Collaborate Disseminate
When the Raspberry Pi 4 was released, many looked at the dual micro HDMI ports with disdain. Why would an SBC like the Raspberry Pi need two HDMI ports? The answer was that the Pi 4 is finally fast enough to work as a desktop replacement, and the killer feature …read more
Continue reading Can You Really Use the Raspberry Pi 4 as a Desktop Machine?
In a very mobile-centric installment, we’re starting with the story of a long-running iPhone exploitation campaign. It’s being reported that this campaign was being run by the Chinese government. Attack attribution is decidedly non-trivial, so let’s be cautious and say that these attacks were probably Chinese operations.
In any case, …read more
We’ll start with more Black Hat/DEFCON news. [Meh Chang] and [Orange Tsai] from Devcore took a look at Fortinet and Pulse Secure devices, and found multiple vulnerabilities. (PDF Slides) They are publishing summaries for that research, and the summary of the Fortinet research is now available.
It’s… not great. There …read more
Bluetooth is a great protocol. You can listen to music, transfer files, get on the internet, and more. A side effect of those many uses is that the specification is complicated and intended to cover many use cases. A team of researchers took a look at the Bluetooth specification, and …read more
Continue reading This Week in Security: KNOB, Old Scams Are New Again, 0-days, Backdoors, and More
Blackhat and DEF CON both just wrapped, and Patch Tuesday was this week. We have a bunch of stories to cover today.
First some light-hearted shenanigans. Obviously inspired by Little Bobby Tables, Droogie applied for the vanity plate “NULL”. A year went by without any problems, but soon enough it …read more
Continue reading This Week in Security: Black Hat, DEF CON, and Patch Tuesday
The bsnes emulator has a new overclocking mode to eliminate slowdowns in SNES games while keeping the gameplay speed accurate. We’re emulating old SNES hardware on modern machines that are vastly more powerful. Eliminating slowdowns should be trivial, right? For an emulator such as bsnes, which is written to achieve …read more
I’m sure you’ve heard of Spectre, which was the first of many speculative execution vulnerabilities found in modern processors. A new one just popped up this week. At Blackhat on Tuesday, CVE-2019-1125 was announced by Bitdefender as SWAPGS.
SWAPGS is an x86_64 instruction that is intended for use in context …read more
Continue reading This Week in Security: SWAPGS, Malicious Shaders, More iOS Woes, and WPA3
This has been an interesting week. First off, security researchers at Armis discovered a set of serious vulnerabilities in the vxWorks Real Time Operating System (RTOS). Released under a name that sounds like the title of a western or caper movie, Urgent/11. Not familiar with vxWorks? It’s a toss-up as …read more
Continue reading This Week in Security: vxWorks, Expensive Email Fraud, and What’s in Your Wallet?
Selfblow (Don’t google that at work, by the way) is a clever exploit by [Balázs Triszka] that effects every Nvidia Tegra device using the nvtboot bootloader — just about all of them except the Nintendo Switch. It’s CVE 2019-5680, and rated at an 8.2 according to Nvidia, but that high …read more
Remember the end of GandCrab we talked about a couple weeks back? A new wrinkle to this story is the news that a coalition of law enforcement agencies and security researchers have released a decrypter and the master decryption keys for that ransomware. It’s theorized that researchers were able to …read more
Continue reading This Week in Security: Ransomware Keys, iOS Woes, and more