-
August 12th: Processors contain vulnerabilities +++ Open Cybersecurity Schema Framework +++ Vulnerabilities and updates of the week
After Spectre and Meltdown, it is now Æpicleak’s and SQUIP’s turn Processors from AMD and Intel contain vulnerabilities that attackers can use to leak data. They were found by researchers of Sapienza University of Rome, the Graz University of Technology, the CISPA Helmholtz Center for Information Security, and Amazon Web Services. The first vulnerability – […]
-
July 29th: Attack from charging socket via “Ghost Touch” +++ 2022 Unit 42 Incident Response Report +++ Security updates Samba
Touchscreens: Attack from the charging socket via “Ghost Touch” Researchers from Technical University Darmstadt and Zhejiang University in Hangzhou carried out attacks on capacitive touchscreens via charging cables and power supply units and thus uncovered a new attack possibility on mobile devices. In the experimental setup, a compromised public charging station was assumed to be […]
-
July 22nd: CloudMensis +++ Online storage services used for delivering malware +++ Vulnerabilities of the week
New malware backdoor: CloudMensis ESET researchers first spotted the new malware in April 2022 and named it CloudMensis. Why? It uses pCloud, Yandex Disk, and Dropbox public cloud storage services for command-and-control (C2) communication. CloudMensis’ capabilities clearly show that its operators’ main goal is to collect sensitive information from infected Macs through various means. These […]
-
July 15th: Microsoft releases exploit for macOS sandbox escape bug +++ New ransomware Lilith has first victims +++ Lenovo Notebook UEFi Firmware Vulnerabilities
Microsoft releases tweet-size exploit for macOS sandbox escape bug Microsoft has published the exploit code for a vulnerability in macOS that could help an attacker bypass sandbox restrictions and run code on the system. The company released the technical details for the security issue, which is currently identified as CVE-2022-26706, and explained how the macOS App Sandbox rules could […]