Items tagged with vulnerability
Another Microsoft Patch Tuesday has come and gone. Ninety-nine flaws in total were addressed during this major patch. Unfortunately, the update does not provide a blanket fix for all ninety-nine issues. There are various prerequisites before some users will be able to install a patch for a secure boot vulnerability. “CVE-2020-0689” or the “Microsoft Secure Boot Security Feature Bypass Vulnerability” allows attackers to bypass secure boots. A secure boot is intended to guarantee that a device is only making use of software with valid credentials from an Original Equipment Manufacturer (OEM). However, this vulnerability permits attackers to load their own software. Thankfully,...
Read more...
Is your Bluetooth connection secure? Researchers recently discovered a Bluetooth vulnerability that could allow hackers to intercept and manipulate a user’s communications. The researchers tested and found seventeen vulnerable Bluetooth chips in devices from companies such as Intel, Apple, Lenovo, and Qualcomm. The findings were presented at the USENIX Security Symposium by researchers from the Center for IT-Security, Privacy and Accountability (CISPA). The vulnerability has been nicknamed “Key Negotiation Of Bluetooth” or “KNOB”. Every time two Bluetooth devices establish a connection, they also create a new encryption key. Unfortunately, not every device has a...
Read more...
Researchers recently uncovered Windows kernel security flaws that affect over 40 drivers from 20 different vendors. The vulnerabilities could give attackers access to a device's hardware and firmware. Researchers from Eclypsium shared their troubling findings this past week at the DEF CON 27 security conference in Las Vegas, Nevada. Why are there so many vulnerable drivers? According to Mickey Shkatov, Principal Researcher at Eclypsium, bad coding practices are to blame. Many drivers are meant to be flexible and able to perform a wide variety of actions instead of performing specific tasks. Shkatov noted, “It's easier to develop software by structuring drivers and applications this way,...
Read more...
Millions of Dell And Other Brand PCs Vulnerable To System Hijack Security Flaw In 3rd Party Software
Some laptop and desktop consumers may want to double-check that they have recently updated their devices. It was discovered that millions of Dell PCs as well as other brands could be vulnerable to hackers. The security flaw was caused by a 3rd party software package and affected Dell’s SupportAssist software, as well other rebranded versions of this particular software that Dell and other brands employ. The Dell SupportAssist software is pre-installed on devices and is intended to “proactively checks the health of your system’s hardware and software.” Since SupportAssist runs health checks on a device, it has unfettered access to the system. SupportAssist is able...
Read more...
Another day, another device vulnerability. It was recently discovered that hackers are able to remotely execute code with admin privileges through a Dell SupportAssist utility vulnerability. It is believed that a “high number” of users could be impacted. American security researcher Bill Demirkapi discovered the vulnerability. The vulnerability affects users who use non-updated versions of the Dell SupportAssist tool. This tool comes pre-installed on Dell devices alongside Windows OS. The hackers use a ARP Spoofing and a DNS Spoofing attack. The attackers lead users to a subdomain of dell.com. Once users have reached the site, the DNS Spoofing attack will return an “incorrect”...
Read more...
It has been nearly a week since security researcher John Page reported that he had found an Internet Explorer XML eXternal Entity (XXE) vulnerability. A new layer of this vulnerability has been recently discovered and the implications are far more serious. A Microsoft Edge feature may threaten Internet Explorer’s security. The vulnerability is a XML eXternal Entity or XXE attack. The attack occurs when an XML parser processes an XML input that includes a reference to an external entity. This type of attack could lead to the unwanted disclosure of sensitive information and a slew of other issues. In Page’s demonstration, he opened a malicious MHL file with a file manager. Internet...
Read more...
Is your data secure? Researchers recently discovered a new variation of the Bleichenbacher oracle attack that could threaten TLS 1.3 encryption. Seven researchers discovered that OpenSSL, Amazon s2n, MbedTLS, Apple CoreTLS, Mozilla NSS, WolfSSL, and GnuTLS utilized TLS protocols vulnerable to attacks. Google's new QUIC encryption protocol proved to be in danger as well. Their findings were published this past November in an article entitled, “The 9 Lives of Bleichenbacher's CAT: New Cache ATtacks on TLS Implementations”. Transport Layer Security (TLS) is a cryptographic protocol that provides end-to-end security over a computer network. It is commonly used in email, instant...
