Four newly-discovered vulnerabilities found in Android phones and tablets that ship with a Qualcomm chip could allow an attacker to take complete control of an affected device.
The set of vulnerabilities, dubbed "Quadrooter," affects over 900 million phone and tablets, according to Check Point researchers who discovered the flaws.
There are multiple Web interface vulnerabilities in a network video recorder under Netgear's ReadyNAS brand and various devices by video recording company NUUO.
The affected NUUO units are NVRmini 2, NVRsolo, and Crystal.
The CERT advisory lists six Common Vulnerabilities and Exposures (CVE) notices attacked to the affected products, ranging from input validation issues to buffer overruns. Under CVE-2016-5674, there's a hidden page in the Web management interface that looks like someone wrote it while the product was under development, and forgot to take it out.
“High security” consumer electronic safes could certainly be pried open with power tools, but they’re marketed as reasonably robust for daily-life scenarios. On Friday, though, a hacker known as Plore presented strategies for identifying a safe custom-selected keycode and then using it to unlock the safe normally, without any damage or indication that the code has been compromised.
Trend Micro has helped capture a serial cyber criminal, reportedly responsible for managing an international crime network accused of stealing more than $60 million through business email compromise (BEC) scams and CEO fraud.
The security firm teamed up with Interpol and the Nigerian Economic and Financial Crime Commission, providing research assistance to help the organisations gather the information needed to result in arrest.
This Thursday, seven teams of researchers will face off in a live hacking challenge at Defcon, competing for a grand prize of $2 million. It’s a common sight at the conference, but this challenge comes with a twist — instead of human teams, Thursday’s challenge will be entirely automated, with experimental software programs hacking, patching, and defending networks with no human intervention.
Starting today, Mozilla has begun rolling out Firefox 48. Notably in this release, security has been increased with regards to downloading software. Firefox will now warn you when you attempt to download files that are classified by Google’s Safe Browsing service as either ‘potentially unwanted software’ or ‘uncommon downloads’.
A hacker is reportedly currently trying to sell a dump of Yahoo accounts, up to 200 million of them, on The Real Deal Dark Web, according to Softpedia. This is particularly frightening given the sheer size of the number of accounts available for purchase, but also because this is the same person who allegedly dumped millions of MySpace passwords.
A famed hacker who nearly 20 years ago told Congress he could take down the internet in 30 minutes is now going after the computer software industry, whose standard practices all but guarantee that most products will be vulnerable to cyber attacks.
Peiter Zatko, known in the hacker world as Mudge, was the best-known member of pioneering Boston hacking group the L0pht. More recently, he headed a Defense Department grant program for computer security projects.
Hong Kong-based digital currency exchange Bitfinex said late on Tuesday it has suspended trading on its exchange after it discovered a security breach, according to a company statement on its website.
Bitfinex is one of the largest exchanges for trading digital currencies bitcoin, ether, and litecoin. It has offices in Europe and the United States and is known in the digital currency community for having a platform that has deep liquidity in the U.S. dollar/bitcoin currency pair.
Telegram prides itself on private messaging that lets activists escape government censorship and crackdowns, but it might have a crisis on its hands in Iran. Security researchers speaking to Reuters say that an Iranian hacking group has not only breached over a dozen Telegram accounts, but identified the phone numbers of over 15 million of the service's users in the country. The intruders reportedly intercepted SMS authentication codes and used those to add devices to their accounts, letting them read messages and impersonate others.
