AMD has informed customers that it will soon release processor microcode updates that should mitigate one of the recently disclosed Spectre vulnerabilities, and Microsoft has resumed delivering security updates to devices with AMD CPUs. Shortly after researchers revealed the Spectre and Meltdown attack methods, which allow malicious actors to bypass memory isolation mechanisms and access […]
A security vulnerability impacting macOS High Sierra allows admins to unlock the AppStore Preferences in System Preferences by providing any password. The issue was found to affect macOS 10.13.2, the latest iteration of the platform, and can be reproduced only if the user is logged in as administrator. For non-admin accounts, the correct credentials are […]
Attack is Simple to Exploit, Has Incredible Destructive Potential Researchers have discovered a flaw in Intel’s Advanced Management Technology (AMT) implementation that can be abused with less than a minute of physical access to the device. An Evil Maid attack could ultimately give an adversary full remote access to a corporate network without having to […]
A critical security vulnerability has been reported in phpMyAdmin—one of the most popular applications for managing the MySQL database—which could allow remote attackers to perform dangerous database operations just by tricking administrators into clicking a link. Discovered by an Indian security researcher, Ashutosh Barot, the vulnerability is a cross-site request forgery (CSRF) attack and affects […]
Security researchers have unearthed multiple vulnerabilities in hundreds of GPS services that could enable attackers to expose a whole host of sensitive data on millions of online location tracking devices managed by vulnerable GPS services. The series of vulnerabilities discovered by two security researchers, Vangelis Stykas and Michael Gruhn, who dubbed the bugs as ‘Trackmageddon’ […]
An Android banking trojan that targets more than 232 banking apps has been uncovered, targeting financial institutions globally. According to Quick Heal Security Labs, Banker A2f8a is designed for stealing login credentials, hijacking SMS messages, uploading contact lists and texts to a malicious server, displaying an overlay screen (to capture details) on top of legitimate […]
It’s bad news for older Windows 7 and Windows 8 machines Microsoft is taking the surprise step of detailing how Spectre and Meltdown firmware updates may affect PC performance. The tech industry has been scrambling to issue updates to protect against the two CPU security flaws over the past week, and there have been many […]
Amazon, Google and Microsoft rush to fix chip flaws that could leave cloud customers at risk of having their data accessed or stolen by other users As the cloud provider community mobilises to protect users from two long-standing processor-based security flaws, researchers suggest a rip and replace of their underlying CPU hardware may be required […]
A researcher that goes by the handle “Siguza” released details of a local privilege escalation attack against macOS that dates back to 2002. A successful attack could give adversaries complete root access to targeted systems. Siguza released details of the attack on Dec. 31 via Twitter, wishing followers a “Happy New Year” and linked to […]
Nearly two dozen Android flashlight and related utility apps were removed from the Google Play marketplace after researchers found a malicious advertising component dubbed “LightsOut” inside them. In total, the apps were downloaded between 1.5 and 7.5 million times. Security researchers at Check Point researcher discovered the family of malicious apps that “generated illegal ad […]
