Author Archives: CertX

IntelHD5000 Kernel Extension of Apple Affected By Privilege Escalation Bugs

Cisco Talos, security analysts have discovered the flaws in the IntelHD5000 kernel extension utilized in Apple OSX 10.13 could be employed for privilege escalation. The use after free memory fraudulence problems present in the kernel extension when managing with graphics supplies inside of macOS High Sierra. Exploitation of the flaws would demand for a collection to be fit into the VLC media application to reason an out of bounds approach inside of the KEXT – Kernel Extension.

Continue reading

National Security Agency Releases Free Public Reverse Engineering Tool

NSA – The United States National Security Agency designs to generate a reverse engineering tool that has been created and it is available for free public use in upcoming months. The tool, Dubbed GHIDRA will be exhibited at RSA Conference 2019 that will be held in San Francisco this year at beginning of March. The platform is devoted to comprise of high-end support and capabilities for various operating systems including Windows, macOS, and Linux.

Continue reading

Data Breach Strikes 15K BevMo E-commerce Users

BevMo, the alcohol retailer revealed to the office of the California Attorney General that its website was breached, compromising the credit card information of about 15,000 users.

The website is carried off by NCR Corp., which identified a harmful code which was added on the website checkout page by a non-official attacker who acquired access, siphoning user’ names, debit  or credit numbers, their expiry dates, phone numbers, email addresses, CVV2 codes, shipping and billing addresses.

Continue reading

Prominent Phishing Attacks Enterprises Need to Know

Phishing is the motive of sending unlawful or swindling communications that become visible to approach from a famous source. It is commonly done through email which has been practiced widely across the world. The main motive in this act is to steal highly sensitive information such as credit card, debit card and login information of accounts, or even to install malware on the system of the victim. Phishing is a general kind of cyber threat that everyone should acquire information about it so as to safegurad themselves.

Continue reading

Employee Data Reveals in An Attack at NASA Server

NASA – The U.S. National Aeronautics and Space Administration has affirmed that one of its servers faced threat through hack in October, with various employee information, comprising social security numbers, revealed to hackers.

NASA states it is presently alerting employees whose data may have been impacted in a statement circulated couple of days ago. An inquiry has already commenced, however NASA states Social Security numbers and various personally detectable data were saved on the cracked server.

Continue reading

Microsoft Urges to Patch the 0-day Vulnerability in Internet Explorer

Microsoft announced an out-of-band modification on Wednesday for its web browser, Internet Explorer fixes a zero-day bug victimized by harmful hackers in marked threats. Microsoft has recognized Clement Lecigne of Google’s Threat Analysis Group for documenting the bug, however neither Microsoft nor Google have stated any information associated the threats involving the vulnerability.

Continue reading

WordPress Fixes Privilege Escalation Bugs

RIPS Tech security analysts express that the privilege escalation bugs in WordPress permit hackers to acquire access features that were meant for administrators merely. A hacker with a user function as low as presenter on WordPress, the open-source free Content Management System built on MySQL and PHP, could effort the security vulnerabilities to generate posts of post sorts they regularly should not have acquire access to.

Continue reading