production hosts are running Docker to develop, deploy and run applications inside containers ...
cryptocurrency miner via website vulnerability

Latest Drupal RCE Flaw Used by Cryptocurrency Miners and Other Attackers

Another remote code execution vulnerability has been revealed in Drupal, the popular open-source Web content management system. One exploit — still working at time of this writing — has been used in ...
Missing Content-Type Header

The Importance of the Content-Type Header in HTTP Requests

Dawid Czagan, Founder and CEO at Silesia Security Labs and author of Bug Hunting Millionaire, is listed in HackerOne’s Top 10 Hackers. In a recent article on his website, Czagan disclosed the ...
Critical RCE Vulnerability in Facebook Server Patched, Researcher Nabs $5,000 Bounty

Critical RCE Vulnerability in Facebook Server Patched, Researcher Nabs $5,000 Bounty

A critical remote code execution vulnerability in a Facebook server was recently patched after security researcher Daniel ‘Blaklis’ Le Gall reported it using a proof-of-concept. The vulnerability was found in an unstable ...