Over 40 Windows Hardware Drivers Vulnerable To Privilege Escalation
www.bleepingcomputer.com/news/security/over-40-windows-hardware-drivers-vulnerable-to-privilege-escalation/ Researchers analyzing the security of legitimate device drivers found that more than 40 from at least 20 hardware vendors can be abused to achieve privilege escalation. The vendors affected include every major BIOS vendor and big names in the computer hardware business like ASUS, Toshiba, Intel, Gigabyte, Nvidia, or Huawei.
Warshipping: attack a target network by shipping a cellular-enabled wifi cracker to a company’s mail-room
boingboing.net/2019/08/07/warchakalakaboom.html IBM’s ridiculously named X-Force Red have documented a new attack vector they’ve dubbed “Warshipping”: they mailed a sub-$100 custom, wifi-enabled low-power PC with a cellular radio to their target’s offices.. The device scans for visible wifi networks; once it senses a network associated with its target (indicating that it has arrived on the target company’s premises), it alerts its controllers over the cellular radio, and then scans the local wifi for instance in which users’ devices are initiating new connections to the network.
SELECT code_execution FROM * USING SQLite: Eggheads lift the lid on DB security hi-jinks
www.theregister.co.uk/2019/08/10/memory_corruption_sqlite/ At the DEF CON hacking conference in Las Vegas on Saturday, infosec gurus from Check Point are scheduled to describe a technique for exploiting SQLite, a database used in applications across every major desktop and mobile operating system, to gain arbitrary code execution.
HACKERS COULD DECRYPT YOUR GSM PHONE CALLS
www.wired.com/story/gsm-decrypt-calls/ MOST MOBILE CALLS around the world are made over the Global System for Mobile Communications standard; in the US, GSM underpins any call made over AT&T or T-Mobile’s network.. At the DefCon security conference in Las Vegas on Saturday, researchers from the BlackBerry are presenting an attack that can intercept GSM calls as they’re transmitted over the air and decrypt them to listen back to what was said. And the vulnerability has been around for decades