Read more...
Most of the security vulnerabilities we write about at HotHardware fortunately won't affect the vast majority of readers. Either these exploits require user interaction to kick-start, or you have to be of particular interest as a target for someone to go through the effort of executing more complex attacks against you or your devices. But then there are those vulnerabilities that could impact any of us at any time, and worse, can be exploited with the ultimate of ease. Embedi is a security firm that focuses on embedded devices and operating systems (hence the name). Through its research efforts, the company discovered some serious issues with the firmware of the widely-used ThreadX RTOS...
Read more...
Hackers do not need to bust open a Drama Llama Piñata to get the best loot in Fortnite. Epic Games recently patched a vulnerability that would have granted hackers access to users’ accounts. Nefarious parties would have been able to acquire users’ in-game currency and the last four digits of their credit card. The vulnerability was discovered by Israeli cyber security company Check Point this past November. Epic Games quickly and quietly fixed the issue. They recently remarked, “We thank Check Point for bringing this to our attention. As always, we encourage players to protect their accounts by not re-using passwords and using strong passwords, and not sharing account...
Read more...
We have all seen it on Facebook -- one of your friends “shares” a link to a new shake that will help you lose ten pounds in two days or a code to get suspiciously discounted Ray-Bans. Thankfully, most of these posts are obviously spam. Unfortunately, hackers are finding more ways to post annoying and potentially dangerous content. One researcher recently discovered a proof-of-concept Facebook worm that posts unwanted spam links. A Polish security researcher, who goes by the pseudonym “Lasq”, was the first to find the issue. He noted that a number of his Facebook friends appeared to be posting a link to French comic site hosted on a Amazon Web Services (AWS) bucket. Users...
Read more...
New Spectre flaws have been revealed by the former head of Intel's advanced thread team, Yuriy Bulygin. This is a man who knows what he's doing, so his opinions and findings are not to be treated as fly-by-night like some others. Through his new security agency, Eclypsium (a neat name, it must be said), Bulygin posts of a new application of speculative execution attacks which hinge on Spectre variant 1 (bounds check bypass), although it's believed that the same exploit would work with variant 2 (branch target injection), as well. Ultimately, Bulygin's exploit leverages the bounds check bypass element of Spectre's variant 1 to circumvent the system management range register (SMRR) protection of...
Read more...
With critical vulnerabilities like Meltdown and Spectre having been disclosed to the public, it's clearer than ever that more eyeballs are needed when it comes to making sure that our software and hardware is secure. Not long after Intel suffered the bulk of fallout from Meltdown and Spectre, the company bolstered its bug bounty program to encourage more people to dive in and discover bugs before they can be exploited. Intel made great strides to improve the program overall by cutting out the invite-only requirement, allowing anyone to find, explore and report potential bugs. Clearly, Microsoft liked that idea, as it has also enhanced its bug bounty program to offer the the same top quarter...
Read more...
Researchers at Purdue University and the University of Iowa have just exposed a list of LTE vulnerabilities that could create quite a headache for carriers (and consumers) if not fixed soon. Using a framework the researchers call LTEInspector, eight of the ten new vulnerabilities were tested as working on a testbed with SIMs from 4 different carriers. Vodafone cellular tower in Germany (Flickr: Vodafone Medien) There are many possibilities of the chaos these vulnerabilities could create, but one brought to the forefront would let an attacker spoof the location of a customer, even without the appropriate credentials. In the list (which can be seen below, and was grabbed from the research...
Read more...
There are a number of ways to tell if your computer is vulnerable to the Spectre or Meltdown security exploits that have been making rounds over the last several weeks. For instance, Microsoft has a tool that will analyze your rig and tell you, but it is a PowerShell script that gives you results that you almost need a computer science degree to understand. A new tool is now available that makes it very easy to test your machine and understand the results, and it is called InSpectre. InSpectre is from Steve Gibson, security researcher, and his tool (download here) delivers easy to understand results. It will tell you with simple yes or no answers if you are vulnerable. The image...
Read more...
