vulnerability
Latest
Over 21,000 Linksys routers leaked their device connection histories
Certain Linksys WiFi routers might be sharing far more data than their users would like. Security researcher Troy Mursch has reported that 33 models, including some Max-Stream and Velop routers, are exposing their entire device connection histories (including MAC addresses, device names and OS versions) online. They also share whether or not their default passwords have changed. Scans have shown between 21,401 and 25,617 vulnerable routers online, 4,000 of which were still using their default passwords.
Install updates now to address a vulnerability in most Intel CPUs
In January 2018, a pair of security exploits dubbed Spectre and Meltdown showed how attackers could take advantage of commonly-implemented CPU technology to access data they shouldn't have been able to. They were followed by a similar bug, Foreshadow, late last year, and now researchers have uncovered four different techniques that exploit Intel's speculative execution technology in a similar way. The website CPU.fail has collected information about each vulnerability -- they're collectively referred to as Microarchitectural Data Sampling (MDS) -- including Zombieload, RIDL & Fallout, and Store-to-Leak Forwarding. Example code shows how the attacks could be launched using malicious JavaScript, for example, and researchers state that it would be difficult for antivirus software to detect it, however they have not found evidence of anyone using the tech in attacks so far.
Old versions of Windows get a new patch to stop WannaCry-style attacks
Microsoft is trying to head off another WannaCry-style malware outbreak before it starts. The software giant has released fixes for a Remote Desktop Services (aka Terminal Services) vulnerability that could allow "wormable" malware that spreads from computer to computer without requiring any user input. The exploit affects Windows 7, Windows Server 2008 R2 and older releases. Not surprisingly, Microsoft isn't taking any chances. While it's no longer officially supporting Windows XP and Windows Server 2003, it's patching both platforms to prevent ancient PCs (like those used in some business and government scenarios) from falling prey to attacks.
WhatsApp call exploit let attackers slip spyware on to phones
WhatsApp appears to have been the inadvertent conduit for a surveillance campaign. Both WhatsApp and Israeli software developer NSO Group have confirmed that an exploit in WhatsApp's voice calling allowed attackers to load NSO's Pegasus spyware on to Android and iOS devices. The tool could infect a device even if a user didn't answer, and the malicious calls would frequently disappear from logs. Pegasus can use the camera and mic in addition to scooping up location and message info.
Internet Explorer security flaw allows hackers to steal files
Microsoft's Internet Explorer has a longstanding reputation for poor security, but it's now bad enough that you could be attacked just by having it on your PC. Security researcher John Page has revealed an unpatched exploit in the web browser's handling of MHT files (IE's web archive format) that hackers can use to both spy on Windows users and steal their local data. As Windows opens MHT files using IE by default, you don't even have to run the browser for this to be a problem -- all you have to do is open an attachment sent through chat or email.
Researchers find 36 security flaws in LTE
Security experts aren't done poking holes in LTE's armor -- not by a long shot. South Korean researchers have found 36 vulnerabilities in LTE that enable a range of attacks, some more sinister than others. They include temporary inconveniences like disconnecting someone from the cell network through to eavesdropping and controlling the data itself. The team found the abundance of exploits by using a custom "fuzzing" (feeding large chunks of random data to look for irregularities) tool.
ASUS releases fix for ShadowHammer malware attack
ASUS may have inadvertently pushed malware to some of its computers through its update tool, but it at least has a fix ready to go. The PC maker has released a new version of its Live Update software for laptops that addresses the ShadowHammer backdoor attack. It also promised "multiple security verification mechanisms" to reduce the chances of further attacks, and started using an "enhanced end-to-end encryption mechanism." There are upgrades to the behind-the-scenes server system to prevent future attacks, ASUS added.
DHS issues warning about Medtronic implantable defibrillator flaws
The Department of Homeland Security and Medtronic are advising people with the latter's implantable defibrillators to keep their monitors and programmers updated and in sight. A warning issued by the department says over 20 Medtronic products are afflicted with vulnerabilities that could be exploited by attackers nearby. Sixteen of the products are implantable defibrillators -- some still sold around the world today -- while the others are the defibrillators' bedside monitors and programmers. According to the Star Tribune, as many as 750,000 devices for the heart come with the flaws.
Google Photos flaw let attackers grab users' location data
Researchers have revealed a now-patched flaw that would allow hackers to track your location history using Google Photos. Ron Masas, from security company Imperva, explains in a blog post that Google Photos -- which was recently subject to an Android TV bug -- was vulnerable to browser-based timing attacks, which could leverage a photo's image data to approximate the time of a visit to a specific place or country.
Facebook Messenger bug let other people see who you'd been talking to
In November, researchers discovered a Facebook bug that allowed websites to extract data from users' profiles thanks to a security flaw relating to cross-site frame leakage (CSFL). Today, the same team has revealed a now-patched vulnerability that would let websites expose who you've been chatting to in Facebook Messenger.
