Items tagged with exploit
It seems as though we can't escape a single week without hearing about a new widespread security exploit that puts us all at risk. This week, the newly detailed attack taking center stage is called Simjacker, and it was revealed by the folks at AdaptiveMobile Security. As its name implies, Simjacker works primarily by exploiting the SIM cards that all of our smartphone use. As the researchers explain it, this new exploit represents a "huge jump in complexity and sophistication" in comparison to other attack vectors that have propagated over mobile networks. Although Simjacker is quite an intricately-executed exploit, we'll give you a brief overview of how it claims its victims. First of...
Read more...
In the web browser world, Google Chrome is tops and is offered on multiple platforms including Windows 10, macOS, Linus, iOS and Android. however, web developer named Jim Fisher has found an exploit that nefarious developers can use to trick Chrome on Android users into thinking they are on a legitimate website. Fisher shows on his blog how a website can replace the Chrome for Android address bar and tabs UI using a few tricks. All Chrome for Android users know that when you scroll down a page using the browser, the top of the UI with your address bar and tabs are hidden from view. Fisher found that the scrolling of the page could be "jailed" so when the user scrolls back up the page, the...
Read more...
Most of the security vulnerabilities we write about at HotHardware fortunately won't affect the vast majority of readers. Either these exploits require user interaction to kick-start, or you have to be of particular interest as a target for someone to go through the effort of executing more complex attacks against you or your devices. But then there are those vulnerabilities that could impact any of us at any time, and worse, can be exploited with the ultimate of ease. Embedi is a security firm that focuses on embedded devices and operating systems (hence the name). Through its research efforts, the company discovered some serious issues with the firmware of the widely-used ThreadX RTOS...
Read more...
It appears that T-Mobile has only recently squashed a rather serious bug that affected one of the company's subdomains used by staff. In this case, promotool.t-mobile.com was not password protected, allowing anyone that stumbled across it to access stored data. According to ZDNet, which first reported on the website bug, anyone could add a T-Mobile customer’s phone number to the end or the website address after which they would gain access to a treasure trove of information. Personal customer details such as full name, address, account number, account PIN and tax identification number (in certain instances) were all made visible. Most wireless carriers allow you set a PIN for your...
Read more...
New Spectre flaws have been revealed by the former head of Intel's advanced thread team, Yuriy Bulygin. This is a man who knows what he's doing, so his opinions and findings are not to be treated as fly-by-night like some others. Through his new security agency, Eclypsium (a neat name, it must be said), Bulygin posts of a new application of speculative execution attacks which hinge on Spectre variant 1 (bounds check bypass), although it's believed that the same exploit would work with variant 2 (branch target injection), as well. Ultimately, Bulygin's exploit leverages the bounds check bypass element of Spectre's variant 1 to circumvent the system management range register (SMRR) protection of...
Read more...
WhatsApp users have been forwarding a message around that some might find incredibly annoying. The message will cause the app to hang for a bit, after which it will then function normally. No malicious content is transferred with the message according to reports. The message reads "If you touch the black point your WhatsApp will hang." The message is then forwarded by a black dot and in some cases emojis. Naturally, a good portion of the people who get it can't resist the temptation to touch the black dot. As for why the message can cause WhatsApp to hang, it has to do with symbols included in the message that WhatsApp doesn’t recognize. Since the app doesn't recognize the characters,...
Read more...
If you grabbed the free Super Mario Odyssey DLC that landed this week and have encountered what appear to be cheaters in Nintendo's Luigi's Balloon World game, you know the frustration that some folks are likely going through right now. These cheating players are using a glitch in a game that allows them to move through walls to hide the balloons, that players are tasked with finding, in areas that are out of bounds to honest players that are not exploiting the glitch. If you are unfamiliar with the Balloon World mode, it's sort of like a game of hide and seek from your childhood, only the hider is placing balloons in the worlds of the game and then the seekers must go and find them. If...
Read more...
