Last year, Google’s Project Zero team discovered serious security flaws caused by “speculative execution,” a technique used by most modern processors (CPUs) to optimize performance.
One of the most basic premises of computer security is isolation: If you run somebody else's sketchy code as an untrusted process on your machine, you should restrict it to its own tightly sealed playpen. Otherwise, it might peer into other processes, or snoop around the computer as a whole. So when a security flaw in computers' most deep-seated hardware puts a crack in those walls, as one newly discovered vulnerability in millions of processors has done, it breaks some of the most fundamental protections computers promise—and sends practically the entire industry scrambling.
A fundamental design flaw in Intel's processor chips has forced a significant redesign of the Linux and Windows kernels to defang the chip-level security bug.
Programmers are scrambling to overhaul the open-source Linux kernel's virtual memory system. Meanwhile, Microsoft is expected to publicly introduce the necessary changes to its Windows operating system in an upcoming Patch Tuesday: these changes were seeded to beta testers running fast-ring Windows Insider builds in November and December.
A researcher who specializes in hacking Apple’s iOS operating system has made public the details of an unpatched vulnerability in macOS that can be exploited to take complete control of a system.
If you're using Thunderbird for your email needs, make sure you're on version 52.5.2. Mozilla recently released the new version, which has patches that squash a handful of bugs.
Although the issue has been patched through Microsoft's Fall Creators Update, outdated versions of Windows 10's Hello facial recognition can be spoofed with a photo, a German security firm said this week.
With some extra work as little as a low-resolution, laser-printed photo taken with a near infrared camera can be used to trick a Hello-capable PC, SySS explained. It demonstrated the problem in a series of YouTube videos.
A server being compromised or hacked for the purpose of this guide is an unauthorized person or bot logging into the server in order to use it for their own, usually negative ends.
Disclaimer: If your server has been compromised by a state organization like the NSA or a serious criminal group then you will not notice any problems and the following techniques will not register their presence.
A newly discovered piece of Android malware carries out a litany of malicious activities, including showing an almost unending series of ads, participating in distributed denial-of-service attacks, sending text messages to any number, and silently subscribing to paid services. Its biggest offense: a surreptitious cryptocurrency miner that's so aggressive it can physically damage an infected phone.
Five years ago, Apple bought an obscure components company called AuthenTec for more than $350 million, one of the largest purchases in its history. The acquisition enabled the launch of Touch ID, a rapid fingerprint recognition technology that would become a hallmark of iPhones. Apple's current-generation iPhone 8 series uses Touch ID, but Apple has pointed to the iPhone X as its phone of the future, a future that would not include fingerprint recognition.
A new remote access Trojan is using cloud-based tools to evade traditional security scanners that can't inspect SSL or provide cloud application-level traffic inspection, according to researchers at Netskope Threat Research Labs.
TelegramRAT uses Dropbox as its payload host and Telegram Messenger for command and control. It arrives as a malicious Microsoft Office document, exploiting a memory corruption vulnerability (CVE-2017-11882 ) patched by Microsoft last month, and it uses Bit.ly redirection to hide the payload hosted on Dropbox.
