Blog

Key Windows 10 defense is ‘worthless’ and bug dates back to Windows 8

Microsoft’s anti-exploitation technology has a flaw that makes it “worthless” in some cases.     By Liam Tung | November 20, 2017     Microsoft has been telling users to upgrade to Windows 10 because of its superior in-built defenses against attacks, compared with Windows 7. That advice would be true if it properly implemented…
Read more

Four methods hackers use to steal data from air-gapped computers

Air-gapped computers are seen as high-value targets, so considerable research has gone into taking data from them — without a network connection. Here’s what you need to know.  By Robin HarrisNovember 20, 2017 (Image: file photo)       Researchers have devised numerous ways to extract data from computer systems by developing covert channels. These…
Read more

Google Home and Amazon Echo hit by big bad Bluetooth flaws

Google and Amazon patch 20 million smart speakers that were vulnerable to serious Bluetooth attack.    By Liam Tung | November 16, 2017 The BlueBorne flaws had a more serious impact on Amazon’s Echo than on Google’s Home. Image: CNET     BlueBorne, a set of eight Bluetooth flaws, was already known to affect billions of…
Read more

Bug bounty hunter reveals DJI SSL, firmware keys have been public for years

Opinion: The researcher has discarded $30,000 to ensure there is full public disclosure of the drone maker’s poor security and revealing how not every bug bounty hunt ends well.     By Charlie OsborneNovember 17, 2017 DJI     An exasperated bug bounty hunter has revealed that drone maker DJI left everything from AWS credentials…
Read more

Oracle pushes emergency patch for critical Tuxedo server vulnerabilities

Two of the vulnerabilities have achieved a rating of 10 and 9.9 in severity.        By Charlie OsborneNovember 16, 2017 CBS Interactive     Oracle has released an emergency patch outside of scheduled security updates to resolve serious server vulnerabilities, some of which have achieved top severity ratings. On Thursday, ERPScan revealed the details…
Read more

DHS, FBI describe North Korea’s use of FALLCHILL malware

The North Korean government has likely been using the malware since 2016 to target the aerospace, telecommunications, and finance industries, the US government says.      By Stephanie CondonNovember 15, 2017     The federal government on Tuesday issued an alert detailing the North Korean government’s use of malware known as FALLCHILL, warning that North…
Read more

Adobe patches 67 vulnerabilities in Flash, Reader

The round of patches fixes critical issues, many of which lead to remote code execution.     By Charlie OsborneNovember 15, 2017       Adobe’s latest security update has swatted a total of 67 bugs, some of them critical, in Adobe Flash, Acrobat, and Reader. On Tuesday, the software provider released a security advisory…
Read more

Windows 10 defenses open to 17-year-old Office bug, but Microsoft’s just fixed it

Researchers find an obsolete Office tool that’s vulnerable and lacks any of Microsoft’s exploit mitigation tech.     By Liam Tung | November 15, 2017     Microsoft has patched a remote code execution bug that researchers found in remnants of a 17-year-old executable, unshielded by any of Microsoft’s modern Windows 10 exploit mitigations. Researchers…
Read more