Millions of computers powered by Intel processors are affected by vulnerabilities that can be exploited by malicious actors to obtain potentially sensitive information. Intel and other tech giants have already released patches and mitigations. The side-channel attack methods, named ZombieLoad, RIDL (Rogue In-Flight Data Load), and Fallout, are similar to the notorious Meltdown and Spectre, […]
A use-after-free vulnerability in SQLite could be exploited by an attacker to remotely execute code on a vulnerable machine, Cisco Talos security researchers have discovered. Tracked as CVE-2019-5018 and featuring a CVSS score of 8.1, the vulnerability resides in the window function functionality of Sqlite3 3.26.0 and 3.27.0. To trigger the flaw, an attacker would […]
Security updates Apple released this week for iOS, macOS, Safari, tvOS and watchOS include patches for 21 vulnerabilities that affect open source web browser engine WebKit. These bugs include 20 memory corruption issues that could lead to arbitrary code execution during the processing of maliciously crafted web content. Apple says it addressed the flaws with […]
The UK government, in the form of the Department for Digital, Culture, Media and Sport (DCMS) has published its fourth annual breaches survey: the Cyber Security Breaches Survey 2019. It was carried out by Ipsos Mori in partnership with the Institute for Criminal Justice Studies at the university of Portsmouth. The survey queried more than […]
A DNS hijacking campaign that has been ongoing for the past three months is targeting the users of popular online services, including Gmail, PayPal, and Netflix. As part of the campaign, the attackers compromised consumer routers to modify their DNS settings and redirect users to rogue websites to steal their login credentials. Bad Packets security […]
Unofficial patches have been released for two unfixed Oracle Java Runtime Environment (RE) vulnerabilities discovered by Google Project Zero researcher Mateusz Jurczyk. On February 18, Google Project Zero made public the details of four Java RE vulnerabilities caused by heap-based out-of-bounds read bugs. The security holes were discovered during fuzz testing aimed at the processing […]
Microsoft is extending the protection capabilities of Windows Defender Application Guard with the release of browser extensions for Chrome and Firefox. The new extensions were designed to automatically redirect untrusted navigations to Windows Defender Application Guard for Microsoft Edge. The extensions check site URLs against a list of trusted domains (defined by enterprise admins) and […]
Released in Beta 1 last week, the latest Android iteration (Android Q) arrived with new privacy protection improvements and other security enhancements. Building on previously introduced features such as file-based encryption, lockdown mode, encrypted backups, Google Play Protect, and more, Android Q brings more control over location access, improved transparency, and better data security (many […]
Europol on Monday announced the adoption of a new protocol for how law enforcement authorities in the European Union and beyond will respond to major cross-border cyberattacks. The new EU Law Enforcement Emergency Response Protocol should prove useful in case of major attacks such as the ones involving WannaCry and NotPetya malware, which in 2017 […]
Apple reported on Friday that the FaceTime spying bug that has been making headlines in the past days has been partially fixed, but users will have to wait until next week for a software update. According to Apple, a server-side patch has been implemented, but the application update that re-enables the Group FaceTime feature will […]
