JavaScript bugs aplenty in Node.js ecosystem – found automatically
Credit to Author: Paul Ducklin| Date: Tue, 30 Aug 2022 16:59:14 +0000
How to get the better of bugs in all the possible packages in your supply chain?
Read morevulnerability
Breaching airgap security: using your phone’s gyroscope as a microphone
Credit to Author: Paul Ducklin| Date: Wed, 24 Aug 2022 18:59:07 +0000
One bit per second makes the Voyager probe data rate seem blindingly fast. But it’s enough to break your security assumptions…
Read moreFirefox 104 is out – no critical bugs, but update anyway
Credit to Author: Paul Ducklin| Date: Fri, 26 Aug 2022 16:27:08 +0000
Two trust-spoofing bugs were the main culprits this month – but neither one was a zero-day.
Read moreS3 Ep97: Did your iPhone get pwned? How would you know? [Audio + Text]
Credit to Author: Paul Ducklin| Date: Thu, 25 Aug 2022 15:37:51 +0000
Latest episode – listen now! (Or read the transcript if you prefer the text version.)
Read moreChromeOS vulnerability found by Microsoft
Categories: News Tags: Microsoft Tags: ChromeOS Tags: Chrome Tags: Google Tags: audio Tags: bluetooth Tags: exploit Tags: vulnerability Microsoft has released a report detailing a ChromeOS vulnerability reported to Chrome and fixed within a week. |
The post ChromeOS vulnerability found by Microsoft appeared first on Malwarebytes Labs.
Read moreBreaching airgap security: using your phone’s compass as a microphone!
Credit to Author: Paul Ducklin| Date: Wed, 24 Aug 2022 16:59:07 +0000
One bit per second makes the Voyager probe data rate seem blindingly fast. But it’s enough to break your security assumptions…
Read moreBitcoin ATMs leeched by attackers who created fake admin accounts
Credit to Author: Paul Ducklin| Date: Tue, 23 Aug 2022 15:35:37 +0000
The criminals didn’t implant any malware. The attack was orchestrated via malevolent configuration changes.
Read moreLaptop denial-of-service via music: the 1980s R&B song with a CVE!
Credit to Author: Paul Ducklin| Date: Mon, 22 Aug 2022 16:03:07 +0000
We haven’t validated this vuln ourselves… but the source of the story is impeccable. (Impeccably dressed, at least.)
Read moreUncovering a ChromeOS remote memory corruption vulnerability
Credit to Author: Katie McCafferty| Date: Fri, 19 Aug 2022 21:38:06 +0000
Microsoft discovered a memory corruption vulnerability in a ChromeOS component that could have been triggered remotely, allowing attackers to perform either a denial-of-service (DoS) or, in extreme cases, remote code execution (RCE).
The post Uncovering a ChromeOS remote memory corruption vulnerability appeared first on Microsoft Security Blog.
Read moreApple patches double zero-day in browser and kernel – update now!
Credit to Author: Paul Ducklin| Date: Wed, 17 Aug 2022 23:33:21 +0000
Double 0-day exploits – one in WebKit (to break in) and the other in the kernel (to take over). Patch now!
Read more