Items tagged with vulnerability
One would think that once a vulnerability received ample coverage and explicit warnings that encouraged uses to patch, we might see a drop-off in attacks. That is not the case; however, as Microsoft is again reporting that the Zerologon security flaw is still being exploited in the wild. This is another succinct...
Read more...
Google’s recently released versions of Chrome and Chrome OS had a bit of an Achilles heel: a rather pesky zero-day vulnerability that could corrupt the system’s memory from the browser or OS. The bug has been given CVE-2020-15999, but has not even been given an official score yet. Google gives the exploit a "high"...
Read more...
A new Bluetooth security vulnerability has appeared, and this time Linux is under the gun. Andy Nguyen, an information security researcher, discovered the vulnerabilities. They are collectively known as BleedingTooth, which allows for zero-click remote code execution on Linux devices within Bluetooth range. The code...
Read more...
Last week, a security researcher team claimed Apple’s T2 security chip onboard many Macs was vulnerable to an exploit that could not be patched. This exploit would give an attacker full root access and kernel execution privileges. Now, another group has showcased a real-world method of this attack over USB-C.
Apple’s...
Read more...
Earlier in the week, we reported on a dangerous exploit with Windows domain controllers called Zerologon. Now, the Cybersecurity and Infrastructure Security Agency (CISA), under the Department of Homeland Security direction, is issuing warnings about the exploit and is pushing government agencies to patch the...
Read more...
Secura digital security advisors and researchers, have discovered a highly critical vulnerability with Active Directory domain controllers. Rated as a 10 of 10 on the Common Vulnerability Scoring System (CVSS), this exploit, dubbed Zerologon, allows nefarious people to take over the domain controller and execute...
Read more...
These days just about everybody takes Bluetooth for granted. Manufacturers phase out useful physical ports like headset jacks in high end devices with the expectation that buyers will use Bluetooth headphones. Our cars, watches, locator tags, home theaters, and even game controllers rely on the ubiquitous short-range...
Read more...
BootHole GRUB2 Bootloader Security Exploit Discovered, Affects Billions Of Windows And Linux Devices
Bootloaders are an essential bit of software for almost every modern electronic device. Unfortunately, any vulnerabilities in the bootloader can open a device up to attackers. Eclypsium researchers recently discovered a buffer overflow vulnerability in the GRUB2 bootloader, nicknamed “BootHole”. This affects any...
Read more...
Another Microsoft Patch Tuesday has come and gone. Ninety-nine flaws in total were addressed during this major patch. Unfortunately, the update does not provide a blanket fix for all ninety-nine issues. There are various prerequisites before some users will be able to install a patch for a secure boot...
Read more...
Is your Bluetooth connection secure? Researchers recently discovered a Bluetooth vulnerability that could allow hackers to intercept and manipulate a user’s communications. The researchers tested and found seventeen vulnerable Bluetooth chips in devices from companies such as Intel, Apple, Lenovo, and Qualcomm.
The...
Read more...
Researchers recently uncovered Windows kernel security flaws that affect over 40 drivers from 20 different vendors. The vulnerabilities could give attackers access to a device's hardware and firmware. Researchers from Eclypsium shared their troubling findings this past week at the DEF CON 27 security conference in Las...
Read more...
Millions of Dell And Other Brand PCs Vulnerable To System Hijack Security Flaw In 3rd Party Software
Some laptop and desktop consumers may want to double-check that they have recently updated their devices. It was discovered that millions of Dell PCs as well as other brands could be vulnerable to hackers. The security flaw was caused by a 3rd party software package and affected Dell’s SupportAssist software, as well...
Read more...
Another day, another device vulnerability. It was recently discovered that hackers are able to remotely execute code with admin privileges through a Dell SupportAssist utility vulnerability. It is believed that a “high number” of users could be impacted.
American security researcher Bill Demirkapi discovered the...
Read more...
It has been nearly a week since security researcher John Page reported that he had found an Internet Explorer XML eXternal Entity (XXE) vulnerability. A new layer of this vulnerability has been recently discovered and the implications are far more serious. A Microsoft Edge feature may threaten Internet Explorer’s...
Read more...
Is your data secure? Researchers recently discovered a new variation of the Bleichenbacher oracle attack that could threaten TLS 1.3 encryption. Seven researchers discovered that OpenSSL, Amazon s2n, MbedTLS, Apple CoreTLS, Mozilla NSS, WolfSSL, and GnuTLS utilized TLS protocols vulnerable to attacks. Google's new...
Read more...
Most of the security vulnerabilities we write about at HotHardware fortunately won't affect the vast majority of readers. Either these exploits require user interaction to kick-start, or you have to be of particular interest as a target for someone to go through the effort of executing more complex attacks against you...
Read more...
Hackers do not need to bust open a Drama Llama Piñata to get the best loot in Fortnite. Epic Games recently patched a vulnerability that would have granted hackers access to users’ accounts. Nefarious parties would have been able to acquire users’ in-game currency and the last four digits of their credit card.
The...
Read more...
We have all seen it on Facebook -- one of your friends “shares” a link to a new shake that will help you lose ten pounds in two days or a code to get suspiciously discounted Ray-Bans. Thankfully, most of these posts are obviously spam. Unfortunately, hackers are finding more ways to post annoying and potentially...
Read more...
New Spectre flaws have been revealed by the former head of Intel's advanced thread team, Yuriy Bulygin. This is a man who knows what he's doing, so his opinions and findings are not to be treated as fly-by-night like some others. Through his new security agency, Eclypsium (a neat name, it must be said), Bulygin posts...
Read more...
With critical vulnerabilities like Meltdown and Spectre having been disclosed to the public, it's clearer than ever that more eyeballs are needed when it comes to making sure that our software and hardware is secure. Not long after Intel suffered the bulk of fallout from Meltdown and Spectre, the company bolstered its...
Read more...
Researchers at Purdue University and the University of Iowa have just exposed a list of LTE vulnerabilities that could create quite a headache for carriers (and consumers) if not fixed soon. Using a framework the researchers call LTEInspector, eight of the ten new vulnerabilities were tested as working on a testbed...
Read more...
There are a number of ways to tell if your computer is vulnerable to the Spectre or Meltdown security exploits that have been making rounds over the last several weeks. For instance, Microsoft has a tool that will analyze your rig and tell you, but it is a PowerShell script that gives you results that you almost need...
Read more...