There might not be a storage medium that's definitively indestructible, or perfectly reliable, but solid-state storage would rank near the top. A hard drive, for example, might be able to house a large amount of data, but if it's dropped to the ground, or its host PC is bumped hard enough, all of that data could effectively be ruined in the blink of an eye. Solid-state storage is a bit different. If it's jostled during operation, it won't be affected, and the same goes for experiencing a fall to the ground. But, despite its durability, it's still not indestructible or entirely reliable, and new research from Carnegie Mellon University, Seagate, and ETH Zürich highlights some new reason why. It's...
Read more...
Last Friday, we reported on a major cyberattack involving ransomeware that hit a large number of computers - including some belonging to the UK's National Health Service. At first, the malware's reach wasn't too clear, but as the weekend went on, we learned that the number of affected PCs reached at least 200,000 worldwide. Given the nature of this beast, that is downright terrifying. The big question right now is, "Who's at fault?" The blame could easily be shifted to Microsoft, as the bug that allowed this to happen was directly attributed to its own code. While the company is to be commended for releasing a rare Windows XP patch to help squash the bug, it comes a bit too late. Microsoft knew...
Read more...
We can't seem to go a single week without news of a severe vulnerability out there in the wild, and it looks like our streak isn't about to end. Not too long ago, a number of NSA-derived tools were released online, giving us an idea of how desperate the folks at one of the US government's leading intelligence agencies are to get inside targeted PCs. Now, we have to hope that IT managers and system owners alike take updating their OS seriously. This particular family of NSA exploits are being dubbed "DoublePulsar", and they're severe enough to warrant immediate attention to your Windows PCs. Last month, Microsoft released patches to remove the vulnerability, but as we all know too well, most people...
Read more...
What's that in the air? Could it be the smell of egg nog and pine? Nope, it's Microsoft Patch Tuesday, of course! This month's rollout is rather large and notable for a number of reasons. However, what matters most is that if you're not up-to-date yet, you'll want to take a little trip to the Windows Update section and take care of business. Speaking of business, the advice to update is imperative for those managing user PCs in the enterprise, as this rollout of patches includes a fix for a huge bug Google disclosed one week ago. This bug, called CVE-2016-7255, is a local privilege escalation flaw that is particularly dangerous, as it's been proven to be actively exploited. If you don't want...
Read more...
As unfortunate as it is, it's really hard nowadays to be shocked at the thought of someone getting infected with malware, or even a piece of ransomware (which can now even affect Linux). It is still possible to get shocked though, with Betabot proving it for us. This piece of malicious software doesn't just fetch user data from an infected machine, it also infects the machine with ransomware. Oy. Betabot is arguably one of the worst types of malware out there, as it's effective at getting through security protections to find and take financial information, and then lock the machine up type before leaving, requiring a payment to regain access. As if one of these attacks isn't bad enough; to get...
Read more...
If you operate a Web server that runs on Linux, we're here to give you a bit of a prod in case you haven't updated it in a while. A piece of ransomware called FairWare is floating around, and as you'll soon see, its name is ironic as it's anything but "fair". Reports are coming in of users who have been struck with this awful type of malware, although it doesn't seem clear at this point exactly how the infection takes place. It's also not clear if this is some sort of automated attack -- one that simply scans the internet at large and infects where it can -- or if the attacks are focused. Either way, if you are hit with it, you are in for a bad day. Once infected, you'll notice that you no longer...
Read more...
We reported earlier this week on a large collection of exploits that have been put up for auction by a group that calls itself Shadow Brokers. The promise was that all of the files were sourced from a secret NSA group called Equation Group, and now, Edward Snowden has released documents to prove that's just the case. This confirmation comes from The Intercept, a website which ultimately came to be as a direct result of Snowden's leaks three summers ago. With this trove of software confirmed to be sourced from the NSA, it raises some big questions. When Shadow Brokers put its collection of exploits up for auction, it took only a couple of days before we found out that there was some real threat...
Read more...
We wrote a couple of days ago about a huge treasure trove of alleged NSA-derived exploits that were hitting the market. That gold mine was accessed by a group calling itself Shadow Brokers, and it's been said that their source was Equation Group, which is believed to be an extension of the NSA. At that time, there was no proof that any of the exploits contained in the collection were still valid. Quickly, some noted that a few of the targets were already patched, leading the rest of us to believe that the entire collection came a bit too late. However, anyone who thought that might have to back it up a wee bit, as Cisco has today confirmed that one of the exploits contained within that collection...
Read more...
