Collaborate Disseminate
A serious vulnerability in runC, a tool used to spawn and run Linux containers, allows attackers to break out of containerized environments and gain full access to the underlying servers. RunC is a container runtime that makes use of Linux’s bui… Continue reading Container Escape Vulnerability Puts Cloud Infrastructure at Risk
Apple’s newly released iOS 12.1.4 includes fixes for two serious vulnerabilities that are already used by hackers. The update also fixes the FaceTime bug that allowed users to remote enable other peoples’ microphones. The two vulnerabiliti… Continue reading Apple Fixes Two Zero-Day iOS Vulnerabilities Exploited in the Wild
A security researcher from security firm Trustwave has found a vulnerability that could allow hackers to take over videoconferencing devices made by Lifesize. Some of the affected products have reached end-of-sale or end-of-support, but are still wide… Continue reading Serious Vulnerability Found in Lifesize Business Videoconferencing Devices
The latest stable release of Google Chrome, version 72, has removed support for the aging 1.0 and 1.1 versions of TLS, as well as for the problematic HTTP-based Public Key Pinning protocol and FTP resources. The Transport Layer Security (TLS) protocol… Continue reading Google Chrome Drops Support for TLS 1.0 and 1.1
Apple has disabled the group chat feature in its FaceTime video calling app after a bug was discovered that allows callers to remotely turn on the microphones on the recipients’ devices. The issue was disclosed on social media and word about it … Continue reading FaceTime Group Chat Disabled Due to Snooping Bug
Security researchers have discovered a new Trojan program dubbed Razy that installs itself as a browser extension or infects existing browser extensions after disabling integrity checks. According to researchers from Kaspersky Lab, Razy is distributed… Continue reading Trojan Infects Browser Extensions After Disabling Integrity Checks
A community of volunteer researchers has managed to take down around 100,000 malware distribution websites over the past 10 months as part of a new URL blacklisting project. The initiative, called URLhaus, was launched last March by abuse.ch, a non-pr… Continue reading Volunteer Project Takes Down 100,000 Malware Distribution Sites
Wi-Fi chips used in several gaming consoles, Chromebooks, streaming boxes, routers and other types of devices have several firmware vulnerabilities that could allow attackers to compromise those systems over the air with no user interaction. The vulne… Continue reading Wi-Fi Chip Firmware Flaws Enable Over-the-Air Hacking
For the past year, hackers—some of them associated with the MageCart online skimming group—have broken into high-profile online stores by exploiting a previously unknown vulnerability in a web-based database management tool. The vulnerability is locat… Continue reading Government, E-commerce Sites Hacked Through Database Tool
Security researchers have found several vulnerabilities in the online game Fortnite that could have allowed hackers to break into player accounts, access their personal information, buy in-game currency with the linked credit cards and record their co… Continue reading Fortnite Attack Allowed Taking Over Player Accounts