If you've been following the tech or security news for the past few days, then you no doubt know of a security vulnerability that reportedly affects all Intel processors. OS vendors have been working to mitigate the issue with kernel patches, but those software Band-Aids can come with some performance handicaps as a side effect. Today, we're learning more about what exactly is going on, and that there are not one, but actually two vulnerabilities that have been disclosed. It's bad enough that one of them targets Intel processors, but the second affects ALL modern processors as well -- including those based on architectures from Intel, AMD and ARM. So, we present to you Meltdown and Spectre....
Read more...
Microsoft and Google don't have that much love for each other. The two are rivals in the search market with Google being far and away the most popular search engine, leaving Bing with the table scraps. Google also has the most popular mobile operating system forcing Microsoft to admit that its mobile OS is dead. Google also went public with a Windows flaw bask in February that Microsoft was slow to patch, seemingly as a way to shame Redmond into patching the issues. Microsoft is now hitting back at Google with a bit of admonishment for a security issue in the Chrome browser. Reports indicate that Microsoft found a Chrome vulnerability last month and outlined how the browser could be exploited....
Read more...
A security company called Armis is spilling the beans on a collection of eight different exploits that it is collectively calling BlueBorne. These exploits can allow a hacker access to your phone in seconds without having physical access to the device. Perhaps the scariest part of the exploit is that BlueBorne isn't limited to your phone alone; the hack can allow access to phones, computers, and IoT devices. Armis notes that it believes more vulnerabilities lie waiting to be discovered in various platforms that use the Bluetooth wireless communications standard. The firm says that its research proves these vulnerabilities exist and that they can be exploited. BlueBorne can be used to...
Read more...
Gaming is meant to be fun, but it just can't be all of the time. That's because players of online games have to be constantly aware of looming threats. Yet another new case of an attack, involving a game called ROBLOX, highlights the fact that it's not just the game itself that is at risk sometimes, but the tools surrounding it. Despite the fact that ROBLOX mimics Minecraft in that its an open-world sandbox game, it actually came out years before Mojang released even an alpha. Today, the game enjoys an impressive 12 million monthly users, many of whom use the ultra-successful platform Discord to chat to friends. It's Discord in this case that's the big threat, though, again proving to us that...
Read more...
Another day, another government spying exploit rises to the surface courtesy of Wikileaks, this time originating from the CIA. This WikiLeaks data dump specifically lets us know of a CIA-engineered spying tool called OutlawCountry (no space), which, interestingly enough, explicitly targets Linux users. You know, those digital freedom loving passionate penguin peeps that appreciate having great control over their computer? But don't worry, the CIA has targeted Windows users en masse in the past as well; absolutely no one has proven safe and they obviously don't discriminate. OutlawCountry starts out as a Linux kernel module (nf_table_6_64.ko) that gets loaded into the system and...
Read more...
The Wanna Decrypter ransomware that began floating around the Internet late last week, or WannCry as it's commonly known, has made a lasting impact, with hundreds of thousands of PCs worldwide being affected. What the malware does is even more alarming: one minute, you're using your computer normally; the next, your data is locked away behind a key unless you fork over hundreds of dollars in ransom money. As has become typical of ransomware, WannaCry will demand payment via Bitcoin in order to recover the data the attackers locked down. Once payment is received, an encryption key is typically (but not always) sent that will allow the user to recover their data. It's a chore for the inexperienced...
Read more...
Last Friday, we reported on a major cyberattack involving ransomeware that hit a large number of computers - including some belonging to the UK's National Health Service. At first, the malware's reach wasn't too clear, but as the weekend went on, we learned that the number of affected PCs reached at least 200,000 worldwide. Given the nature of this beast, that is downright terrifying. The big question right now is, "Who's at fault?" The blame could easily be shifted to Microsoft, as the bug that allowed this to happen was directly attributed to its own code. While the company is to be commended for releasing a rare Windows XP patch to help squash the bug, it comes a bit too late. Microsoft knew...
Read more...
