CISA Director Jen Easterly says the Log4j flaw likely affects hundreds of millions of devices and may be the most serious bug she has seen in her career
A vulnerability in a widely used Apache library … Ncsc-Nl / GitHub : Log4j overview related software Kyle Alspach / VentureBeat : Log4j exploits attempted on 44% of corporate networks; ransomware payl...
A Windows 10 and Windows 11 exploit allows an attacker with physical access to gain SYSTEM privileges, bypassing Microsoft's patch from earlier this month
Hackers Exploiting New Windows Installer Zero-Day Exploit in the Wild Brittany A. Roston / SlashGear : All Windows PCs at risk after Microsoft fails to fix zero-day exploit Elizabeth Montalbano / Thre...
Google has patched an actively exploited zero-day vulnerability in its Chrome 88 update
update now Ryan Naraine / SecurityWeek : Google Chrome, Microsoft IE Zero-Days in Crosshairs Gareth Corfield / The Register : Chrome zero-day bug that is actively being abused by bad folks affects Edg...
Leaked dataset from a location data company with a log of the movements of 12M+ Americans shows how “anonymous” location data can be used to track people
and it's not hard to figure out who you are Whitney Kimball / Gizmodo : Holy Shit, Reportedly Jerry Hildenbrand / Android Central : Your phone tracks your every move and there is nothing you can do ab...
D-Link won't patch a remote exploit in four of its routers, saying they are end-of-life, despite some being discontinued in 2018 and still being sold on Amazon
Paul Wagenseil / Tom's Guide :
An in-depth look at five iOS exploit chains that were used in hacked websites for carrying out watering hole attacks against devices running iOS 10 through 12
In the earlier posts we examined … Ian Beer / Project Zero : In-the-wild iOS Exploit Chain 1 Patrick Howell O'Neill / MIT Technology Review : Websites have been quietly hacking iPhones for years, says...
An in-depth look at five iOS exploit chains that were used in hacked websites for carrying out watering hole attacks against devices running iOS 10 through 12
In the earlier posts we examined … Ryan Whitwam / ExtremeTech : Google Discovered Malicious Websites Used to Hack iPhones for Years Jon Porter / The Verge : Google reveals major iPhone security flaws ...
New “Bad Rabbit” ransomware targets corp networks in Ukraine, Turkey, Germany, infects devices through hacked Russian media sites using NotPetya type methods
There is a connection between Bad Rabbit and Not Petya Waqas / HackRead : Bad Rabbit ransomware spreading like wildfire but there is a way out Dell Cameron / Gizmodo : ‘Bad Rabbit’ Ransomware Strikes ...
Researchers find alarming number of Macs remain vulnerable to stealthy hacks due to outdated EFI firmware; Windows and Linux PCs are also likely at risk
Even With Updated Software Bryan Clark / The Next Web : Report: Countless PCs vulnerable to newly discovered firmware attack [Update] Paul Wagenseil / Tom's Guide : Many Macs Can Be Hacked by Firmware...
Chaos Computer Club hackers say they have defeated Samsung Galaxy S8's iris recognition system using a photo of victim's iris
Biometrics on smartphones … Ian Morris / Forbes : Samsung Galaxy S8 Iris Scanner Hacked In Three Simple Steps Corbin Davenport / Android Police : Members of the Chaos Computer Club have cracked the Ga...