The alternative social media site Gab, favored by the political right-wing, leaked private information though a SQL injection vulnerability according to Gab.com. Gab CEO Andrew Torba initially denied the breach over the weekend but has since acknowledged it. A hacker by the name JaXpArO provided the stolen data to the hacktivist group DDoSecrets. DDoSecrets says they won't … [Read more...]
11 High Severity Vulnerabilities found in Nvidia Software
Nvidia released updates to its users after security researchers and the Nvidias Product Security Team found 16 vulnerabilities in the Nvidia driver and software packages. One of the vulnerabilities found in the driver package allows for an escalation of privileges and could allow full control of the system. Drivers tend to have administrative privileges and so this creates a … [Read more...]
Zyxel Adds a Built-in User With A Easy To Find Password
Zyxel, a firewall and AP vendor, released a firmware update to their devices that included an unexpected, built-in admin user account called "zyfwp". Folks in information security often characterize this sort of hidden and hardcoded accounts as a “backdoor” account, even though it is hard to say if the vendors who do this do so intentionally or accidentally. First found by … [Read more...]
FBI Indicates Possible Second Hack By APT29
As news of the recent SolarWinds hack still unfolds, new information about APT29 possibly hacking a second major technology supplier could cause major disruptions. "CISA is investigating other initial access vectors in addition to the SolarWinds Orion supply chain compromise. " the CISA report reads. This statement replaces a previous statement indicating there was another … [Read more...]
XRSI May Have Lie About Gaining Root Access The Quest 2
We recently found XRSI, through their now-removed blog site post, claiming to have root access to Oculus Quest 2, a Virtual Reality game platform. New information from a Reddit user question if XRSI gained root access and the truthfulness of their claims. Since we published their claim, we thought it appropriate to also review what the Reddit user found. User “not_xrsi” claimed … [Read more...]