[ad_1] Unlike some side channel attacks, it hasn’t taken long to show how these exploits would work in the real world. The team took advantage of the flaws using JavaScript in common browsers like Chrome and Firefox, not to mention virtual machines in the cloud. While Take A Way only dribbles out a small amount […]
Category: exploit
It took Google months to patch a serious Android security flaw
[ad_1] Google noted the patch (CVE-2020-0069) in its March Android security bulletin. While this is the first public disclosure, details about the exploit have been online for months. The vulnerability is still exploitable on dozens of device models, and hackers are actively using it. Worse, in all likelihood, many devices will never get the patch […]
Android security flaw lets attackers send malware over Bluetooth
[ad_1] BlueFrag doesn’t work with Android 10. It’s possible that versions before Android 8 are affected, but the team hadn’t “evaluated the impact” on older releases. You can protect yourself by installing the February 2020 security patch, and the Bluetooth nature of the flaw means that you’ll have to be relatively close to an attacker. […]
Intel is patching its Zombieload CPU security flaw for the third time
[ad_1] Compared to the MDS flaws Intel addressed in those two previous patches, these latest ones have a couple of limitations. To start, one of the vulnerabilities, L1DES, doesn’t work on Intel’s more recent chips. Moreover, a hacker can’t execute the attack using a web browser. Intel also says it’s “not aware” of anyone taking […]
Microsoft will fix an Internet Explorer security flaw under active attack
[ad_1] The issue is significant enough that Homeland Security issued an advisory encouraging people to both be aware of the flaw and consider implementing workarounds, including temporarily restricting access to jscript.dll. Unlike the Firefox bug, though, you’ll have to wait a while for a patch. Microsoft said it wasn’t likely to provide its fix until […]
Homeland Security wants you to update your Firefox browser right now
[ad_1] Mozilla is “aware of targeted attacks in the wild abusing this flaw.” In a statement provided to Engadget, a Mozilla spokesperson said, “on Tuesday, January 7, 2020, Chinese security firm Qihoo 360 reported a vulnerability that was used as part of targeted attacks on a local network. We started shipping Firefox updates to address […]
Intel fixes CPU security flaw it said was patched in May
[ad_1] The Vrije Universiteit Amsterdam researchers who alerted Intel to the problems have told the New York Times that Intel apparently ignored key proof-of-concept exploits when developing the May update, and should have found the relevant flaws even without those ready-made examples. The team refused to stay quiet with the November patch knowing that there […]
Amazon Echo Show falls victim to an old flaw at hacking contest
[ad_1] The patch gap was a “common factor” in many of the Internet of Things hacks at the contest, Gorenc added. This was the first time contestants could target devices in the Home Automation category, and there were a number of firsts beyond that. Fluoroacetate also compromised a Sony X800G TV (the first television target […]
The first in-the-wild BlueKeep attack isn’t as dangerous as feared
[ad_1] There’s been a “spike” in traffic related to the flaw, Rendition Infosec’s Jake Williams told Wired, but it hasn’t hit “critical mass.” This doesn’t rule out the possibility of a more serious BlueKeep attack. There were still 735,000 computers open to BlueKeep as of August, according to Errata Security. However, the window of opportunity […]
Second SIM card attack can send texts and phone location data
[ad_1] The vulnerability could be used to track a device’s location, point users to phishing websites and rack up fees on calls to toll numbers, among other tricks. Ginno has briefed the GSM Association on WIBattack, although it’s not clear what if anything the industry body is doing to address the issue. It’s not certain […]