Items tagged with vulnerability
Another Microsoft Patch Tuesday has come and gone. Ninety-nine flaws in total were addressed during this major patch. Unfortunately, the update does not provide a blanket fix for all ninety-nine issues. There are various prerequisites before some users will be able to install a patch for a secure boot vulnerability. “CVE-2020-0689” or the “Microsoft Secure Boot Security Feature Bypass Vulnerability” allows attackers to bypass secure boots. A secure boot is intended to guarantee that a device is only making use of software with valid credentials from an Original Equipment Manufacturer (OEM). However, this vulnerability permits attackers to load their own software. Thankfully,...
Read more...
Is your Bluetooth connection secure? Researchers recently discovered a Bluetooth vulnerability that could allow hackers to intercept and manipulate a user’s communications. The researchers tested and found seventeen vulnerable Bluetooth chips in devices from companies such as Intel, Apple, Lenovo, and Qualcomm. The findings were presented at the USENIX Security Symposium by researchers from the Center for IT-Security, Privacy and Accountability (CISPA). The vulnerability has been nicknamed “Key Negotiation Of Bluetooth” or “KNOB”. Every time two Bluetooth devices establish a connection, they also create a new encryption key. Unfortunately, not every device has a...
Read more...
Researchers recently uncovered Windows kernel security flaws that affect over 40 drivers from 20 different vendors. The vulnerabilities could give attackers access to a device's hardware and firmware. Researchers from Eclypsium shared their troubling findings this past week at the DEF CON 27 security conference in Las Vegas, Nevada. Why are there so many vulnerable drivers? According to Mickey Shkatov, Principal Researcher at Eclypsium, bad coding practices are to blame. Many drivers are meant to be flexible and able to perform a wide variety of actions instead of performing specific tasks. Shkatov noted, “It's easier to develop software by structuring drivers and applications this way,...
Read more...
Millions of Dell And Other Brand PCs Vulnerable To System Hijack Security Flaw In 3rd Party Software
Some laptop and desktop consumers may want to double-check that they have recently updated their devices. It was discovered that millions of Dell PCs as well as other brands could be vulnerable to hackers. The security flaw was caused by a 3rd party software package and affected Dell’s SupportAssist software, as well other rebranded versions of this particular software that Dell and other brands employ. The Dell SupportAssist software is pre-installed on devices and is intended to “proactively checks the health of your system’s hardware and software.” Since SupportAssist runs health checks on a device, it has unfettered access to the system. SupportAssist is able...
Read more...
Another day, another device vulnerability. It was recently discovered that hackers are able to remotely execute code with admin privileges through a Dell SupportAssist utility vulnerability. It is believed that a “high number” of users could be impacted. American security researcher Bill Demirkapi discovered the vulnerability. The vulnerability affects users who use non-updated versions of the Dell SupportAssist tool. This tool comes pre-installed on Dell devices alongside Windows OS. The hackers use a ARP Spoofing and a DNS Spoofing attack. The attackers lead users to a subdomain of dell.com. Once users have reached the site, the DNS Spoofing attack will return an “incorrect”...
Read more...
It has been nearly a week since security researcher John Page reported that he had found an Internet Explorer XML eXternal Entity (XXE) vulnerability. A new layer of this vulnerability has been recently discovered and the implications are far more serious. A Microsoft Edge feature may threaten Internet Explorer’s security. The vulnerability is a XML eXternal Entity or XXE attack. The attack occurs when an XML parser processes an XML input that includes a reference to an external entity. This type of attack could lead to the unwanted disclosure of sensitive information and a slew of other issues. In Page’s demonstration, he opened a malicious MHL file with a file manager. Internet...
Read more...
Is your data secure? Researchers recently discovered a new variation of the Bleichenbacher oracle attack that could threaten TLS 1.3 encryption. Seven researchers discovered that OpenSSL, Amazon s2n, MbedTLS, Apple CoreTLS, Mozilla NSS, WolfSSL, and GnuTLS utilized TLS protocols vulnerable to attacks. Google's new QUIC encryption protocol proved to be in danger as well. Their findings were published this past November in an article entitled, “The 9 Lives of Bleichenbacher's CAT: New Cache ATtacks on TLS Implementations”. Transport Layer Security (TLS) is a cryptographic protocol that provides end-to-end security over a computer network. It is commonly used in email, instant...
