InfoSecBulletin Cybersecurity for mankind
A recent study found a vulnerability in major internet browsers that has existed for 18 years. This vulnerability makes private and corporate networks open to cyberattacks. Researchers from Oligo Security discovered that hackers can take advantage of how browsers handle requests to the IP address 0.0.0.0 by redirecting them to private servers like “localhost.”
The “0.0.0.0 Day” vulnerability involves tricking people into visiting harmful websites. These websites send hidden requests using the IP address 0.0.0.0. This can give hackers access to private data and internal messages of developers. Even more concerning, it can allow hackers to enter victims’ internal networks, making them vulnerable to various types of attacks.
SonicWall patched SSLVPN Vuln Allowing Firewall Crashing
GitLab Releases Security Update For Multiple Vulns
ISPAB president “whatsapp” got hacked via phishing link
Zyxel released patches 2 vulns in its USG FLEX H series firewalls
South Korea’s largest SK Telecom Hit by Malware: SIM-related info leaked
ChatGPT Develops Exploit for CVEs Before Public PoCs Share
TP-Link Router Vulns Allow to Execute Malicious SQL Commands
SSL.com’s domain validation system’s bug found: Hacker exploited
Amazon Follows Microsoft’s Lead, Halts Some Data Center Deals
Hackers Exploit Zoom’s Remote Control Feature for System Access
Both individuals and companies that host web servers are vulnerable to potential risks. Researchers have shown that it is possible to execute harmful code on servers using the Ray AI framework. However, this issue applies to any application that can be accessed through the IP address 0.0.0.0.
In June, Google’s security developer found malware abusing this vulnerability. But, Windows users don’t need to worry because Microsoft automatically blocks 0.0.0.0. Apple will block access to 0.0.0.0 in macOS 15 Sequoia beta. Google may do the same for Chromium and Chrome. However, Mozilla is unsure due to compatibility concerns with servers that use 0.0.0.0.
Tech giants are increasingly focusing on cybersecurity. However, researchers warn that leaving the IP address 0.0.0.0 open could pose a significant risk, as it may expose previously protected data.
The findings will be presented at the DEF CON conference in Las Vegas this weekend, providing more information about this important security issue. Stay tuned for updates and strategies to fix this vulnerability.