Google discloses 'high severity' Mac security flaw ahead of patch
Google's Project Zero security disclosure program is once again proving to be a double-edged sword. The company has detailed a "high severity" macOS kernel flaw that lets people modify a user-mounted file system image without the virtual management subsystem being any the wiser, theoretically letting an attacker go unnoticed by users. Apple is working on a patch, but the disclosure ahead of the fix could leave Mac users vulnerable until it's ready.
Security flaws in 4G and 5G allow snooping on phone users
Security researchers are already poking holes in 5G mere months into its existence. They've discovered three flaws in 4G and 5G that could be used to intercept phone calls and track someone's location. The first and most important, Torpedo, relies on a flaw in the paging protocol that notifies phones of incoming calls and texts. If you start and cancel several calls in a short period, you can send a paging message without alerting the device to a call. That not only lets you track the device's location, but opens the door to two other attacks.
Microsoft patches Internet Explorer flaw being used to hijack PCs
Microsoft has rolled out a fix for a zero-day Internet Explorer vulnerability that hackers are already using for targeted attacks. The tech giant didn't elaborate on the scope of those attacks, but it did explain how criminals can use the memory-corruption flaw. Apparently, attackers simply have to get users to visit websites engineered to exploit it -- by sending them links via email, for instance -- in order to hijack their computers. Once attackers gain control of their system, they can install programs, view or even change data, as well as create new accounts with full user rights.
Amazon fixes security flaws allowing smart home hijacks
Some smart home device owners may have dodged a bullet. Amazon recently patched 13 security flaws in an operating system for the Internet of Things, FreeRTOS, as well as Amazon Web Services connection modules. The holes let intruders crash devices, leak the contents of their memory and remotely run code, effectively giving attackers full control. The flaws might have been far-reaching if they'd gone unfixed -- both FreeRTOS and its safety-oriented counterpart SafeRTOS are used in a wide range of devices inside and outside the home, including cars, aircraft and medical gear.
MIT finds a smarter way to fight Spectre-style CPU attacks
Many companies have developed patches to mitigate Meltdown- and Spectre-like speculative memory attacks. However, they can come with compromises: they can leave major gaps and still slow down your system. MIT researchers may have a better way. They've developed a new method, Dynamically Allocated Way Guard (yes, DAWG is on purpose), that promises tight security without dragging performance through the dirt.
WhatsApp fixes video call exploit that allowed account hijacks
WhatsApp owners may have just dodged a bullet. The messaging service has fixed a security flaw that let intruders hijack the app (and thus your account) when you answered an incoming video call in Android or iOS. If an attacker sent a malformed Real-time Transport Protocol packet, it would corrupt the app's heap memory and open it to attack. Web users weren't affected, since the browser-based client relies on the WebRTC protocol.
App flaw let anyone access UK Conservative politicians' data
The UK Conservative party is learning a hard lesson about the importance of basic security measures in mobile apps. Users have discovered that you could log into the party's conference app using only an attendee's email address, providing access to all kinds of sensitive data. And when many of the conference participants are politicians who registered with their email addresses at Parliament... you can guess what happened next.
Voting machines are still plagued with vulnerabilities as midterms loom
The Def Con Voting Village, which for two years in a row has let conference attendees try their hand at breaching voting machines, has released the report on this year's event. More than 30 voting machines and other pieces of election equipment were available this year and many of them are still used throughout the US. Troublingly, attendees uncovered multiple vulnerabilities, the number and severity of which the report described as "staggering." "What these vulnerabilities in this report and warnings from national security leaders tell us is that this is a severe national security threat," said Voting Village co-organizer Jake Braun.
Facebook will reward those who report bugs in third-party apps
Facebook is expanding its bug bounty program and will begin offering rewards to those that report vulnerabilities in third-party apps that connect to its platform. Specifically, the company is concerned with the misuse of access tokens, which allow Facebook users to log into other apps and websites with their Facebook account. "If exposed, a token can potentially be misused, based on the permissions set by the user," Dan Gurfinkel, Facebook's security engineering manager, said in a blog post. "We want researchers to have a clear channel to report these important issues, and we want to do our part to protect people's information, even if the source of a bug is not in our direct control."
Initial 'Fortnite' Android installer let hackers install malware
When Epic said it would skip the Google Play Store with Fortnite's Android release, it raised eyebrows among security experts. Wasn't it creating risks by encouraging gamers (some of whom didn't understand the potential dangers) to install non-Store apps? Well, it did... although not quite in the way you might have expected. Epic Games has patched a Google-discovered vulnerability in Fortnite's original Android installer that would have let intruders download and install malware. The exploit used a man-in-the-disk attack that took advantage of Epic's initially flawed storage handling to intercept download requests and load nefarious content.
