Millions of smartphones have Qualcomm vulnerability
Slava Makkaveev, from Check Point Software Technologies, published a blog post on Thursday showing a security flaw in Qualcomm’s Mobile Station Modem Interface. It can be exploited to control the modem and dynamically patch it from the application processor.
An attacker could use the flaw to e... Read more
Student PCs vulnerable because of flaws in monitoring program
Researchers have found numerous critical vulnerabilities in popular remote monitoring software. What makes the incident problematic is that it could affect the safety and privacy of students.
McAfee disclosed on Monday that there are several security gaps in Netop Vision Pro.
The software is ... Read more
Google demonstrates Spectre exploit that enables data-leaking
On Friday, Google released proof-of-concept code for conducting a Spectre-based attack on its browser (Chrome). This was a way for the company to show how web developers can protect themselves from browser-based side-channel attacks.
The code was posted to GitHub. A detailed look shows how an at... Read more
Tesla Model X keys have security flaw, hackers can steal your car
A security flaw was discovered by Lennert Wouters, a Ph.D. student at COSIC, a research group at the University of Leuven in Belgium, in Tesla’s Model X’s keyless entry system. The flaw would allow a hacker to steal the vehicle in mere minutes.
It works by exploiting a flaw in how Tesla uses... Read more
Microsoft issues patches for 112 security flaws
This month's security patch release addresses critical vulnerabilities including a Windows kernel flaw.
It's that time of the month when Microsoft issues security patches, and the November 2020 release is a sizeable one. In all, Microsoft has released fixes for 112 newly discovered security vul... Read more
Cisco warns Windows 10 users to patch Webex security flaw
The company advised of an arbitrary code execution vulnerability in Webex Meetings Desktop App
Cisco has issued an advisory warning that the bug in Webex Meetings Desktop App for Windows has created a "high-severity" security flaw. Indeed, Cisco has given the bug, tracked as CVE-2020-3588, a se... Read more
Google provides patches for two Chrome Zero-Days under active exploit
Google has patched two zero-day vulnerabilities in the Chrome browser. This is the third time in two weeks that the company has had to fix a Chrome flaw under active exploit. A tweet on Monday from Ben Hawkes, the head of Google’s Project Zero’s vulnerability and exploit research section, confi... Read more
Project Zero discloses an active exploited Windows 10 vulnerability
Google’s project zero announced that hackers have been exploiting an active Windows 10 zero-day that is not likely to be patched soon. The patch will probably arrive in two weeks. Google’s longstanding policy about vulnerability involves giving Microsoft a seven-day deadline to fix the flaw, wh... Read more
Google has a fix for their zero-day flaw in Chrome OS and Chrome
Google found out that their latest versions of Chrome and Chrome OS had a zero-day security flaw. Google has a security team that is responsible for finding these vulnerabilities, named Project Zero. They found out that hackers were using the flaw to attack Chrome users.
Google patched the flaw ... Read more
Palo Alto Networks warns users about Kubernetes security flaw
Recently, an issue that was named CVE-2020-8558 was discovered in a networking component of a Kubernetes node known as the Kube-proxy. In the last week of July 2020, the research arm of Palo Alto Networks, Unit 42, issued a security alert that warns of the same vulnerability.
The warning was tha... Read more