Federal agents confirm LastPass breach linked to massive cryptocurrency heists
The LastPass breach is tied to a $150 million crypto theft
Vulnerability articles
Google researchers uncover critical security flaw in all AMD Zen processors
Google has released an open-source jailbreak toolkit to deploy custom microcode patches on vulnerable CPUs
Researchers uncover hidden 'backdoor' in widely used ESP32 microchip
Over a billion devices worldwide contain this chip
Google calls for industry-wide memory safety standards to enhance software security
Mountain View issues a call to arms against memory buffer issues
US cyber defense agency urges developers to eliminate buffer overflow vulnerabilities
"Secure by design" is the new way forward
Apple patches actively exploited zero-day vulnerability on iOS devices
The release also introduces new features powered by Apple Intelligence
AMD confirms microcode vulnerability revealed in beta BIOS update
Thankfully, there is a high bar for exploitation
Subaru vulnerability exposed millions of cars to remote hacking and tracking
"You can retrieve at least a year's worth of location history for the car, where it's pinged precisely"
iPhone USB-C is hackable, but users don't need to worry yet
Code execution, electromagnetic fault injection, and firmware dumping are possible
D-Link won't patch its older VPN routers, leaving critical vulnerability unaddressed
Instead, it is offering a 20% discount on a newer model
A hot potato: D-Link is strongly recommending that users of its older VPN routers replace the devices following the discovery of a serious remote code execution (RCE) vulnerability. As the models have reached their end of life and end of support dates, they won't be patched to protect against the flaw.
D-Link will not fix a critical vulnerability in discontinued NAS devices
A security risk for thousands of internet-connected devices
New attack methods work against Spectre mitigations in modern PC CPUs
Speculation barriers don't work as intended
Facepalm: Spectre-based flaws are still causing some security issues in recent Intel and AMD CPUs. A newly developed attack can bypass protection "barriers" OEMs added to avoid personal data leakage. However, microcode and system updates should already be available for affected systems.
Security expert uncovers widespread vulnerabilities in US voting and government systems
Hackers can manipulate court records and voter databases, researcher reveals
PKfail security flaw is far more extensive than initially thought
Facepalm: Binarly analysts have issued a new warning just a couple of months after unveiling a security issue related to compromised platform keys used to enforce Secure Boot protection. The PKfail problem affects a significantly larger pool of devices and brands, and is not limited to firmware products developed by AMI.
Major TSA security flaw exposed, simple SQL vulnerability could have allowed access to airplane cockpits
An attacker could have added fake pilots to the roster using SQL injection
Newly discovered flaw makes some YubiKeys vulnerable to cloning
All YubiKey models running firmware prior to version 5.7 are affected
Zyxel issues patches for nine critical vulnerabilities affecting over 50 access points and routers
Admins: Update your Zyxel networking firmware ASAP
Researchers disclose Windows "downgrade" attack as Microsoft provides a mitigation method
A new Microsoft-signed revocation policy can block impacted VBS files and tighten UEFI security
RFID cards could turn into a global security mess after discovery of hardware backdoor
WTF?! Chinese-made chips used in popular contactless cards contain hardware backdoors that are easy to exploit. These chips are compatible with the proprietary Mifare protocol developed by Philips spin-off NXP Semiconductors and are inherently "intrinsically broken," regardless of the card's brand.
AMD reverses course, releases microcode update to fix Sinkclose flaw in Ryzen 3000 CPUs
CPUs from 2019 will be protected against the dangerous low-level vulnerability
Browsers are finally addressing 0.0.0.0 Day vulnerability
The vulnerability has persisted for nearly two decades
AMD's update strategy for the Sinkclose vulnerability leaves some processors unprotected
Some of the affected processors are relatively recent and still widely used
Researchers reveal "Sinkclose" vulnerability affecting nearly all AMD processors since 2006
What just happened? Security researchers at this year's Def Con have presented findings regarding a long-standing albeit recently discovered vulnerability in AMD processors called "Sinkclose." Though rather hard to exploit, the security flaw can potentially yield catastrophic results for any system unlucky enough to fall victim to it.
Ecovacs robot vacuums can be hijacked remotely to spy on you
Hacked machines can even propagate the attack to other nearby robots
Windows update flaw allows hackers to downgrade systems to vulnerable versions
Microsoft hasn't spotted an attack in the wild yet, but it will take time to develop a mitigation