|
| Linux kernel impacted by new SLUBStick cross-cache attack |
|
A novel Linux Kernel cross-cache attack named SLUBStick has a 99% success in converting a limited heap vulnerability into an arbitrary memory read-and-write capability, letting the researchers elevate privileges or escape containers. |
|
Sep 15, 2024
by
Bill Toulas - Bleeping Computer
Tech News |
|
| Stolen Microsoft key offered widespread access to Microsoft cloud services |
|
The Microsoft consumer signing key stolen by Storm-0558 Chinese hackers provided them with access far beyond the Exchange Online and Outlook.com accounts that Redmond said were compromised, according to Wiz security researchers. |
|
Sep 24, 2023
by
Sergiu Gatlan - Bleeping Computer
Tech News |
|
| Unpatched 15-year old Python bug allows code execution in 350k projects |
|
A vulnerability in the Python programming language that has been overlooked for 15 years is now back in the spotlight as it likely affects more than 350,000 open-source repositories and can lead to code execution. Disclosed in 2007 and tagged as CVE-2007-4559, the security issue never received a patch, the only mitigation provided being a documentation update warning developers about the risk. |
|
Oct 15, 2022
by
Ionut Ilascu - Bleeping Computer
Tech News |
|
| NPM supply-chain attack impacts hundreds of websites and apps |
|
An NPM supply-chain attack dating back to December 2021 used dozens of malicious NPM modules containing obfuscated Javascript code to compromise hundreds of downstream desktop apps and websites. As researchers at supply chain security firm ReversingLabs discovered, the threat actors behind this campaign (known as IconBurst) used typosquatting to infect developers looking for very popular packages, such as umbrellajs and ionic.io NPM modules. |
|
Aug 11, 2022
by
Sergiu Gatlan
Tech News |
|
| $620 million in crypto stolen from Axie Infinity's Ronin bridge |
|
A hacker has stolen almost $620 million in Ethereum and USDC tokens from Axie Infinity's Ronin network bridge, making it possibly the largest crypto hack in history. |
|
Mar 29, 2022
by
Lawrence Abrams - BleepingComputer
Crypto News |
|
| Google Tink - A multi-language, cross-platform library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse. |
| Google has released Tink and which is a multi-language, cross-platform cryptographic library. With OpenSSL we have complex bindings and which were often focused on specific systems, such as for DLLs in Windows systems. Tink is open-source and focuses on creating simple APIs and which should make the infrastructure more portable |
|
Jan 10, 2022
by Google
Crypto Blogs |
|
| 'The Internet Is on Fire' |
|
A vulnerability in a widely used logging library has become a full-blown security meltdown, affecting digital systems across the internet. Hackers are already attempting to exploit it, but even as fixes emerge, researchers warn that the flaw could have serious repercussions worldwide. |
|
Dec 13, 2021
by Lily Hay Newman - WIRED
Tech News |
|
| Hacking group says it has found encryption keys needed to unlock the PS5 |
|
Hacking group Fail0verflow announced Sunday evening that it had obtained the encryption "root keys" for the PlayStation 5, an important first step in any effort to unlock the system and allow users to run homebrew software. The tweeted announcement includes an image of what appears to be the PS5's decrypted firmware files, highlighting code that references the system's "secure loader." |
|
Dec 11, 2021
by
Kyle Orland - Ars Technica
Tech News |
| Load More by Tag |
Go to Top