Amnesia:33 – Multiple Vulnerabilities in Open-Source TCP/IP Stacks

AMNESIA:33 is a study published by Forescout Research Labs under Project Memoria. The study consists of a report on 33 new vulnerabilities found in TCP/IP stacks used by multiple IoT, OT and IT device vendors. AMNESIA:33 affects multiple open-source TCP/IP stacks, which means a single vulnerability tends to spread easily and silently across multiple codebases, … Continue reading “Amnesia:33 – Multiple Vulnerabilities in Open-Source TCP/IP Stacks”

Multiple Systemd Vulnerabilities

Qualys has disclosed 3 vulnerabilities in systemd-journald, it has been named “System Down: A systemd-journald exploit” . systemd-journald is a system service that is responsible for collecting and storing logging data. It receives data from various sources like Kernel log messages, system log messages, Structured system log messages, Audit records etc CVE-2018-16864 and CVE-2018-16865 are memory corruptions … Continue reading “Multiple Systemd Vulnerabilities”

Critical Vulnerabilities Discovered in dnsmasq

Various vulnerabilities have been discovered in dnsmasq, an open source framework for managing DNS, DHCP, Router Advertisement, network boot etc. These issues were discovered in versions prior to 2.78 . The vulnerabilities were disclosed to CERT/CC by Google Security Team. These vulnerabilities can be exploited remotely via DNS and DHCP protocol. CVE Protocol Description CVE-2017-14491 DNS 2 byte … Continue reading “Critical Vulnerabilities Discovered in dnsmasq”

BlueBorne: Bluetooth Attack Vector

A new attack vector called ‘BlueBorne‘ has been discovered. The name is a play on the word ‘airborne’ as it allows attackers to take over devices on air-gapped networks. This attack was disclosed by Armis Lab. The vulnerabilities exploited by this attack affects Android, Linux, Windows, and iOS version less than 10. Targets can be compromised regardless of the … Continue reading “BlueBorne: Bluetooth Attack Vector”