Researchers detail GoFetch, a new side-channel attack impacting Apple CPUs that could allow an attacker to obtain secret keys. The post New ‘GoFetch’ Apple CPU Attack Exposes Crypto Keys appeared first on SecurityWeek.
...moreSummary
Total Articles Found: 45
Top sources:
- SecurityWeek 45
Top Keywords:
- NEWS & INDUSTRY: 40
- Vulnerabilities: 36
- Mobile & Wireless: 9
- Mobile Security: 8
- Endpoint Security: 7
Top Authors
- Eduard Kovacs: 45
Top Articles:
- Cisco Finds Serious Flaws in Sierra Wireless AirLink Devices
- Chinese Researchers Show How They Remotely Hacked a Mercedes-Benz
- Researchers Disclose Another SIM Card Attack Possibly Impacting Millions
- Critical Flaw in VMware Workstation, Fusion Allows Code Execution on Host From Guest
- Intel MDS Vulnerabilities: What You Need to Know
- Pwn2Own 2021: Hackers Offered $200,000 for Zoom, Microsoft Teams Exploits
- Vulnerabilities Expose BD Infusion Therapy Devices to Attacks
- No Patch for VPN Bypass Flaw Discovered in iOS
- EarSpy: Spying on Phone Calls via Ear Speaker Vibrations Captured by Accelerometer
- $200,000 Awarded for Zero-Click Zoom Exploit at Pwn2Own
New ‘GoFetch’ Apple CPU Attack Exposes Crypto Keys
Published: 2024-03-22 10:42:36
Popularity: 16
Author: Eduard Kovacs
Keywords:
Tor Code Audit Finds 17 Vulnerabilities
Published: 2024-01-31 12:51:52
Popularity: 20
Author: Eduard Kovacs
Keywords:
Over a dozen vulnerabilities discovered in Tor audit, including a high-risk flaw that can be exploited to inject arbitrary bridges. The post Tor Code Audit Finds 17 Vulnerabilities appeared first on SecurityWeek.
...moreAndroid Security Update Patches Kernel Vulnerability Exploited by Spyware Vendor
Published: 2023-05-05 08:33:00
Popularity: 10
Author: Eduard Kovacs
Keywords:
Google’s latest Android security updates patch over 40 vulnerabilities, including CVE-2023-0266, a kernel flaw exploited as a zero-day by a spyware vendor. The post Android Security Update Patches Kernel Vulnerability Exploited by Spyware Vendor appeared first on SecurityWeek.
...moreEarSpy: Spying on Phone Calls via Ear Speaker Vibrations Captured by Accelerometer
Published: 2022-12-28 11:09:56
Popularity: 47
Author: Eduard Kovacs
Keywords:
As smartphone manufacturers are improving the ear speakers in their devices, it can become easier for malicious actors to leverage a particular side-channel for eavesdropping on a targeted user’s conversations, according to a team of researchers from several universities in the United States. read more
...moreNearly 300 Vulnerabilities Patched in Huawei's HarmonyOS in 2022
Published: 2023-01-03 11:39:44
Popularity: 11
Author: Eduard Kovacs
Keywords:
Chinese tech giant Huawei patched nearly 300 vulnerabilities in its HarmonyOS operating system in 2022. read more
...moreRackspace Hit With Lawsuits Over Ransomware Attack
Published: 2022-12-12 12:21:29
Popularity: 12
Author: Eduard Kovacs
Keywords:
At least two lawsuits have been filed against Texas-based cloud company Rackspace over the recently disclosed ransomware attack. read more
...moreGoogle Unveils KataOS 'Verifiably-Secure' Operating System for Embedded Devices
Published: 2022-10-19 10:18:02
Popularity: 14
Author: Eduard Kovacs
Keywords:
Google last week unveiled a new project focused on building a secure embedded platform for machine learning (ML) applications. The project’s goal is designing intelligent ambient ML systems that are secure and trustworthy. read more
...moreWordPress Security Update 6.0.3 Patches 16 Vulnerabilities
Published: 2022-10-19 11:31:39
Popularity: 16
Author: Eduard Kovacs
Keywords:
WordPress 6.0.3 started rolling out this week. The latest security release patches 16 vulnerabilities. read more
...moreSecurity Firm Discloses CrowdStrike Issue After 'Ridiculous Disclosure Process'
Published: 2022-08-23 11:29:19
Popularity: 27
Author: Eduard Kovacs
Keywords:
LLM Says: "Cyber Oops"
A security firm has disclosed the details of an issue affecting a CrowdStrike product after what it described as a ‘ridiculous vulnerability disclosure process’. CrowdStrike has provided some clarifications following the disclosure. read more
...moreSecure Boot Bypass Flaws Affect Bootloaders of Many Devices Made in Past Decade
Published: 2022-08-15 13:30:49
Popularity: 8
