The VPN bypass bug in iOS 13.3.1 and later causes some internet connections to continue with their original, unencrypted connection – which is a security and privacy concern.Caleb Chen is a digital currency and privacy advocate who believes we must #KeepOurNetFree, preferably through decentralization.
Microsoft disclosed a new remote code execution vulnerability today that can be found in all supported versions of Windows and is currently being exploited in “limited targeted attacks” (via TechCrunch).Microsoft patches Windows 10 security flaw discovered by the NSA.
While Intel has issued patches to lessen the damage of exploits and make them harder, security firm Positive Technologies said the mitigations may not be enough to fully protect systems.
If you have no patch available yet or your device is not supported anymore, you can try to mitigate the impact by some generic behavior rules: Only enable Bluetooth if strictly necessary.
As for CVE-2019-14615 the Intel graphics vulnerability disclosed this week affecting Gen7 through Gen9 graphics architectures, it's been dubbed "iGPU Leak" by the researchers involved.They dub this vulnerability "iGPU Leak" and describe it as an information leakage vulnerability on the Intel integrated GPU architecture.
Remote code execution is the holy grail of zero day vulnerabilities, and the fact that one of the most popular privacy and security focused browsers in the world had such a flaw should be a massive wake up call to internet browser users around the world.
The issue is this: Firefox versions for desktop older than the just-patched version contain a critical vulnerability that could allow an attacker to take control of a user’s entire operating system—whether they use Windows or Mac. More alarming, the vulnerability is already being exploited in the wild, thus Homeland Security stepping in with the urgent plea for users to upgrade.
Mozilla has released a new version of Firefox that fixes an actively exploited zero-day that could allow attackers to take control of users' computers.In an advisory, Mozilla rated the vulnerability critical and said it was "aware of targeted attacks in the wild abusing this flaw."
TikTok, a mobile video app popular with teens, was vulnerable to SMS spoofing attacks that could have led to the extraction of private information, according to infosec researchers.Research from Israeli outfit Check Point found that an attacker could send a spoofed SMS message to a user containing a malicious link.
Intel CPUs are at the center of controversy once again as yet another vulnerability is discovered by Cybersecurity researchers.According to their findings, the security vulnerability can compromise SGX (software guard extensions) protected by undervolting the CPU when executing protected computations, to the degree that the SGX memory encryption failed to protect data.
[CVE-2019-14899] affects many different types of VPN protocols including OpenVPN, WireGuard, and IKEv2/IPSec. Private Internet Access has released an update to its Linux client that mitigates [CVE-2019-14899] from being used to infer any information about our users’ VPN connections.
WhatsApp is a “Trojan horse” exploited to snoop on millions of users naive enough to believe that the Facebook-owned messenger differs from its parent company, long beset by privacy scandals, Telegram founder Pavel Durov said.
“Our team found a way of manipulating specific actions and intents,” Erez Yalon, director of security research at Checkmarx said, “making it possible for any application, without specific permissions, to control the Google Camera app.
Bitdefender–the tireless actuary of the Internet of Things–were able to crack into homeowner’s personal WiFi networks via Amazon’s Ring doorbells, the video-enabled auto-locks that allow homeowners to remotely open the door.Balan told us that the vulnerability was discovered following a request from PCMag to look into the device and that it’s now been patched.
Bitdefender said the Amazon-owned doorbell was sending owners’ Wi-Fi passwords in cleartext as the doorbell joins the local network, allowing nearby hackers to intercept the Wi-Fi password and gain access to the network to launch larger attacks or conduct surveillance.
A zero-day flaw in the Android operating system used by some of the most popular mobile phones on the market is being exploited in real-world attacks.Since malicious apps can find their way into the Google Play Store, app downloads should be limited as far as possible until the flaw has been patched.
The vulnerability in question is a sudo security policy bypass issue that could allow a malicious user or a program to execute arbitrary commands as root on a targeted Linux system even when the "sudoers configuration" explicitly disallows the root access.
Vulnerability testing specialists point out that any web application that uses numeric or alphanumeric identifiers is exposed to enumeration attacks.
Project Zero has just disclosed that a security vulnerability left some of those 16 million users exposed to the risk of credential compromise as, in an ironic twist, LastPass could leak the last password used to any website visited.
This is done from a series of mouse clicks on any web browser to reveal the static URL of posts and private stories cached on servers.
Google is finally working on a fix for a security problem that leaves more than a billion Calendar users exposed to attack.The threat actors craft their messages to include a malicious link, leveraging the trust that user familiarity with calendar notifications brings with it.
In the wake of data abuse scandals and several instances of malware app being discovered on the Play Store, Google today expanded its bug bounty program to beef up the security of Android apps and Chrome extensions distributed through its platform.
Telegram, the secure messaging platform, is used by pro-democracy campaigners in Hong Kong as a means of keeping communications away from the prying eyes of the Chinese authorities.
In the first half of 2019, analysts at computer security firm Risk Based Security (RBS) enumerated a total of 11,092 flaws in computer systems (known as vulnerabilities) that could be exploited by a hacker to take unauthorized actions in another person’s or organization’s system.
Stefan Esser, an iPhone security expert, tweeted an additional warning: “I hope people are aware that with a public jailbreak being available for the latest iOS 12.4 people must be very careful what apps they download from the Apple AppStore.