All about Security, News, Events and Incidents

Discussion in 'Security and Anti-Virus Software' started by Dr. AMK, Apr 26, 2018.

  1. Papusan

    Papusan JOKEBOOKs Sucks! Dont waste your $$$ on FILTHY

    Reputations:
    32,320
    Messages:
    26,870
    Likes Received:
    49,637
    Trophy Points:
    931
    [​IMG]
    Researchers Demonstrate Apple T2 Security Chip Root Access Vulnerability Via USB-C Port
    hothardware.com | Oct 13, 2020

    Last week, a security researcher team claimed Apple’s T2 security chip onboard many Macs was vulnerable to an exploit that could not be patched. This exploit would give an attacker full root access and kernel execution privileges. Now, another group has showcased a real-world method of this attack over USB-C...


    While this issue can be a concern for the average user, you can avoid problems by not leaving your devices accessible by unsavory individuals. It will be interesting to see if Apple has a response to these revelations
     
    Vasudev, jclausius, cfe and 1 other person like this.
  2. Vasudev

    Vasudev Notebook Nobel Laureate

    Reputations:
    9,201
    Messages:
    10,869
    Likes Received:
    8,186
    Trophy Points:
    931
    Nice but Macbooks always shipped with Thunderbolt 3 first then fallback to USB C based ports which we see today on most Intel gaming books. So, I think TB3 could be the attack vector nowadays.
     
    Papusan and Dr. AMK like this.
  3. Papusan

    Papusan JOKEBOOKs Sucks! Dont waste your $$$ on FILTHY

    Reputations:
    32,320
    Messages:
    26,870
    Likes Received:
    49,637
    Trophy Points:
    931
    Security Flaw In 800,000 SonicWall VPNs Can Be Exploited By Unskilled Hackers, Patch Now hothardware.com | Today

    A security firm warns that an "unskilled attacker" could leverage a security flaw in SonicWall VPN (virtual private network) appliances to run arbitrary code remotely, causing a persistent denial of service (DoS) condition. Or put more plainly, the SonicWall VPN has a serious security hole that makes it easy for even armchair hackers to wreak havoc.
     
    jclausius, Vasudev and Dr. AMK like this.
  4. Papusan

    Papusan JOKEBOOKs Sucks! Dont waste your $$$ on FILTHY

    Reputations:
    32,320
    Messages:
    26,870
    Likes Received:
    49,637
    Trophy Points:
    931
    SECURITY
    NVIDIA patches high severity GeForce Experience vulnerabilities blepingcomputer.com | Today

    NVIDIA released a security update for the Windows NVIDIA GeForce Experience (GFE) app to address vulnerabilities that could enable attackers to execute arbitrary code, escalate privileges, gain access to sensitive info, or trigger a denial of service (DoS) state on systems running unpatched software.
     
    Vasudev, jclausius, cfe and 1 other person like this.
  5. cfe

    cfe Notebook Geek

    Reputations:
    278
    Messages:
    91
    Likes Received:
    196
    Trophy Points:
    41
    Google reports another twofer chrome&windows zero-day

    Windows patch expected Nov 11:

    "The Google Project Zero team notified Microsoft last week and gave the company seven days to patch the bug. Details were published today, as Microsoft did not release a patch in the allotted time."

    at least there's no suspicion of nation-state threat actor using to target imminent US election.
     
  6. Dr. AMK

    Dr. AMK Living with Hope

    Reputations:
    3,532
    Messages:
    2,122
    Likes Received:
    4,395
    Trophy Points:
    281
    Big Windows Security vulnerability discovered by Google October 31st 2020
     
    Vasudev, jclausius, cfe and 1 other person like this.
  7. Papusan

    Papusan JOKEBOOKs Sucks! Dont waste your $$$ on FILTHY

    Reputations:
    32,320
    Messages:
    26,870
    Likes Received:
    49,637
    Trophy Points:
    931
    [​IMG]
    Windows 10, iOS, Chrome, and many others fall at China's top hacking contest zdnet.com | today

    Winning hacker team pockets $744,500 at the Tianfu Cup, China's top hacking contest.

    Many of today's top software programs have been hacked using new and never-before-seen exploits at this year's edition of the Tianfu Cup — China's largest and most prestigious hacking competition.

    All exploits were reported to the software providers, per contest regulations, modeled after the rules of the more established Pwn2Own hacking competition that has been taking place in the west since the late 2000s.

    Patches for all the bugs demonstrated over the weekend will be provided in the coming days and weeks, as it usually happens after every TianfuCup and Pwn2Own contest.
     
    Vasudev, jclausius, cfe and 1 other person like this.
  8. Papusan

    Papusan JOKEBOOKs Sucks! Dont waste your $$$ on FILTHY

    Reputations:
    32,320
    Messages:
    26,870
    Likes Received:
    49,637
    Trophy Points:
    931
    A host of anti-virus engines are flagging recent Dell printer drivers as unsafe neowin.com
    [​IMG]

    Recent releases of Dell printer drivers for various versions of Windows are being flagged by a number of anti-virus programs as malware, as spotted and reported by journalist Brian Krebs on Twitter (via WindowsCentral). A few examples of such reports can be viewed on Virus Total that provides logs of malware detection by various anti-virus programs.
    -----------------------------------------------------------------------------
    While AMD and Apple throw out new processors.... Microsoft continue helping Intel to patch their never ending CPU security bugs.

