WebRTC (Web Real-Time Communication) is an open-source project that facilitates real-time audio, video, and data sharing directly between web browsers and mobile applications without the need for plugins. Its integration
Monthly Archives: October 2024
New macOS Vulnerability Allows Attackers to Bypass Security Controls
A recently discovered vulnerability in macOS, dubbed “HM Surf,” allows attackers to bypass the operating system’s Transparency, Consent, and Control (TCC) technology, gaining unauthorized access to a user’s protected data. This vulnerability, identified as CVE-2024-44133, was uncovered by Microsoft Threat Intelligence and has
Hacking Laptop With a BBQ Lighter to Gain Root Access
A simple BBQ lighter has been used to exploit vulnerabilities in laptops, gaining root access through an innovative method known as electromagnetic fault injection (EMFI). David Buchanan, a professional hardware
macOS Gatekeeper Security Feature Bypassed to Execute Malicious Code
Security researchers at Palo Alto Networks’ Unit 42 have uncovered significant vulnerabilities in macOS’s Gatekeeper security mechanism. This discovery reveals how certain third-party applications and even some of Apple’s native
Multiple Flaws Impacting Boot Chain Of Samsung Devices
The Android boot chain initiates with the “Boot ROM,” which initializes the “bootloader.” The bootloader then loads the kernel, which is responsible for managing system resources and launching the init process.
North Korean Hackers Exploited Internet Explorer Zero-Day Flaw
A joint report by AhnLab Security Emergency response Center (ASEC) and the National Cyber Security Center (NCSC) has revealed a new zero-day vulnerability (CVE-2024-38178) in Microsoft Internet Explorer (IE) being
Linux System ‘noexec’ Mount Flag Flaw Allows Malicious Code Execution
A recent discovery in the Linux ecosystem has unveiled a method to bypass the ‘noexec’ mount flag, enabling malicious code execution on systems that were previously thought to be secure.
Why Traditional Correlation Rules Aren’t Enough for Your SIEM – SOC Guide
If you’re managing an SIEM (Security Information and Event Management) system, you know how vital centralized threat detection is. SIEM collects and analyzes data from multiple sources—your firewalls, applications, servers—and
Threat Actors Abuse Genuine Code-Signing Certificates To Evade Detections
A code signing certificate is a digital certificate that allows software developers to sign their applications. This ensures both the “authenticity of the publisher” and the “integrity of the code.”HarfangLab
Hackers Abuse EDRSilencer Red Team Tool To Evade Detection
EDRSilencer is a tool designed to enhance data privacy and security by “silencing” or “blocking” unwanted data transmissions from endpoints. The tool is likely used in conjunction with EDR systems