Tech support scammers use old bug to freeze browsers
Tech support scammers are exploiting a bug that maxes out users’ CPU and memory capability and effectively freezes the browser and possibly the computer, in an attempt …
Latest Windows zero-day exploited by DNC hackers
Due to Google’s public release of information about an actively exploited Windows zero-day, Microsoft was forced to offer its own view of things and more information …
Most unpatched Joomla sites compromised in latest wave of attacks
If you run a Joomla-based website and you haven’t implemented the latest security release of the CMS, your site has been almost surely compromised. According to Sucuri …
Dirty COW Linux kernel zero-day exploited in the wild is now patched
Linux developer Phil Oester has spotted attackers exploiting a Linux kernel zero-day privilege escalation flaw that dates back to 2007, and has raised the alarm. The …
Researchers bypass ASLR by exploiting flaw in Intel chip
Researchers have found a design flaw in the branch predictor, a component of Intel’s Haswell processor, and have exploited it to bypass ASLR (Address Space Layout …
Samsung Knox flaws open unpatched devices to compromise
Researchers from Viral Security Group have discovered three vulnerabilities in Samsung Knox, a security platform that allows users to maintain separate identities for work and …
Chinese researchers hijack Tesla cars from afar
Tesla car owners are urged to update their car’s firmware to the latest version available, as it fixes security vulnerabilities that can be exploited remotely to take …
BENIGNCERTAIN-like flaw affects various Cisco networking devices
The leaking of BENIGNCERTAIN, an NSA exploit targeting a vulnerability in legacy Cisco PIX firewalls that allows attackers to eavesdrop on VPN traffic, has spurred Cisco to …
ICS-CERT warns of remotely exploitable power meter flaws
Two remotely exploitable vulnerabilities, one of which can lead to remote code execution, have been found in Schneider Electric’s ION Power Meter products and FENIKS PRO Elnet …
Bogus Pokémon GO guide app roots Android devices
The popularity of Pokémon GO is apparently on the wane, but there are still more than enough players to make it a good lure for cyber crooks. In fact, fake apps like the …
Hack a Nexus from afar, get $200,000
Google has issued a challenge to bug hunters around the world: find a vulnerability or bug chain that achieves remote code execution on multiple Android devices knowing only …
MySQL 0-day could lead to total system compromise
Researcher Dawid Golunski has discovered multiple severe vulnerabilities affecting the popular open source database MySQL and its forks (e.g. MariaDB, Percona). One of these …