    Windows 10 Intel microcode released to fix new CPU security bugs bleepingcomputers.com

    Microsoft has released a new batch of Intel microcode updates for Windows 10 20H2, 2004, 1909, and older versions to fix new hardware vulnerabilities discovered in Intel CPUs.

    When Intel finds bugs in their CPUs, they release microcode updates that allow operating systems to patch the behavior of the CPU to fix, or at least mitigate, the bug.

    ------------------------------------------------------------------

    Europeans don't trust US tech giants with their data betanews.com
    [​IMG]
    A new study reveals that 82 percent of Europeans don't trust US tech giants with their personal files, despite increasing reliance on cloud services due to COVID-19.

    The survey of 4,500 people across the UK, France and Germany, conducted by pCloud, one of Europe's fastest-growing file-sharing and cloud storage providers, finds the biggest concerns are personal data being used for commercial gain (51 percent) and the possibility of hacks (43 percent)....

    The location of data servers is important to users, with 82 percent saying they would rather have their data stored in Europe than the United States, while 74 percent say they check the security features offered before choosing a cloud services provider. 68 percent of users say they would feel more confident putting files in the cloud if the provider was not able to see what was being stored there.

    --------------------------------------------------------------


    [​IMG]
    SecurityBitdefender is struggling with serious security problems heise.de

    The manufacturer needed up to four attempts to eliminate a total of ten critical security gaps.

    Computer science student David L. analyzed Bitdefender's code for unpacking UPX-compressed files and found critical errors in almost every step . All of the bugs are not really hard to find gaps, but rather bread & butter gaps for security researchers, as can be easily found with fuzzing. Almost half caused the lack of the important length check in memory operations. Tavis Ormandy, who has identified several such loopholes in AV software himself, promptly comments that it is "irresponsible to deliver code like this".

    Antivirus software as a security risk
    The findings once again confirm the fact that heise Security documented as a gateway in antivirus software as early as 2007 , that whenever a security researcher "knocks on antivirus software", critical security gaps tumble out below. Researchers illustrated this again in 2014 and it does not seem to have fundamentally changed. Antivirus software is a potential security problem.
     
    Last edited: Nov 11, 2020
  9. Papusan

    Papusan JOKEBOOKs Sucks! Dont waste your $$$ on FILTHY

    Reputations:
    32,320
    Messages:
    26,870
    Likes Received:
    49,637
    Trophy Points:
    931
    SECURITY
    Intel fixes 95 vulnerabilities in November 2020 Platform Update bleepingcomputers.com
    Intel addressed 95 vulnerabilities as part of the November 2020 Patch Tuesday, including critical ones affecting Intel Wireless Bluetooth products and Intel Active Management Technology (AMT).


    "At this time, we are not aware of any of these issues being used in actual attacks," Bryant added.

    As expected, people should be more worried about running into malware and attacks other ways than through the disclosed Intel vulnerabilities. The web is a dangerous place regardless if you patch your machines with latest Intel MC or not. If you want the latest bios updates from your OEM/Win Update to fix a "not widespread" security problem today, then expext have to deal with 100C and random Boost clocks due Plundervolt patch. The choice is yours.

    [​IMG]

    SECURITY
    New tool lets attackers easily create reply-chain phishing emails bleepingcomputers.com

    A new email tool advertised on a cybercriminal forum provides a stealthier method for carrying out fraud or malware attacks by allowing messages to be injected directly into the victim's inbox.

    By slipping content in the normal email flow, the utility can help bypass protections that verify messages traveling to their destination mail server.
    upload_2020-11-12_21-24-9.png

    Ransomware gang hacks Facebook account to run extortion ads bleepingcomputer.com

    A ransomware group has now started to run Facebook advertisements to pressure victims to pay a ransom.

    This new tactic of promoting attacks through Facebook shows the continuing evolution of ransomware extortion. With ransom demands and payments in the tens of millions, we can expect to see further escalations in the future.

    ---------------------------------------------------------------------------

    Microsoft urges users to stop using phone-based multi-factor authentication zdnet.de

    Microsoft recommends using app-based authenticators and security keys instead.
     
    Last edited: Nov 12, 2020
    Vasudev and jclausius like this.
  10. Papusan

    Papusan JOKEBOOKs Sucks! Dont waste your $$$ on FILTHY

    Reputations:
    32,320
    Messages:
    26,870
    Likes Received:
    49,637
    Trophy Points:
    931
    Serious Intel Boot Guard Exploit Leaves Unpatched PCs
    http://forum.notebookreview.com/thr...atches-and-more.812424/page-133#post-11058854

    --------------------------------------------------------------------------------

    TCL Android smart TVs may have 'Chinese backdoor' — protect yourself now tomsguide.com By Paul Wagenseil 2 days ago

    Security researchers say they found some very serious issues...

    TCL smart TVs running Android seem to have huge security holes and could even be designed to spy on users around the world, two security researchers say. The issues do not affect TCL sets running Roku software.

    "I can wholeheartedly say that there were multiple moments that I, and another security researcher that I met along the way, couldn't believe what was happening," wrote a researcher calling himself "Sick Codes" in a blog post earlier this week. "On multiple occasions I found myself feeling as though, 'you couldn't even make this up.'"
     
    Vasudev and jclausius like this.
Loading...

Share This Page