News

Chrome-based Browsers Have Loopholes that Enable Hackers to Infiltrate Wifi Routers

Refer to original article: https://hackercombat.com/chrome-based-browsers-have-loopholes-that-enable-hackers-to-infiltrate-wifi-routers/

Surecloud, a cybersecurity firm has released a report about a Google Chrome, Chromium, Opera, Vivaldi and other Blink-engine based browsers’ unpatched flaw that enables cybercriminals to penetrate the home wifi networks of unsuspecting users. Eliot Thompson, a Surecloud researcher, upon checking Chrome’s behavior as found a flaw on how the browser implements its saved password feature and the user’s bad habit of using the same password across many services, including the password for the Wi-Fi router’s configuration page. Google-based browsers have an inherent flaw of offering users to save passwords for sites, which include wi-fi configuration page, which is normally using an unencrypted http:// URL.

The password manager that came with Chrome saves not only passwords but also other information submitted in a web form. This can include anything from a name, address, birthdate and any personally identifiable information as demanded by a sign-up form. At the moment the home routers affected by the flaw include known mainstream brands like Belkin, Asus, and Netgear. Routers from other vendors are still being checked for the existence of the vulnerability to the Google Chrome exploit, but the common understanding is any router that uses plain http unencrypted wi-fi configuration page is affected. There is no way to change the behavior unless the router vendor issues a new firmware that will change the wi-fi configuration page to a TLS-encrypted URL.

USBHarpooning // BadUsb cable

I actually get to work with people who create these things. 

Check out this article: 
https://www.bleepingcomputer.com/news/security/usbharpoon-is-a-badusb-attack-with-a-twist/

The trio acted on an idea from Kevin Mitnick, who saw it put in practice by someone using the Twitter handle MG. He told Bleeping Computer that he asked MG if he could build a cable for him to use in a keynote speech to demonstrate new attack methods, but nothing happened.

Here's another disgrace

In 2018. When you can't even have a meaningful conversation with someone. Where they understand you. Or hear you even. LISTEN/READ && Understand...

A simple conversation:
Me: Okay we're only about 40 yards out.
D: Okay I want you to put up a lay up and park it.
Me: Well, it was my drive/disc. Which makes it your shot, partner. -- Don't necessarily care how you play the shot. We both get one.
D: Oh, it's going to be like that?

Tags: 

Apple macOS vulnerability paves the way for system compromise with a single click

Tampering with two lines of code unveiled a serious bug which could lead to full system compromise.

https://www.zdnet.com/article/apple-zero-day-vulnerability-permits-attacker-compromise-with-the-click-of-a-mouse/

Synthetic events are when attackers can virtually "click" objects in order to load code without user consent. If a threat actor is able to "click" a security prompt and load a kernel extension, this could lead to the full compromise of an operating system. -- Read more at the link above.

Pages