Read more...
Most of the security vulnerabilities we write about at HotHardware fortunately won't affect the vast majority of readers. Either these exploits require user interaction to kick-start, or you have to be of particular interest as a target for someone to go through the effort of executing more complex attacks against you or your devices. But then there are those vulnerabilities that could impact any of us at any time, and worse, can be exploited with the ultimate of ease. Embedi is a security firm that focuses on embedded devices and operating systems (hence the name). Through its research efforts, the company discovered some serious issues with the firmware of the widely-used ThreadX RTOS...
Read more...
Hackers do not need to bust open a Drama Llama Piñata to get the best loot in Fortnite. Epic Games recently patched a vulnerability that would have granted hackers access to users’ accounts. Nefarious parties would have been able to acquire users’ in-game currency and the last four digits of their credit card. The vulnerability was discovered by Israeli cyber security company Check Point this past November. Epic Games quickly and quietly fixed the issue. They recently remarked, “We thank Check Point for bringing this to our attention. As always, we encourage players to protect their accounts by not re-using passwords and using strong passwords, and not sharing account...
Read more...
We have all seen it on Facebook -- one of your friends “shares” a link to a new shake that will help you lose ten pounds in two days or a code to get suspiciously discounted Ray-Bans. Thankfully, most of these posts are obviously spam. Unfortunately, hackers are finding more ways to post annoying and potentially dangerous content. One researcher recently discovered a proof-of-concept Facebook worm that posts unwanted spam links. A Polish security researcher, who goes by the pseudonym “Lasq”, was the first to find the issue. He noted that a number of his Facebook friends appeared to be posting a link to French comic site hosted on a Amazon Web Services (AWS) bucket. Users...
Read more...
New Spectre flaws have been revealed by the former head of Intel's advanced thread team, Yuriy Bulygin. This is a man who knows what he's doing, so his opinions and findings are not to be treated as fly-by-night like some others. Through his new security agency, Eclypsium (a neat name, it must be said), Bulygin posts of a new application of speculative execution attacks which hinge on Spectre variant 1 (bounds check bypass), although it's believed that the same exploit would work with variant 2 (branch target injection), as well. Ultimately, Bulygin's exploit leverages the bounds check bypass element of Spectre's variant 1 to circumvent the system management range register (SMRR) protection of...
Read more...
With critical vulnerabilities like Meltdown and Spectre having been disclosed to the public, it's clearer than ever that more eyeballs are needed when it comes to making sure that our software and hardware is secure. Not long after Intel suffered the bulk of fallout from Meltdown and Spectre, the company bolstered its bug bounty program to encourage more people to dive in and discover bugs before they can be exploited. Intel made great strides to improve the program overall by cutting out the invite-only requirement, allowing anyone to find, explore and report potential bugs. Clearly, Microsoft liked that idea, as it has also enhanced its bug bounty program to offer the the same top quarter...
Read more...
Researchers at Purdue University and the University of Iowa have just exposed a list of LTE vulnerabilities that could create quite a headache for carriers (and consumers) if not fixed soon. Using a framework the researchers call LTEInspector, eight of the ten new vulnerabilities were tested as working on a testbed with SIMs from 4 different carriers. Vodafone cellular tower in Germany (Flickr: Vodafone Medien) There are many possibilities of the chaos these vulnerabilities could create, but one brought to the forefront would let an attacker spoof the location of a customer, even without the appropriate credentials. In the list (which can be seen below, and was grabbed from the research...
Read more...
There are a number of ways to tell if your computer is vulnerable to the Spectre or Meltdown security exploits that have been making rounds over the last several weeks. For instance, Microsoft has a tool that will analyze your rig and tell you, but it is a PowerShell script that gives you results that you almost need a computer science degree to understand. A new tool is now available that makes it very easy to test your machine and understand the results, and it is called InSpectre. InSpectre is from Steve Gibson, security researcher, and his tool (download here) delivers easy to understand results. It will tell you with simple yes or no answers if you are vulnerable. The image...
Read more...
