exploits – Page 4 – SSL and internet security news

Zero-Day Vulnerabilities against Windows in the NSA Tools Released by the Shadow Brokers

July 28, 2017 infossl

exploits, microsoft, nsa, patching, russia, Security technology, vulnerabilities, windows, zeroday

In April, the Shadow Brokers — presumably Russia — released a batch of Windows exploits from what is presumably the NSA. Included in that release were eight different Windows vulnerabilities. Given a presumed theft date of the data as sometime between 2012 and 2013 — based on timestamps of the documents and the limited Windows … Read More “Zero-Day Vulnerabilities against Windows in the NSA Tools Released by the Shadow Brokers” »

Good Article About Google’s Project Zero

June 30, 2017 infossl

disclosure, exploits, google, patching, Security technology, zeroday

Fortune magazine just published a good article about Google’s Project Zero, which finds and publishes exploits in other companies’ software products. I have mixed feeling about it. The project does great work, and the Internet has benefited enormously from these efforts. But as long as it is embedded inside Google, it has to deal with … Read More “Good Article About Google’s Project Zero” »

CIA Exploits Against Wireless Routers

June 28, 2017 infossl

cia, exploits, implants, Security technology, wikileaks, wireless

WikiLeaks has published CherryBlossom, the CIA’s program to hack into wireless routers. The program is about a decade old. Four good news articles. Five. And a list of vulnerable routers. Powered by WPeMatico

CIA’s Pandemic Toolkit

June 5, 2017 infossl

cia, cyberweapons, exploits, hacking, implants, Security technology, wikileaks

WikiLeaks is still dumping CIA cyberweapons on the Internet. Its latest dump is something called “Pandemic”: The Pandemic leak does not explain what the CIA’s initial infection vector is, but does describe it as a persistent implant. “As the name suggests, a single computer on a local network with shared drives that is infected with … Read More “CIA’s Pandemic Toolkit” »

Smart TV Hack via the Broadcast Signal

April 20, 2017 infossl

exploits, hacking, Security technology, television

This is impressive: The proof-of-concept exploit uses a low-cost transmitter to embed malicious commands into a rogue TV signal. That signal is then broadcast to nearby devices. It worked against two fully updated TV models made by Samsung. By exploiting two known security flaws in the Web browsers running in the background, the attack was … Read More “Smart TV Hack via the Broadcast Signal” »

Security Vulnerabilities in Mobile MAC Randomization

March 20, 2017 infossl

academicpapers, android, cellphones, exploits, ios, iphone, Security technology

Interesting research: “A Study of MAC Address Randomization in Mobile Devices When it Fails“: Abstract: Media Access Control (MAC) address randomization is a privacy technique whereby mobile devices rotate through random hardware addresses in order to prevent observers from singling out their traffic or physical location from other nearby devices. Adoption of this technology, however, … Read More “Security Vulnerabilities in Mobile MAC Randomization” »

FBI's Exploit Against Tor

March 13, 2017 infossl

childpornography, courts, exploits, fbi, hacking, pornography, Security technology, tor

The Department of Justice is dropping all charges in a child-porn case rather than release the details of a hack against Tor. Powered by WPeMatico

WWW Malware Hides in Images

December 7, 2016 infossl

adware, exploits, malware, Security technology, steganography

There’s new malware toolkit that uses steganography to hide in images: For the past two months, a new exploit kit has been serving malicious code hidden in the pixels of banner ads via a malvertising campaign that has been active on several high profile websites. Discovered by security researchers from ESET, this new exploit kit … Read More “WWW Malware Hides in Images” »

Hardware Bit-Flipping Attacks in Practice

October 27, 2016 infossl

academicpapers, android, exploits, hacking, phones, Security technology

A year and a half ago, I wrote about hardware bit-flipping attacks, which were then largely theoretical. Now, they can be used to root Android phones: The breakthrough has the potential to make millions of Android phones vulnerable, at least until a security fix is available, to a new form of attack that seizes control … Read More “Hardware Bit-Flipping Attacks in Practice” »

The NSA Is Hoarding Vulnerabilities

August 26, 2016 infossl

cisco, dhs, edwardsnowden, essays, exploits, lies, nationalsecuritypolicy, nsa, Security technology, vulnerabilities, zeroday

The National Security Agency is lying to us. We know that because of data stolen from an NSA server was dumped on the Internet. The agency is hoarding information about security vulnerabilities in the products you use, because it wants to use it to hack others’ computers. Those vulnerabilities aren’t being reported, and aren’t getting … Read More “The NSA Is Hoarding Vulnerabilities” »