Hackerzhome

hackerzhome-logo-bg

Cybersecurity news all over the world

HACKERZHOME NEWS

March 23, 2023

Thursday

Windows 11 and macOS crashes are fixed with Mozilla Firefox 111.0.1.

Mozilla has fixed vulnerabilities that led to Firefox crashing on macOS and freezing with a blank window that wouldn’t respond when launched on Windows 11 computers.


The individual who first discovered the Windows freeze problem claims that the bug most likely affects Firefox users running Windows 11 who have also updated the KB5023706 cumulative update this month.


A blank window (not a blank web page) with only the Windows min, max, [and] close buttons appears when Firefox first launches.


According to the bug report sent three days ago, if I shut the window, it reports that it is not responding and submits a problem report to Microsoft.


The web browser “stopped responding and was closed” as a result of a “problem that led this program to stop interacting with Windows,” according to the crash report forwarded to Microsoft when the Firefox process collapses.


The person who reported the problem said that Firefox restarted as expected after removing the KB5023706 Windows update.


Despite the fact that the user report linked the freeze problems to the KB5023706 update, it’s unclear whether this was the root of the problem or merely a timing issue brought on by a change in behavior that made the profile accessible earlier during startup.

NEWS 1
Windows 11 and macOS crashes are fixed with Mozilla Firefox 111.0.1.

Breaking news

LIVE

You are not up to date!

Subscribe to our newsletter and stay updated on cybersecurity news

Release of proof-of-concept exploits for Netgear Orbi router flaws

There have been disclosed proof-of-concept exploits for bugs in the Orbi 750 series router and extender satellites from Netgear, one of which is a critical severity remote command execution fault.

For areas between 5,000 and 12,500 square feet, the Netgear Orbi network mesh system offers robust coverage and excellent throughput on up to 40 concurrently connected devices.

On August 30, 2022, the Cisco Talos team found the bugs in Netgear’s system and notified the manufacturer.

The Netgear Orbi router’s access control feature has a remotely exploitable command execution vulnerability, which is the first and most serious (CVSS v3.1: 9.1) fault.

By sending a specially crafted HTTP request to the susceptible router, an attacker can use openly accessible admin consoles to take control of the device and run whatever commands they want.

CVE-2022-38452, a high-severity remote command execution vulnerability in the router’s telnet service, is the second issue that Cisco’s analysts have identified. A MAC address and legitimate login credentials are needed to exploit the issue.

NEWS 2

For placing advertisements and promotions in this newspaper, or anywhere on our website, contact us through email at [email protected] or fill out this contact form.

Share this news:

March 23, 2023 /

Thursday

Hackerzhome News

2

Have you heard?
Microsoft Releases Fixes For 80 New Security Vulnerabilities, Two Of Which Are Active Attacks Know more!

Microsoft: Windows LSA protection alerts are caused by the Defender update.

Microsoft Windows LSA protection alerts are caused by the Defender update.

According to Microsoft, the KB5007651 update for Microsoft Defender Antivirus causes Windows Security warnings on devices running Windows 11 to state that Local Security Authority (LSA) Protection is disabled.

LSA Protection is a security feature that prevents process memory dumping and untrusted LSA code injection from stealing critical data like credentials.

Microsoft identified this as a new issue today, leading afflicted Windows systems to repeatedly notify users that a restart is necessary after turning on LSA Protection because they are vulnerable.

Redmond claims that only systems running Windows 11 21H2 and 22H2 would experience persistent restart alerts.

You can get a security alert or warning saying that “Local Security protection is off” after installing “Update for Microsoft Defender Antivirus antimalware platform – KB5007651 (Version 1.0.2302.21002).

Just the “Update for Microsoft Defender Antivirus antimalware platform – KB5007651 (Version 1.0.2302.21002)” is impacted by this problem.
The KB5023706 and KB5023698 Windows updates that were released on March 14, 2023, for the impacted platforms do not contribute to this problem.

NEWS 3

New PowerMagic and CommonMagic malware is used by hackers to steal data.

New PowerMagic and CommonMagic malware is used by hackers to steal data.
NEWS 4

Security researchers have discovered that a new backdoor called PowerMagic and “a previously undiscovered destructive framework” called CommonMagic were both used in attacks by an advanced threat actor.

Both malware components have been employed in ongoing operations targeting businesses in the transportation, agricultural, and administrative sectors since at least September 2021.

Experts at the cybersecurity firm Kaspersky claim that the hackers are motivated by a desire to gather information from victims in Crimea, Donetsk, and Lugansk.

The attackers behind the CommonMagic espionage operation can use different plugins once they have gained access to the victim network to steal files and documents (DOC, XLS, XLSX, ODS, RTF, ODT, TXT, ZIP, RAR, PDF, DOCX) from USB drives.

The malware can also use the Windows Graphics Device Interface (GDI) API to snap screenshots every three seconds.

The researchers think spear phishing or a similar technique to transmit a URL referring to a ZIP archive with a malicious LNK file is the first infection vector.

Attacks could elude detection due to the Coinbase Wallet Red Pill issue.

It was found that “red pill assaults,” a method for concealing risky smart contract activity from security measures, can be used against the Coinbase wallet and other decentralized cryptocurrency apps (dapps).

Coinbase is a well-known cryptocurrency exchange that enables users to store, manage, and interact with numerous digital assets, such as Bitcoin, Ethereum, and ERC-20 tokens, that they may purchase on the platform.

Security researchers at ZenGo Wallet have identified the Coinbase Wallet as one of the dapps that is vulnerable to a cutting-edge vulnerability that allows smart contracts to hide problematic behavior during transaction simulations.

Programs called Web3 smart contracts are launched whenever a cryptocurrency transaction takes place. These contracts allow developers to build a variety of websites and cryptocurrency asset functions.

For instance, smart contracts can be used to “charge” clients for reselling an item too soon after buying it or to automatically post information to a website based on the transaction.

Attacks could elude detection due to the Coinbase Wallet Red Pill issue.
NEWS 5

For placing advertisements and promotions in this newspaper, or anywhere on our website, contact us through email at [email protected] or fill out this contact form.

Share this news: