Security

Dell has released a patch that addresses multiple vulnerabilities in its DBUtil BIOS driver after a security researcher found that the driver in question could be abused by an attacker to gain increased system privileges.

The vulnerable driver was first discovered by security research Kasif Dekel from SentinelLabs and the team informed the PC giant of its findings back in December of last year. According to the US-based cybersecurity firm, the driver has been vulnerable since 2009 though there is no evidence at this time that its flaws have been exploited in the wild.

Since 2018, an almost endless series of attacks broadly known as Spectre has kept Intel and AMD scrambling to develop defenses to mitigate vulnerabilities that allow malware to pluck passwords and other sensitive information directly out of silicon. Now, researchers say they’ve devised a new attack that breaks most—if not all—of those on-chip defenses.

It turns out the Raspberry Pi might be one of the best tools to have on hand for any network engineer. This maker, who goes by Mr.Smashy online, has created a USB Raspberry Pi password thief using a Raspberry Pi Zero W.

The best Raspberry Pi projects have real-world applications and this one is ideal for physical penetration testing. It provides an open-source solution for analyzing one of the most critical barriers in network security.

Apple released updates for iPhone, iPad, Mac, and Apple Watch today with multiple security updates. The patched flaws involved malicious web content that could lead to arbitrary code execution – and Apple says they may have been actively exploited.

Apple released iOS 14.5.1 and iOS 12.5.3, macOS 11.3.1, and watchOS 7.4.1 today with the primary changes being security fixes (App Tracking Transparency bug fix for iOS too). So be sure to install the newest updates to get the latest protection.

A week after Apple issued its biggest iOS and iPadOS update since last September’s release of version 14.0, the company has released a new update to patch two zero-days that allowed attackers to execute malicious code on fully up-to-date devices. Monday’s release of version 14.5.1 also fixes problems with a bug in the newly released App Tracking Transparency feature rolled out in the previous version.

With macOS malware on the rise, Apple has been busy in recent years adding layers of protections that make it a lot more difficult for malicious software to run on Macs. But a vulnerability in the operating system, publicly disclosed and patched today, was exploited to bypass all of them.

AirDrop, the feature that allows Mac and iPhone users to wirelessly transfer files between devices, is leaking user emails and phone numbers, and there's not much anyone can do to stop it other than to turn it off, researchers said.

AirDrop uses Wi-Fi and Bluetooth Low Energy to establish direct connections with nearby devices so they can beam pictures, documents, and other things from one iOS or macOS device to another. One mode allows only contacts to connect, a second allows anyone to connect, and the last allows no connections at all.

Theres's been a huge uptick in the proportion of malware using TLS or the Transport Layer Security to communicate without being spotted, cybersecurity firm Sophos reports.

While HTTPS helps prevent eavesdropping, man-in-the-middle attacks, and hijackers who try to impersonate a trusted website, the protocol has also offered cover for cybercriminals to privately share information between a website and a command and control server —  hidden from the view of malware hunters.

For more than two decades, Window Snyder has built security into products at some of the biggest companies in the world. Now, she’s unveiling her own company that aims to bake security into billions of connected devices made by other companies.

San Francisco-based Thistle Technologies said on Thursday that it received $2.5 million in seed funding from True Ventures. The startup is creating tools that will help manufacturers build security into connected devices from the ground up.

Adversa, an Israeli leader in Secure and Trusted AI research and advisory, has published comprehensive research on the security and trustworthiness of AI systems worldwide during the last decade.

In the extensive report, “The road to secure and Trusted AI”, Adversa reveals the most critical real-world security threats facing AI and effective countermeasures to protect these systems. The research considers the impact of ongoing regulations concerning AI security in the EU and USA.