4 Major Privacy and Security Updates From Google You Should Know About

Google has announced a number of user-facing and under-the-hood changes in an attempt to boost privacy and security, including rolling out two-factor authentication automatically to all eligible users and bringing iOS-styled privacy labels to Android app listings. “Today we ask people who have enrolled in two-step verification (2SV) to confirm it’s really them with a simple tap via a Google

Read more

6 Unpatched Flaws Disclosed in Remote Mouse App for Android and iOS

As many as six zero-days have been uncovered in an application called Remote Mouse, allowing a remote attacker to achieve full code execution without any user interaction.
The unpatched flaws, collectively named ‘Mouse Trap,’ were disclosed on Wednesday by security researcher Axel Persinger, who said, “It’s clear that this application is very vulnerable and puts users at risk with bad

Read more

New TsuNAME Flaw Could Let Attackers Take Down Authoritative DNS Servers

Security researchers Thursday disclosed a new critical vulnerability affecting Domain Name System (DNS) resolvers that could be exploited by adversaries to carry out reflection-based denial-of-service attacks against authoritative nameservers.
The flaw, called ‘TsuNAME,’ was discovered by researchers from SIDN Labs and InternetNZ, which manage the national top-level internet domains ‘.nl’ and ‘.

Read more

New Stealthy Rootkit Infiltrated Networks of High-Profile Organizations

An unknown threat actor with the capabilities to evolve and tailor its toolset to target environments infiltrated high-profile organizations in Asia and Africa with an evasive Windows rootkit since at least 2018.
Called ‘Moriya,’ the malware is a “passive backdoor which allows attackers to inspect all incoming traffic to the infected machine, filter out packets that are marked as designated for

Read more

CISO Challenge: Check Your Cybersecurity Skills On This New Competition Site

InfoSec leaders tend to be a specific type. Their jobs require them to think of possible threats, take actions that may not pay immediate results, plan for unknown security risks, and react quickly when emergencies arise, often before the morning’s first coffee.
The high-stakes position also means that CISOs need to keep their knowledge and skills sharp – you can never really know what’s around

Read more

Critical Flaws Hit Cisco SD-WAN vManage and HyperFlex Software

Networking equipment major Cisco has rolled out software updates to address multiple critical vulnerabilities impacting HyperFlex HX and SD-WAN vManage Software that could allow an attacker to perform command injection attacks, execute arbitrary code, and gain access to sensitive information.
In a series of advisories published on May 5, the company said there are no workarounds that remediate

Read more

New Qualcomm Chip Bug Could Let Hackers Spy On Android Devices

Cybersecurity researchers have disclosed a new security vulnerability in Qualcomm’s mobile station modems (MSM) that could potentially allow an attacker to leverage the underlying Android operating system to slip malicious code into mobile phones, undetected. “If exploited, the vulnerability would have allowed an attacker to use Android OS itself as an entry point to inject malicious and

Read more

New Spectre Flaws in Intel and AMD CPUs Affect Billions of Computers

When Spectre, a class of critical vulnerabilities impacting modern processors, was publicly revealed in January 2018, the researchers behind the discovery said, “As it is not easy to fix, it will haunt us for quite some time,” explaining the inspiration behind naming the speculative execution attacks.
Indeed, it’s been more than three years, and there is no end to Spectre in sight.
A team of

Read more

New Study Warns of Security Threats Linked to Recycled Phone Numbers

A new academic study has highlighted a number of privacy and security pitfalls associated with recycling mobile phone numbers that could be abused to stage a variety of exploits, including account takeovers, conduct phishing and spam attacks, and even prevent victims from signing up for online services.
Nearly 66% of the recycled numbers that were sampled were found to be tied to previous owners

Read more

BIOS PrivEsc Bugs Affect Hundreds of Millions of Dell PCs Worldwide

PC maker Dell has issued an update to fix multiple critical privilege escalation vulnerabilities that went undetected since 2009, potentially allowing attackers to gain kernel-mode privileges and cause a denial-of-service condition.
The issues, reported to Dell by researchers from SentinelOne on Dec. 1, 2020, reside in a firmware update driver named “dbutil_2_3.sys” that comes pre-installed on

Read more