Tag Linux

Researchers Warn of Severe Vulnerabilities in Realtek Wi-Fi Module

A recent disclosure has unveiled critical vulnerabilities in the Realtek RTL8170C Wi-Fi module, which could be exploited by attackers to gain elevated privileges and take control of wireless communications. According to experts from the Israeli IoT security firm Vdoo, “Successful exploitation would grant complete control over the Wi-Fi module and potentially root access to the OS (such as Linux or Android) of embedded devices utilizing this module.” The Realtek RTL8710C Wi-Fi SoC serves as the foundation for Ameba, an Arduino-compatible platform designed for diverse IoT applications across sectors including agriculture, automotive, energy, healthcare, industrial, security, and smart home technologies. These vulnerabilities impact all embedded and IoT devices that utilize this component for Wi-Fi connectivity and necessitate that an attacker be on the same Wi-Fi network as the targeted devices.

Critical Vulnerabilities Discovered in Realtek Wi-Fi Module: Potential Risks Identified On June 3, 2021, researchers revealed a series of significant vulnerabilities associated with the Realtek RTL8170C Wi-Fi module, which could potentially allow malicious actors to exploit these flaws for unauthorized access to devices. According to a report from Vdoo, an…

Read More

Researchers Warn of Severe Vulnerabilities in Realtek Wi-Fi Module

A recent disclosure has unveiled critical vulnerabilities in the Realtek RTL8170C Wi-Fi module, which could be exploited by attackers to gain elevated privileges and take control of wireless communications. According to experts from the Israeli IoT security firm Vdoo, “Successful exploitation would grant complete control over the Wi-Fi module and potentially root access to the OS (such as Linux or Android) of embedded devices utilizing this module.” The Realtek RTL8710C Wi-Fi SoC serves as the foundation for Ameba, an Arduino-compatible platform designed for diverse IoT applications across sectors including agriculture, automotive, energy, healthcare, industrial, security, and smart home technologies. These vulnerabilities impact all embedded and IoT devices that utilize this component for Wi-Fi connectivity and necessitate that an attacker be on the same Wi-Fi network as the targeted devices.

Urgent: Update Your Chrome Browser to Address New 0-Day Vulnerability

June 18, 2021

Google has released an important update for the Chrome browser on Windows, Mac, and Linux to resolve four security vulnerabilities, including a critical zero-day flaw currently being exploited. This issue, identified as CVE-2021-30554, is a high-severity “use after free” vulnerability in WebGL (Web Graphics Library), which is a JavaScript API used for rendering interactive 2D and 3D graphics in the browser. Exploiting this flaw could lead to data corruption, crashes, and unauthorized execution of code or commands. Google received an anonymous report about the vulnerability on June 15, and Chrome technical program manager Srinivas Sista confirmed that the company is “aware that an exploit for CVE-2021-30554 exists in the wild.” While it’s standard practice to withhold specific details until most users have applied the fix, this announcement comes just days after Google addressed another zero-day vulnerability.

Update Your Chrome Browser to Address Critical 0-Day Vulnerability On June 18, 2021, Google announced the release of a significant update for its Chrome browser, applicable to Windows, Mac, and Linux systems, aimed at rectifying multiple security vulnerabilities. This update specifically targets four identified flaws, one of which is a…

Read More

Urgent: Update Your Chrome Browser to Address New 0-Day Vulnerability

June 18, 2021

Google has released an important update for the Chrome browser on Windows, Mac, and Linux to resolve four security vulnerabilities, including a critical zero-day flaw currently being exploited. This issue, identified as CVE-2021-30554, is a high-severity “use after free” vulnerability in WebGL (Web Graphics Library), which is a JavaScript API used for rendering interactive 2D and 3D graphics in the browser. Exploiting this flaw could lead to data corruption, crashes, and unauthorized execution of code or commands. Google received an anonymous report about the vulnerability on June 15, and Chrome technical program manager Srinivas Sista confirmed that the company is “aware that an exploit for CVE-2021-30554 exists in the wild.” While it’s standard practice to withhold specific details until most users have applied the fix, this announcement comes just days after Google addressed another zero-day vulnerability.

