Apple iPhone Malware Tactic Causes Fake Shutdowns to Enable Spying

In the world of mobile malware, simply shutting down a device can often wipe out any bad code, given that persistence after rebooting is a challenge for traditional malicious activity. But a new iPhone technique can hijack and prevent any Read More …

PoC exploit released for Microsoft Exchange bug dicovered by NSA

Technical documentation and proof-of-concept exploit (PoC) code is available for a high-severity vulnerability in Microsoft Exchange Server that could let remote attackers execute code on unpatched machines. The flaw is for one of the four that the National Security Agency Read More …

Second Google Chrome zero-day exploit dropped on twitter this week

A second Chromium zero-day remote code execution exploit has been released on Twitter this week that affects current versions of Google Chrome, Microsoft Edge, and likely other Chromium-based browsers. A zero-day vulnerability is when detailed information about a vulnerability or Read More …

Windows Exploit Released For Microsoft ‘Zerologon’ Flaw

Proof-of-concept (PoC) exploit code has been released for a Windows flaw, which could allow attackers to infiltrate enterprises by gaining administrative privileges, giving them access to companies’ Active Directory domain controllers (DCs). The vulnerability, dubbed “Zerologon,” is a privilege-escalation glitch Read More …

Researchers Warn of Flaw Affecting Millions of IoT Devices

Researchers are urging connected-device manufacturers to ensure they have applied patches addressing a flaw in a module used by millions of Internet-of-Things (IoT) devices. If exploited, researchers speculated that the flaw could allow attackers to knock out a city’s electricity Read More …

‘Lamphone’ Hack Uses Lightbulb Vibrations to Eavesdrop on Homes

Researchers have discovered a novel way to spy on conversations that are happening in houses from almost a hundred feet away. The hack stems simply from a lightbulb hanging in the home. The hack, dubbed “lamphone,” is performed by analyzing Read More …

Bluetooth LE devices impacted by SweynTooth vulnerabilities

A team of academics from Singapore has published this week a research paper detailing a collection of vulnerabilities named SweynTooth that impact devices running the Bluetooth Low Energy (BLE) protocol. More specifically, the SweynTooth vulnerabilities impact the software development kits (SDKs) responsible Read More …

An In-Depth Technical Analysis of CurveBall (CVE-2020-0601)

The first Microsoft patch Tuesday of 2020 contained fixes for CVE-2020-0601, a vulnerability discovered by the United States’ National Security Agency (NSA) that affects how cryptographic certificates are verified by one of the core cryptography libraries in Windows that make up part of Read More …