Daily NCSC-FI news followup 2019-08-11

Over 40 Windows Hardware Drivers Vulnerable To Privilege Escalation

www.bleepingcomputer.com/news/security/over-40-windows-hardware-drivers-vulnerable-to-privilege-escalation/ Researchers analyzing the security of legitimate device drivers found that more than 40 from at least 20 hardware vendors can be abused to achieve privilege escalation. The vendors affected include every major BIOS vendor and big names in the computer hardware business like ASUS, Toshiba, Intel, Gigabyte, Nvidia, or Huawei.

Warshipping: attack a target network by shipping a cellular-enabled wifi cracker to a company’s mail-room

boingboing.net/2019/08/07/warchakalakaboom.html IBM’s ridiculously named X-Force Red have documented a new attack vector they’ve dubbed “Warshipping”: they mailed a sub-$100 custom, wifi-enabled low-power PC with a cellular radio to their target’s offices.. The device scans for visible wifi networks; once it senses a network associated with its target (indicating that it has arrived on the target company’s premises), it alerts its controllers over the cellular radio, and then scans the local wifi for instance in which users’ devices are initiating new connections to the network.

SELECT code_execution FROM * USING SQLite: Eggheads lift the lid on DB security hi-jinks

www.theregister.co.uk/2019/08/10/memory_corruption_sqlite/ At the DEF CON hacking conference in Las Vegas on Saturday, infosec gurus from Check Point are scheduled to describe a technique for exploiting SQLite, a database used in applications across every major desktop and mobile operating system, to gain arbitrary code execution.

HACKERS COULD DECRYPT YOUR GSM PHONE CALLS

www.wired.com/story/gsm-decrypt-calls/ MOST MOBILE CALLS around the world are made over the Global System for Mobile Communications standard; in the US, GSM underpins any call made over AT&T or T-Mobile’s network.. At the DefCon security conference in Las Vegas on Saturday, researchers from the BlackBerry are presenting an attack that can intercept GSM calls as they’re transmitted over the air and decrypt them to listen back to what was said. And the vulnerability has been around for decades

You might be interested in …

Daily NCSC-FI news followup 2020-05-09

DigitalOcean Data Leak Incident Exposed Some of Its Customers Data thehackernews.com/2020/05/digitalocean-data-breach.html DigitalOcean, one of the biggest modern web hosting platforms, recently hit with a concerning data leak incident that exposed some of its customers’ data to unknown and unauthorized third parties. Though the hosting company has not yet publicly released a statement, it did has […]

Read More

Daily NCSC-FI news followup 2019-07-03

Facebook says its working to resolve outages across Instagram, WhatsApp, and Messenger www.theverge.com/2019/7/3/20681050/facebook-picture-stories-outage-instagram-whatsapp-messenger Facebook has had problems loading images, videos, and other data across its apps today, leaving some people unable to load photos in the Facebook News Feed, view stories on Instagram, or send messages in WhatsApp. Facebook says it is aware of the […]

Read More

Daily NCSC-FI news followup 2020-06-28

Journalist’s phone hacked by new invisible’ technique: All he had to do was visit one website. Any website www.thestar.com/news/canada/2020/06/21/journalists-phone-hacked-by-new-invisible-technique-all-he-had-to-do-was-visit-one-website-any-website.html The white iPhone with chipped paint that Moroccan journalist Omar Radi used to stay in contact with his sources also allowed his government to spy on him. Microsoft quietly created a Windows 10 File Recovery tool, […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.