Time-triggered Ethernet (TTE) is used in spacecraft, basically to use the same hardware to process traffic with different timing and criticality. Researchers have defeated it : On Tuesday, researchers published findings that, for the first time, break TTE’s isolation guarantees. The result is PCspooF, an attack that allows a …
Intel has confirmed that a source code leak for the UEFI BIOS of Alder Lake CPUs is authentic and has been released by a third party. [...]
Four vulnerabilities in the widely adopted 'Stacked VLAN' Ethernet feature allows attackers to perform denial-of-service (DoS) or man-in-the-middle (MitM) attacks against network targets using custom-crafted packets. [...]
HP issued a security advisory alerting users about a newly discovered vulnerability in HP Support Assistant, a software tool that comes pre-installed on all HP laptops and desktop computers, including the Omen sub-brand. [...]
I’ve been saying that complexity is the worst enemy of security for a long time now. ( Here’s me in 1999.) And it’s been true for a long time. In 2018, Thomas Dullien of Google’s Project Zero talked about “cheap complexity.” Andrew Appel summarizes : The anomaly …
Anker's central smart home device hub, Eufy Homebase 2, was vulnerable to three vulnerabilities, one of which is a critical remote code execution (RCE) flaw. [...]
This is a new vulnerability against Apple’s M1 chip. Researchers say that it is unpatchable. Researchers from MIT’s Computer Science and Artificial Intelligence Laboratory, however, have created a novel hardware attack, which combines memory corruption and speculative execution attacks to sidestep the security feature. The attack shows …
A new hardware attack targeting Pointer Authentication in Apple M1 CPUs with speculative execution enables attackers to gain arbitrary code execution on Mac systems. [...]
Cisco has released a security advisory to warn about a critical vulnerability (CVSS v3 score: 10.0), tracked as CVE-2022-20695, impacting the Wireless LAN Controller (WLC) software. [...]
Western Digital has released new My Cloud OS firmware to fix a vulnerability exploited by bug hunters during the Pwn2Own 2021 hacking competition to achieve remote code execution. [...]
HP has disclosed 16 high-impact UEFI firmware vulnerabilities that could allow threat actors to infect devices with malware that gain high privileges and remain undetectable by installed security software. [...]
QNAP force-updated customer's Network Attached Storage (NAS) devices with firmware containing the latest security updates to protect against the DeadBolt ransomware, which has already encrypted over 3,600 devices. [...]
Approximately 300,000 MikroTik routers are vulnerable to critical vulnerabilities that malware botnets can exploit for cryptomining and DDoS attacks. [...]
Security researchers analyzed nine popular WiFi routers and found a total of 226 potential vulnerabilities in them, even when running the latest firmware. [...]
Rowhammer is an attack technique involving accessing — that’s “hammering” — rows of bits in memory, millions of times per second, with the intent of causing bits in neighboring rows to flip. This is a side-channel attack, and the result can be all sorts of mayhem. Well, there is a …
Researchers have developed a new fuzzing-based technique called 'Blacksmith' that revives Rowhammer vulnerability attacks against modern DRAM devices that bypasses existing mitigations. [...]
Intel has released an advisory to confirm the existence of two high-severity vulnerabilities that affect a wide range of Intel processor families. [...]
A zero-day vulnerability in Western Digital My Book Live NAS devices allowed a threat actor to perform mass-factory resets of devices last week, leading to data loss. [...]
There’s new research that demonstrates security vulnerabilities in all of the AMD and Intel chips with micro-op caches, including the ones that were specifically engineered to be resistant to the Spectre/Meltdown attacks of three years ago. Details : The new line of attacks exploits the micro-op cache: an …
A massive ransomware campaign targeting QNAP devices worldwide is underway, and users are finding their files now stored in password-protected 7zip archives. [...]
This report is six months old, and I don’t know anything about the organization that produced it, but it has some alarming data about router security. Conclusion: Our analysis showed that Linux is the most used OS running on more than 90% of the devices. However, many routers …
This is a clever side-channel attack: The cloning works by using a hot air gun and a scalpel to remove the plastic key casing and expose the NXP A700X chip, which acts as a secure element that stores the cryptographic secrets. Next, an attacker connects the chip to hardware …
Intel announced today at CES 2021 that they have added hardware-based ransomware detection to their newly announced 11th generation Core vPro business-class processors. [...]
This is bad : More than 100,000 Zyxel firewalls, VPN gateways, and access point controllers contain a hardcoded admin-level backdoor account that can grant attackers root access to devices via either the SSH interface or the web administration panel. [...] Installing patches removes the backdoor account, which, according to Eye …