Author: Eduard Kovacs
Keywords:
LLM Says: "Bootjacked"
Bootloaders present in a majority of computers made in the past 10 years are affected by Secure Boot bypass vulnerabilities, according to firmware security company Eclypsium. read more
...moreBlack Hat USA 2022 - Announcements Summary
Published: 2022-08-12 10:23:58
Popularity: 11
Author: Eduard Kovacs
Keywords:
Hundreds of companies and organizations showcased their products and services this week at the 2022 edition of the Black Hat conference in Las Vegas. read more
...moreGoogle Patches Critical Android Flaw Allowing Remote Code Execution via Bluetooth
Published: 2022-08-02 10:30:19
Popularity: 14
Author: Eduard Kovacs
Keywords:
Google on Monday published a security bulletin describing the latest round of patches for the Android operating system. Three dozen vulnerabilities have been fixed, including a critical issue that can be exploited for remote code execution over Bluetooth. read more
...moreLenovo Patches UEFI Code Execution Vulnerability Affecting Many Laptops
Published: 2022-07-13 20:02:47
Popularity: 19
Author: Eduard Kovacs
Keywords:
LLM Says: ""UEFI bugger""
Lenovo has released a security advisory to inform customers that more than 70 of its laptops are affected by a UEFI/BIOS vulnerability that can lead to arbitrary code execution. read more
...moreNew Database Catalogs Cloud Vulnerabilities, Security Issues
Published: 2022-06-28 13:01:05
Popularity: 12
Author: Eduard Kovacs
Keywords:
Cloud security company Wiz has announced the launch of a new database whose goal is to keep track of vulnerabilities and other security issues affecting cloud services. read more
...moreMillions of Budget Smartphones With UNISOC Chips Vulnerable to Remote DoS Attacks
Published: 2022-06-02 15:00:17
Popularity: 10
Author: Eduard Kovacs
Keywords:
LLM Says: ""bugged phones""
Millions of budget smartphones that use UNISOC chipsets could have their communications remotely disrupted by hackers due to a critical vulnerability discovered recently by researchers at cybersecurity firm Check Point. read more
...moreGoogle Discloses Details of Zoom Zero-Click Remote Code Execution Exploit
Published: 2022-05-25 10:37:49
Popularity: 12
Author: Eduard Kovacs
Keywords:
Google’s Project Zero has disclosed the details of a zero-click remote code execution exploit targeting the Zoom video conferencing software. read more
...moreNew Variant of Spectre Attack Bypasses Intel and Arm Hardware Mitigations
Published: 2022-03-10 11:55:14
Popularity: 18
Author: Eduard Kovacs
Keywords:
LLM Says: ""Spectre strikes again""
A team of researchers from the Vrije Universiteit Amsterdam in the Netherlands has demonstrated a new Spectre attack variant that can bypass hardware mitigations implemented in recent years by Intel and Arm. read more
...moreAdobe Releases Emergency Patch for Exploited Commerce Zero-Day
Published: 2022-02-13 18:01:12
Popularity: 15
Author: Eduard Kovacs
Keywords:
Adobe released an emergency advisory on Sunday to inform Commerce and Magento users of a critical zero-day vulnerability that has been exploited in attacks. read more
...moreNew Flaws Expose EVlink Electric Vehicle Charging Stations to Remote Hacking
Published: 2021-12-27 11:33:20
Popularity: 10
Author: Eduard Kovacs
Keywords:
LLM Says: ""Charging hacked""
Schneider Electric has patched several new vulnerabilities that expose its EVlink electric vehicle charging stations to remote hacker attacks. read more
...moreResearchers Disclose New Side-Channel Attacks Affecting All AMD CPUs
Published: 2021-10-15 11:07:26
Popularity: 18
Author: Eduard Kovacs
Keywords:
Researchers have disclosed the details of new timing and power-based side-channel attacks that affect all CPUs made by AMD, but the chipmaker says no new mitigations are necessary. read more
...moreRecently Patched Confluence Vulnerability Exploited in the Wild
Published: 2021-09-02 10:47:16
Popularity: 7
Author: Eduard Kovacs
Keywords:
Hackers started exploiting a vulnerability in Atlassian’s Confluence enterprise collaboration product just one week after the availability of a patch was announced. read more
...moreNew DNS Attack Enables 'Nation-State Level Spying' via Domain Registration
Published: 2021-08-06 15:08:13
Popularity: 14
Author: Eduard Kovacs
