Security News

Gaping 'hole' in Qualcomm’s Secure World mobile vault leaked sensitive data

ZDNet Zero Day - Thu, 11/14/2019 - 05:03
Researchers found a “gaping hole” in what was thought to be an extremely secure area in our mobile devices.
Categories: Security News

Iranian hacking group built its own VPN network

ZDNet Zero Day - Thu, 11/14/2019 - 01:00
Security researchers identify APT33's private network of 21 VPN nodes.
Categories: Security News

Company discovered it was hacked after a server ran out of free space

ZDNet Zero Day - Wed, 11/13/2019 - 16:22
Hacker was detected after creating a giant archive file that took up all the free disk space. Had been inside the company's network for almost two years, undetected.
Categories: Security News

Network of 265 online sites are mimicking defunct newspapers to spread anti-Pakistan propaganda

ZDNet Zero Day - Wed, 11/13/2019 - 11:56
EU NGO finds network of fake news sites linked to Indian NGOs and think tanks, all spreading anti-Pakistan propaganda.
Categories: Security News

NTSB Investigation of Fatal Driverless Car Accident

Schneier on Security - Wed, 11/13/2019 - 06:16
Autonomous systems are going to have to do much better than this. The Uber car that hit and killed Elaine Herzberg in Tempe, Ariz., in March 2018 could not recognize all pedestrians, and was being driven by an operator likely distracted by streaming video, according to documents released by the U.S. National Transportation Safety Board (NTSB) this week. But while... Bruce Schneier
Categories: Security News

Adobe squashes critical vulnerabilities in Illustrator CC, Media Encoder

ZDNet Zero Day - Wed, 11/13/2019 - 05:33
The worst bugs resolved this month can result in code execution.
Categories: Security News

TPM-FAIL vulnerabilities impact TPM chips in desktops, laptops, servers

ZDNet Zero Day - Tue, 11/12/2019 - 22:23
TPM-FAIL lets attackers steal private keys from TPMs. Attacks take from minutes to a few hours.
Categories: Security News

Microsoft's November 2019 Patch Tuesday arrives with a patch for an IE zero-day

ZDNet Zero Day - Tue, 11/12/2019 - 15:48
The November 2019 Patch Tuesday fixes 74 vulnerabilities, of which 13 are rated "Critical."
Categories: Security News

Intel, Mozilla, Red Hat, and Fastly partner to make WebAssembly a cross-platform runtime

ZDNet Zero Day - Tue, 11/12/2019 - 13:04
The Bytecode Alliance's main goal is to promote the use of security-hardened WebAssembly tools.
Categories: Security News

Flaw in Intel PMx driver gives 'near-omnipotent control over a victim device'

ZDNet Zero Day - Tue, 11/12/2019 - 12:00
Intel released an updated version of pmxdrvx64.sys and pmxdrv.sys; however, patching might take a while.
Categories: Security News

Intel's Cascade Lake CPUs impacted by new Zombieload v2 attack

ZDNet Zero Day - Tue, 11/12/2019 - 12:00
Zombieload v2 impacts Intel CPUs released since 2013, if they support the Intel TSX instruction set.
Categories: Security News

Manual code review finds 35 vulnerabilities in 8 enclave SDKs

ZDNet Zero Day - Tue, 11/12/2019 - 12:00
All issues have been privately reported and patches are available.
Categories: Security News

McAfee antivirus software impacted by code execution vulnerability

ZDNet Zero Day - Tue, 11/12/2019 - 10:05
The severe security flaw can bypass self-defense mechanisms.
Categories: Security News

Identifying and Arresting Ransomware Criminals

Schneier on Security - Tue, 11/12/2019 - 06:15
The Wall Street Journal has a story about how two people were identified as the perpetrators of a ransomware scheme. They were found because -- as generally happens -- they made mistakes covering their tracks. They were investigated because they had the bad luck of locking up Washington, DC's video surveillance cameras a week before the 2017 inauguration.... Bruce Schneier
Categories: Security News

Mexico’s Pemex oil provider says attempted hack ‘neutralized’

ZDNet Zero Day - Tue, 11/12/2019 - 04:23
A suspected attack involving Ryuk impacted less than five percent of systems.
Categories: Security News

Facebook ordered to remove fake cryptocurrency adverts featuring celebrity

ZDNet Zero Day - Tue, 11/12/2019 - 02:54
A Dutch court has demanded that Facebook ups its game when it comes to ad fraud.
Categories: Security News

Fooling Voice Assistants with Lasers

Schneier on Security - Mon, 11/11/2019 - 06:14
Interesting: Siri, Alexa, and Google Assistant are vulnerable to attacks that use lasers to inject inaudible­ -- and sometimes invisible­ -- commands into the devices and surreptitiously cause them to unlock doors, visit websites, and locate, unlock, and start vehicles, researchers report in a research paper published on Monday. Dubbed Light Commands, the attack works against Facebook Portal and a... Bruce Schneier
Categories: Security News

New Buran ransomware-as-a-service tempts criminals with discount licenses

ZDNet Zero Day - Mon, 11/11/2019 - 03:52
A new RaaS offering is attempting to undercut competitors to become established in the lucrative criminal space.
Categories: Security News

BlueKeep exploit to get a fix for its BSOD problem

ZDNet Zero Day - Sun, 11/10/2019 - 23:30
Microsoft's Meltdown patch was causing BlueKeep attacks to crash on some systems.
Categories: Security News

Major ASP.NET hosting provider infected by ransomware

ZDNet Zero Day - Sun, 11/10/2019 - 09:55
SmarterASP.NET, a company with more than 440,000 customers, said it's been hit by ransomware over the weekend.
Categories: Security News