An iPhone hacking team has released a new jailbreak tool for almost every iPhone, including the most recent models, by using the same vulnerability that Apple last month said was under active attack by hackers. TechCrunch reports: The Unc0ver team released its latest jailbreak this weekend, and says it works on iOS 11 (iPhone 5s and later) to iOS 14.3, which…
Tag: CVE
Flaws In Zoom’s Keybase App Kept Chat Images From Being Deleted
chicksdaddy writes: The Security Ledger reports that a flaw in Zoom’s Keybase secure chat application left copies of images contained in secure communications on Keybase users’ computers after they were supposedly deleted, according to researchers from the security research group Sakura Samurai. The flaw in the encrypted messaging application, CVE-2021-23827 does not expose Keybase users to remote compromise. However, it could…
New Side-Channel Attack Can Recover Encryption Keys From Google Titan Security Keys
A duo of French security researchers has discovered a vulnerability impacting chips used inside Google Titan and YubiKey hardware security keys. From a report: The vulnerability allows threat actors to recover the primary encryption key used by the hardware security key to generate cryptographic tokens for two-factor authentication (2FA) operations. Once obtained, the two security researchers say the encryption key, an…
CISA Updates SolarWinds Guidance, Tells US Govt Agencies To Update Right Away
The US Cybersecurity and Infrastructure Security Agency has updated its official guidance for dealing with the fallout from the SolarWinds supply chain attack. From a report: In an update posted late last night, CISA said that all US government agencies that still run SolarWinds Orion platforms must update to the latest 2020.2.1HF2 version by the end of the year. Agencies that…
DHS Is Looking Into Backdoors In Smart TVs By China’s TCL
chicksdaddy shares a report from The Security Ledger: The acting head of the U.S. Department of Homeland Security said the agency was assessing the cyber risk of smart TVs sold by the Chinese electronics giant TCL, following reports last month in The Security Ledger and elsewhere that the devices may give the company “back door” access to deployed sets, The Security…
Ubuntu Patches Bug That Tricked Gnome Desktop Into Giving Root Access
“Ubuntu developers have fixed a series of vulnerabilities that made it easy for standard users to gain coveted root privileges,” reports Ars Technica: “This blog post is about an astonishingly straightforward way to escalate privileges on Ubuntu,” Kevin Backhouse, a researcher at GitHub, wrote in a post published on Tuesday. “With a few simple commands in the terminal, and a few…
Security Holes Opened Back Door To TCL Android Smart TVs
chicksdaddy shares a report from The Security Ledger: Millions of Android smart television sets from the Chinese vendor TCL Technology Group Corporation contained gaping software security holes that researchers say could have allowed remote attackers to take control of the devices, steal data or even control cameras and microphones to surveil the set’s owners. The security holes appear to have been…
Google Patched an Actively-Exploited Zero-Day Bug in Chrome
“Google released an update to its Chrome browser that patches a zero-day vulnerability in the software’s FreeType font rendering library that was actively being exploited in the wild, Threatpost reported this week: Security researcher Sergei Glazunov of Google Project Zero discovered the bug which is classified as a type of memory-corruption flaw called a heap buffer overflow in FreeType. Glazunov informed…
Zerologon Attack Lets Hackers Take Over Enterprise Networks Within 3 Seconds
An anonymous reader writes: Researchers have developed and published a proof-of-concept exploit for a recently patched Windows vulnerability that can allow access to an organization’s crown jewels — the Active Directory domain controllers that act as an all-powerful gatekeeper for all machines connected to a network. CVE-2020-1472, as the vulnerability is tracked, carries a critical severity rating from Microsoft as well…
Microsoft’s ‘Patch Tuesday’ Includes 129 Security Updates, Mostly to Windows
This week Krebs on Security reported that Microsoft “released updates to remedy nearly 130 security vulnerabilities in its Windows operating system and supported software.” None of the flaws are known to be currently under active exploitation, but 23 of them could be exploited by malware or malcontents to seize complete control of Windows computers with little or no help from users….