Important: Update Your Chrome Browser to Fix New Zero-Day Vulnerability

Jul 16, 2021

Google has released a critical security update for the Chrome browser on Windows, Mac, and Linux, addressing several vulnerabilities, including a zero-day being actively exploited. This latest patch resolves eight issues, notably a type confusion vulnerability in the V8 open-source and JavaScript engine (CVE-2021-30563). An anonymous researcher reported this flaw on July 12.

In light of the ongoing threat, Google issued a brief statement confirming that “an exploit for CVE-2021-30563 exists in the wild,” but refrained from providing specific details about the vulnerability to prevent further misuse. This marks the ninth zero-day flaw addressed by Google this year, highlighting the ongoing risks to Chrome users.

Update Your Chrome Browser to Address Critical Zero-Day Vulnerability On July 16, 2021, Google released an urgent security update for its Chrome browser, impacting users on Windows, Mac, and Linux systems. This update addresses multiple vulnerabilities, including a significant zero-day exploit that has reportedly been leveraged in real-world cyberattacks. According…

Read More

Important: Update Your Chrome Browser to Fix New Zero-Day Vulnerability

Jul 16, 2021

Google has released a critical security update for the Chrome browser on Windows, Mac, and Linux, addressing several vulnerabilities, including a zero-day being actively exploited. This latest patch resolves eight issues, notably a type confusion vulnerability in the V8 open-source and JavaScript engine (CVE-2021-30563). An anonymous researcher reported this flaw on July 12.

In light of the ongoing threat, Google issued a brief statement confirming that “an exploit for CVE-2021-30563 exists in the wild,” but refrained from providing specific details about the vulnerability to prevent further misuse. This marks the ninth zero-day flaw addressed by Google this year, highlighting the ongoing risks to Chrome users.

Active Exploitation of React2Shell Vulnerability for Linux Backdoor Deployment

A significant security vulnerability known as React2Shell is currently being exploited by cybercriminals to deploy various malware strains, including KSwapDoor and ZnDoor, as reported by Palo Alto Networks’ Unit 42 and NTT Security. The exploitation of this vulnerability poses urgent risks to organizations, particularly those leveraging React and Next.js frameworks.…

Read MoreActive Exploitation of React2Shell Vulnerability for Linux Backdoor Deployment

Severe Ping Vulnerability Enables Remote Takeover of FreeBSD Systems

The FreeBSD operating system maintainers have issued updates addressing a critical security vulnerability in the ping module, which could be exploited to crash the application or execute code remotely. This vulnerability, identified as CVE-2022-23093, affects all supported FreeBSD versions and involves a stack-based buffer overflow triggered by maliciously crafted packets.…

Read MoreSevere Ping Vulnerability Enables Remote Takeover of FreeBSD Systems

Samba Releases Security Updates to Address Several High-Severity Vulnerabilities

The open-source software suite Samba has issued critical updates to address several high-severity vulnerabilities that pose significant risks to system security. If exploited, these flaws could allow unauthorized users to gain control over the affected systems. The vulnerabilities, identified as CVE-2022-38023, CVE-2022-37966, CVE-2022-37967, and CVE-2022-45141, have been patched in the…

Read MoreSamba Releases Security Updates to Address Several High-Severity Vulnerabilities

Zero-Day Exploit of FortiOS Vulnerability Targeting Government and Organizations

Exploitation of FortiOS SSL-VPN Zero-Day Vulnerability Targets Government Entities A critical zero-day vulnerability in FortiOS SSL-VPN was exploited by unknown threat actors in recent attacks, targeting governmental and other large organizations, as reported by Fortinet. This vulnerability, identified as CVE-2022-42475, is a heap-based buffer overflow flaw that permits unauthenticated remote…

Read MoreZero-Day Exploit of FortiOS Vulnerability Targeting Government and Organizations

Caution: Virus Alert on Windows, MacOS, and Linux Spreading via Facebook Messenger

### Recent Facebook Messenger Malware Campaign A concerning cybersecurity threat has emerged within Facebook Messenger, where users are encountering deceptive video links purportedly sent by friends, which can lead to malicious software installations. Researchers at Kaspersky Lab have uncovered a cross-platform malware campaign targeting users through these seemingly innocuous links.…

Read MoreCaution: Virus Alert on Windows, MacOS, and Linux Spreading via Facebook Messenger