Category: vulnerabilities

Auto Added by WPeMatico

Serious MacOS Vulnerability Patched

Posted on By infossl
apple, malware, operating systems, patching, Security technology, Uncategorized, vulnerabilities

Apple just patched a MacOS vulnerability that bypassed malware checks. The flaw is akin to a front entrance that’s barred and bolted effectively, but with a cat door at the bottom that you can easily toss a bomb through. Apple mistakenly assumed that applications will always have certain specific attributes. Owens discovered that if he … Read More “Serious MacOS Vulnerability Patched” »

Security Vulnerabilities in Cellebrite

Posted on By infossl
intelligence, police, Security technology, signal, smartphones, Uncategorized, vulnerabilities

Moxie Marlinspike has an intriguing blog post about Cellebrite, a tool used by police and others to break into smartphones. Moxie got his hands on one of the devices, which seems to be a pair of Windows software packages and a whole lot of connecting cables. According to Moxie, the software is riddled with vulnerabilities. … Read More “Security Vulnerabilities in Cellebrite” »

When AIs Start Hacking

Posted on By infossl
artificial intelligence, essays, hacking, Security technology, Uncategorized, vulnerabilities

If you don’t have enough to worry about already, consider a world where AIs are hackers. Hacking is as old as humanity. We are creative problem solvers. We exploit loopholes, manipulate systems, and strive for more influence, power, and wealth. To date, hacking has exclusively been a human activity. Not for long. As I lay … Read More “When AIs Start Hacking” »

Accellion Supply Chain Hack

Posted on By infossl
hacking, patching, Security technology, supply chain, Uncategorized, vulnerabilities

A vulnerability in the Accellion file-transfer program is being used by criminal groups to hack networks worldwide. There’s much in the article about when Accellion knew about the vulnerability, when it alerted its customers, and when it patched its software. The governor of New Zealand’s central bank, Adrian Orr, says Accellion failed to warn it … Read More “Accellion Supply Chain Hack” »

Easy SMS Hijacking

Posted on By infossl
authentication, cell phones, cybercrime, Security technology, sms, Uncategorized, vulnerabilities

Vice is reporting on a cell phone vulnerability caused by commercial SMS services. One of the things these services permit is text message forwarding. It turns out that with a little bit of anonymous money — in this case, $16 off an anonymous prepaid credit card — and a few lies, you can forward the … Read More “Easy SMS Hijacking” »

Exploiting Spectre Over the Internet

Posted on By infossl
exploits, google, Security technology, Uncategorized, vulnerabilities

Google has demonstrated exploiting the Spectre CPU attack remotely over the web: Today, we’re sharing proof-of-concept (PoC) code that confirms the practicality of Spectre exploits against JavaScript engines. We use Google Chrome to demonstrate our attack, but these issues are not specific to Chrome, and we expect that other modern browsers are similarly vulnerable to … Read More “Exploiting Spectre Over the Internet” »

On Not Fixing Old Vulnerabilities

Posted on By infossl
malware, patching, Security technology, Uncategorized, vulnerabilities

How is this even possible? …26% of companies Positive Technologies tested were vulnerable to WannaCry, which was a threat years ago, and some even vulnerable to Heartbleed. “The most frequent vulnerabilities detected during automated assessment date back to 2013­2017, which indicates a lack of recent software updates,” the reported stated. 26%!? One in four networks? … Read More “On Not Fixing Old Vulnerabilities” »

Twelve-Year-Old Vulnerability Found in Windows Defender

Posted on By infossl
malware, microsoft, patching, Security technology, Uncategorized, vulnerabilities, windows

Researchers found, and Microsoft has patched, a vulnerability in Windows Defender that has been around for twelve years. There is no evidence that anyone has used the vulnerability during that time. The flaw, discovered by researchers at the security firm SentinelOne, showed up in a driver that Windows Defender — renamed Microsoft Defender last year … Read More “Twelve-Year-Old Vulnerability Found in Windows Defender” »