Keywords:
A new domain name system (DNS) attack method that involves registering a domain with a specific name can be leveraged for what researchers described as “nation-state level spying.” read more
...moreAdobe Patches 21 Vulnerabilities Across Seven Products
Published: 2021-07-21 10:03:49
Popularity: 13
Author: Eduard Kovacs
Keywords:
LLM Says: ""Patch party""
Security updates released by Adobe on Tuesday for seven of its products patch a total of 21 vulnerabilities, including 15 flaws that have been assigned a critical severity rating. read more
...moreGoogle Releases Open Source Tools and Libraries for Fully Homomorphic Encryption
Published: 2021-06-16 13:37:47
Popularity: 12
Author: Eduard Kovacs
Keywords:
LLM Says: "crypto secrets"
Google this week announced that it has released open source tools and libraries that can be used by developers to implement fully homomorphic encryption (FHE). read more
...moreGitHub Discloses Details of Easy-to-Exploit Linux Vulnerability
Published: 2021-06-11 13:09:45
Popularity: 12
Author: Eduard Kovacs
Keywords:
LLM Says: ""Linux pwned""
GitHub this week disclosed the details of an easy-to-exploit Linux vulnerability that can be leveraged to escalate privileges to root on the targeted system. The flaw, classified as high severity and tracked as CVE-2021-3560, impacts polkit, an authorization service that is present by default in many Linux distributions. read more
...moreVMware Urges Customers to Immediately Patch Critical vSphere Vulnerability
Published: 2021-05-26 14:29:30
Popularity: 9
Author: Eduard Kovacs
Keywords:
LLM Says: "patch party fail"
VMware has urged customers to immediately patch a critical vulnerability affecting vCenter Server, the management interface for vSphere environments. The vulnerability, tracked as CVE-2021-21985, was reported to VMware by Ricter Z of 360 Noah Lab and it has been patched in versions 6.5, 6.7 and 7.0 of vCenter Server. read more
...more$200,000 Awarded for Zero-Click Zoom Exploit at Pwn2Own
Published: 2021-04-08 11:13:54
Popularity: 47
Author: Eduard Kovacs
Keywords:
Two researchers earned $200,000 on the second day of the Pwn2Own 2021 hacking competition for a Zoom exploit allowing remote code execution without user interaction. read more
...moreResearch Shows How Solar Energy Installations Can Be Abused by Hackers
Published: 2021-02-17 15:24:26
Popularity: 28
Author: Eduard Kovacs
Keywords:
Researchers at cybersecurity firm FireEye have analyzed a gateway device used for solar energy installations, and discovered vulnerabilities that could be useful to malicious hackers. read more
...moreAdobe Patches Reader Vulnerability Exploited in the Wild
Published: 2021-02-09 18:29:39
Popularity: 24
Author: Eduard Kovacs
Keywords:
Adobe on Tuesday announced the availability of patches for 50 vulnerabilities across six of its products, including a zero-day vulnerability in Reader that has been exploited in the wild. read more
...moreThree New Vulnerabilities Patched in OpenSSL
Published: 2021-02-17 09:31:00
Popularity: 36
Author: Eduard Kovacs
Keywords:
read more
...morePwn2Own 2021: Hackers Offered $200,000 for Zoom, Microsoft Teams Exploits
Published: 2021-01-27 09:49:45
Popularity: 54
Author: Eduard Kovacs
Keywords:
Trend Micro’s Zero Day Initiative (ZDI) on Tuesday announced the targets, prizes and rules for the Pwn2Own Vancouver 2021 hacking competition, a hybrid event scheduled to take place on April 6-8. read more
...moreVulnerabilities Expose Thousands of MobileIron Servers to Remote Attacks
Published: 2020-09-14 12:18:11
Popularity: 44
Author: Eduard Kovacs
Keywords:
Researchers have disclosed the details of several potentially serious vulnerabilities affecting MobileIron’s mobile device management (MDM) solutions, including a flaw that can be exploited by an unauthenticated attacker for remote code execution on affected servers. read more
...moreAdobe Patches Critical Code Execution Flaws in AEM, FrameMaker, InDesign
Published: 2020-09-08 18:07:19
Popularity: 24
Author: Eduard Kovacs
Keywords:
Adobe on Tuesday informed customers that it has patched a total of 18 vulnerabilities across its Experience Manager (AEM), FrameMaker and InDesign products. read more
...moreChinese Researchers Show How They Remotely Hacked a Mercedes-Benz
