Connect with us

Press Release

By plugging in a mouse, Razer Bug enables you to access Windows 10 administration.

Published

on

By plugging in a mouse, Razer Bug enables you to access Windows 10 administration.

By just putting in a Razer mouse or keyboard, a Razer Synapse zero-day vulnerability that has been publicly published on Twitter enables you to take control of Windows as an administrator.

A well-known maker of computer accessories, Razer is well recognised for their gaming keyboards and mice.

The Razer Synapse programme will immediately download and start installing on a computer when a Razer device is plugged into Windows 10 or Windows 11. Users can set up macros, map buttons, and modify their gear using the software Razer Synapse.

Over 100 million people use Razer Synapse, according to Razer, who claims that number.

The plug-and-play Razer Synapse installation contains a zero-day vulnerability that, when exploited, allows users to swiftly gain SYSTEM access on a Windows system. This vulnerability was found by security researcher jonhat.

The greatest user rights in Windows, known as SYSTEM privileges, provide users the ability to run any command on the operating system. Basically, if a user has Windows’ SYSTEM capabilities, they have total control over the system and are able to install anything they want, including malicious software.

Razer had yet to respond, so yesterday jonhat revealed the zero-day vulnerability on Twitter and provided a little video explaining how the flaw operates.

Using a mouse while plugged in to gain access to the SYSTEM
We chose to test the flaw as BleepingComputer has a Razer mouse handy. We can confirm that it took us roughly two minutes to get SYSTEM rights in Windows 10 after plugging in our mouse.

It should be emphasised that this is a local privilege escalation (LPE) vulnerability, requiring physical access to a computer and a Razer device. To exploit the problem, all you need to do is purchase a $20 Razer mouse from Amazon and plug it into a Windows 10 computer.

On one of our Windows 10 machines, we set up a temporary ‘Test’ user with ordinary, non-administrator capabilities to test this flaw.

When we connected the Razer device to Windows 10, the operating system downloaded and set up both the driver and the Razer Synapse application automatically.

The Razer installation application got SYSTEM access as a result of the RazerInstaller.exe executable being started by a Windows process with SYSTEM privileges, as demonstrated below.

The setup procedure lets you choose the folder where the Razer Synapse software will be installed when you install it. Everything goes wrong when you have the choice of where to install your software.

The “Choose a Folder” window will show up when you move your folder. When you right-click the dialogue while holding down Shift, you will be given the option to “Open PowerShell window here,” which will launch a PowerShell prompt in the folder displayed in the dialogue.

This PowerShell prompt will inherit the same rights as the process that launched it because it was run with SYSTEM permissions.

As you can see in the screenshot below, after typing the “whoami” command at the PowerShell prompt, it became clear that the console has SYSTEM capabilities, enabling us to execute whatever command we like.

According to Will Dormann, a Vulnerability Analyst at the CERT/CC, other applications installed by the Windows plug-and-play mechanism is likely to include similar flaws.

Razer will address the flaw
Razer has contacted the security researcher to let them know that they will be delivering a remedy after this zero-day issue attracted significant notice on Twitter.

Despite the fact that the vulnerability was made public, Razer also informed the researcher that he would be getting a bug bounty payment.

Continue Reading

Press Release

MICROSOFT IS IN TERMS TO BUY SPEECH TECHNOLOGY COMPANY NUANCE COMMUNICATIONS FOR ABOUT $16 BILLION, OR $56 A SHARE, A 23% OVERPAYMENT TO NUANCE’S FRIDAY CLOSE, According to Sources (BLOOMBERG)

Published

on

MICROSOFT IS IN TERMS TO BUY SPEECH TECHNOLOGY COMPANY

Bloomberg:

According to sources, Microsoft is in advanced talks to acquire Nuance Communications, a provider of speech technology, for about $16 billion, or $56 per share, a 23% premium to Nuance’s Friday close. The proposed price would value Nuance at $56 per share. This week could see the announcement of a deal.

Continue Reading

Press Release

Nine widely used WiFi routers had 226 vulnerabilities.

Published

on

Nine widely used WiFi routers had 226 vulnerabilities.

Even when using the most recent firmware, security researchers examined nine widely used WiFi routers and discovered a total of 226 possible vulnerabilities in them.

Millions of people use the tested routers, which are made by Asus, AVM, D-Link, Netgear, Edimax, TP-Link, Synology, and Linksys.

The TP-Link Archer AX6000, which has 32 problems, and the Synology RT-2600ac, which has 30 security flaws, are the two devices with the most vulnerabilities.

The examination process
In partnership with CHIP magazine, researchers at IoT Inspector conducted security tests with a focus on models primarily used by small businesses and residential users.

According to Florian Lukavsky, CTO & Founder at IoT Inspector, “vendors provided them with current models, which were upgraded to the newest firmware version, for Chip’s router review.”

“IoT Inspector automatically examined the firmware versions and searched for more than 5,000 CVEs and other security flaws.”

Although not all defects posed the same risk, the researchers discovered a few widespread issues that impacted the majority of the evaluated models:

The firmware contains an outdated Linux kernel.
stale VPN and multimedia features
over-reliance on BusyBox’s earlier iterations
weak default passwords like “admin” are used
Hardcoded credentials are present in plain text.
Changing the router’s default password when configuring it for the first time is one of the most crucial steps you can take to secure it, according to Jan Wendenburg, CEO of IoT Inspector.

Whether an IoT device is used at home or in a corporate network, changing the password upon first use and turning on automatic updates must be regular procedure, according to Wendenburg.

In addition to manufacturer-introduced vulnerabilities, utilising an IoT device with the adage “plug, play, and forget” poses the greatest risk.

Continue Reading

Press Release

Record: hackers scraped information of 500M LinkedIn customers and published it available online; LinkedIn validates the dataset includes publicly viewable details from its site (Katie Canales/Insider).

Published

on

hackers scraped information

ReporReport: hackers scraped data of 500M LinkedIn users and posted it for sale online; LinkedIn confirms the dataset includes publicly viewable info from its site (Katie Canales/Insider)

Katie Canales / Insider:
Report: hackers scraped data of 500M LinkedIn users and posted it for sale online; LinkedIn confirms the dataset includes publicly viewable info from its site — – Personal data from 500 million LinkedIn users has been scraped and is reportedly for sale on a hacking forum.t: hackers scraped data of 500M LinkedIn users and posted it for sale online; LinkedIn confirms the dataset includes publicly viewable info from its site (Katie Canales/Insider)

Katie Canales / Insider:
Report: hackers scraped data of 500M LinkedIn users and posted it for sale online; LinkedIn confirms the dataset includes publicly viewable info from its site — – Personal data from 500 million LinkedIn users has been scraped and is reportedly for sale on a hacking forum.

Continue Reading

Trending