Hackable Intel and Lenovo hardware that went undetected for 5 years won’t ever be fixed

Hardware sold for years by the likes of Intel and Lenovo contains a remotely exploitable vulnerability that will never be fixed. The cause: a supply chain snafu involving an open source software package and hardware from multiple manufacturers that directly Read More …

Google patches critical vulnerability for Androids with Qualcomm chips

In April’s update for the Android operating system (OS), Google has patched 28 vulnerabilities, one of which is rated critical for Android devices equipped with Qualcomm chips. You can find your device’s Android version number, security update level, and Google Read More …

Unpatchable vulnerability in Apple chip leaks secret encryption keys

A newly discovered vulnerability baked into Apple’s M-series of chips allows attackers to extract secret keys from Macs when they perform widely used cryptographic operations, academic researchers have revealed in a paper published Thursday. The flaw—a side channel allowing end-to-end Read More …

Acer Philippines reports data breach in third-party vendor system

Acer Philippines confirmed through an official statement that a security breach occurred within a third-party vendor’s system. The vendor was responsible for managing Acer Philippines’ employee attendance data, and the breach resulted in the unauthorized access of this information. The Read More …

Vibrator virus steals your personal information

I know that some of you are expecting a post similar to that about a toothbrush botnet, but this is not a hypothetical case. It actually happened. A Malwarebytes Premium customer started a thread on Reddit saying we had blocked Read More …

Operation Triangulation: The last (hardware) mystery

Today, on December 27, 2023, Boris Larin, Leonid Bezvershenko, and Georgy Kucherin delivered a presentation, titled, “Operation Triangulation: What You Get When Attack iPhones of Researchers”, at the 37th Chaos Communication Congress (37C3), held at Congress Center Hamburg. The presentation Read More …

Sneaky GPU.zip technique steals sensitive information from your graphics card

Researchers from four top American universities have uncovered a new way for threat actors to sneakily access visual information from your graphics card while you’re online and browsing certain websites. The researchers call this threat “GPU.zip,” because it takes advantage Read More …

How the EU Cyber Resilience Act Impacts Manufacturers

The European Union (EU) released their new Cyber Resilience Act which is claimed to be the first ever act put in place to ensure consumers are better protected by the manufacturers of both hardware and software products sold within the Read More …

The sound of you typing on your keyboard could reveal your password

As if password authentication’s coffin needed any more nails, researchers in the UK have discovered yet another way to hammer one in. The technique, developed at Durham University, the University of Surrey, and Royal Holloway University of London, builds on Read More …

CISA and NSA Release Joint Guidance on Hardening Baseboard Management Controllers (BMCs)

Today, CISA, together with the National Security Agency (NSA), released a Cybersecurity Information Sheet (CSI), highlighting threats to Baseboard Management Controller (BMC) implementations and detailing actions organizations can use to harden them. BMCs are trusted components designed into a computer’s Read More …