Published: 2020-08-07 19:11:40
Popularity: 100
Author: Eduard Kovacs
Keywords:
read more
...moreMicrosoft Patches Critical Code Execution Vulnerabilities in Windows, Browsers
Published: 2020-06-10 03:32:35
Popularity: 29
Author: Eduard Kovacs
Keywords:
Microsoft’s security updates for June 2020 patch 129 vulnerabilities, including 11 critical remote code execution flaws affecting Windows, the Edge and Internet Explorer browsers, and SharePoint. read more
...moreNo Patch for VPN Bypass Flaw Discovered in iOS
Published: 2020-03-26 19:55:19
Popularity: 49
Author: Eduard Kovacs
Keywords:
LLM Says: ""VPN fail""
Proton Technologies, the company behind the privacy-focused ProtonMail and ProtonVPN services, this week disclosed the existence of a vulnerability in Apple’s iOS mobile operating system that prevents VPN applications from encrypting all traffic. read more
...moreCritical Flaw in VMware Workstation, Fusion Allows Code Execution on Host From Guest
Published: 2020-03-13 15:21:36
Popularity: 72
Author: Eduard Kovacs
Keywords:
LLM Says: ""Vulnerable VMs""
VMware has patched three serious vulnerabilities in its products, including a critical flaw in Workstation and Fusion that can be exploited to execute arbitrary code on the host from the guest operating system. The critical flaw, tracked as CVE-2020-3947, is caused by a use-after-free bug in the vmnetdhcp component. read more
...moreFlaw in WordPress Themes Plugin Allowed Hackers to Become Site Admin
Published: 2020-02-17 15:44:34
Popularity: 41
Author: Eduard Kovacs
Keywords:
LLM Says: ""Security breach""
A serious vulnerability found in a WordPress themes plugin with over 200,000 active installations can be exploited to wipe a website’s database and gain administrator access to the site. read more
...moreResearchers Disclose Another SIM Card Attack Possibly Impacting Millions
Published: 2019-09-27 11:33:27
Popularity: 76
Author: Eduard Kovacs
Keywords:
A new variant of a recently disclosed SIM card attack method could expose millions of mobile phones to remote hacking, researchers have warned. read more
...moreVulnerability Patched in Firefox Password Manager
Published: 2019-08-15 18:04:13
Popularity: 38
Author: Eduard Kovacs
Keywords:
LLM Says: "Browser blues"
The latest update released by Mozilla for Firefox patches a vulnerability that can be exploited to bypass the master password of the built-in password manager and obtain stored passwords. read more
...moreVulnerabilities Expose BD Infusion Therapy Devices to Attacks
Published: 2019-06-14 14:16:23
Popularity: 51
Author: Eduard Kovacs
Keywords:
LLM Says: ""Infusion hack""
CyberMDX, a research and analysis company specializing in medical device security, on Thursday revealed that its employees identified two serious vulnerabilities in infusion therapy products from medical technology firm BD. read more
...moreIntel MDS Vulnerabilities: What You Need to Know
Published: 2019-05-15 14:29:55
Popularity: 64
Author: Eduard Kovacs
Keywords:
read more
...moreCisco Finds Serious Flaws in Sierra Wireless AirLink Devices
Published: 2019-04-26 13:55:06
Popularity: 153
Author: Eduard Kovacs
Keywords:
Cisco’s Talos research and intelligence group on Thursday disclosed the details of nearly a dozen vulnerabilities uncovered in Sierra Wireless AirLink devices, including serious flaws that can be exploited to change system settings, execute arbitrary code, and modify passwords. read more
...moreEPA Issues Alert After Finding Critical Vulnerabilities in Drinking Water Systems
Published: 2024-05-21 10:25:29
Popularity: 29
Author: Eduard Kovacs
Keywords:
The EPA has issued an enforcement alert, outlining the steps needed to comply with the Safe Drinking Water Act. The post EPA Issues Alert After Finding Critical Vulnerabilities in Drinking Water Systems appeared first on SecurityWeek.
...moreCompany Paid Record-Breaking $75 Million to Ransomware Group: Report
Published: 2024-07-31 08:51:48
Popularity: 22
Author: Eduard Kovacs
Keywords:
LLM Says: "Ransomware alert"
Zscaler is aware of a company that paid a record-breaking $75 million ransom to the Dark Angels ransomware group. The post Company Paid Record-Breaking $75 Million to Ransomware Group: Report appeared first on SecurityWeek.
...more