Wi-Fi Chip Firmware Flaws Enable Over-the-Air Hacking

Wi-Fi Chip Firmware Flaws Enable Over-the-Air Hacking

Editor’s Note: This post was updated Jan. 29 to include a statement from Marvell Wi-Fi chips used in several gaming consoles, Chromebooks, streaming boxes, routers and other types of devices have several ...
Security Boulevard
Windows VCF Zero-Day Exploit Allows Remote Code Execution

Windows VCF Zero-Day Exploit Allows Remote Code Execution

A new unpatched vulnerability in Windows has been disclosed along with proof-of-concept exploit code. It could allow hackers to more easily install malware on computers, but it requires user interaction. The vulnerability ...
Security Boulevard
Microsoft’s Johnson: Data Breach Disclosures

New Windows Zero-day Bug Allows Deleting Arbitrary Files

A security researcher released exploit code for an unpatched bug in Windows that could allow an attacker with limited privileges to delete system files. Exploiting the bug requires winning a race condition ...
Security Boulevard
Fileless Malware Rapid Expansion

Researcher Drops Third Windows Zero-Day Exploit in Four Months

A security researcher who uses the online handle SandboxEscaper has published proof-of-concept exploit code for an unpatched vulnerability in Windows. The flaw is located in the “MsiAdvertiseProduct” function, which, according to Microsoft’s ...
Security Boulevard
North Korean APT Group Targets Academia via Malicious Chrome Extensions

North Korean APT Group Targets Academia via Malicious Chrome Extensions

Security researchers have uncovered an APT group with possible ties to North Korea that has targeted academic institutions since May. The group, dubbed Stolen Pencil by researchers from Netscout, send spear-phishing emails ...
Security Boulevard
Zero-Day Exploit Published for VM Escape Flaw in VirtualBox

Zero-Day Exploit Published for VM Escape Flaw in VirtualBox

A security researcher disclosed a yet unpatched zero-day vulnerability in the popular VirtualBox virtualization software that can be exploited from a guest operating system to break out of the virtual machine and ...
Security Boulevard
Microsoft's JET Vulnerability Patch Incomplete, Researchers Say

Microsoft’s JET Vulnerability Patch Incomplete, Researchers Say

The patch released by Microsoft last week for a zero-day flaw in the JET database engine is incomplete and does not fully address the issue, according to a vulnerability research firm. The ...
Security Boulevard
Zero-Day RCE Flaw Found in Microsoft JET Database Engine

Zero-Day RCE Flaw Found in Microsoft JET Database Engine

Trend Micro’s Zero Day Initiative (ZDI) team has publicly disclosed a serious remote code execution vulnerability in the Microsoft JET Database engine which is used by several Microsoft products. ZDI decided to ...
Security Boulevard
China Gifts African Union

Hackers Replace MEGA Chrome Extension with Trojanized Version

Users of the Mega.nz file hosting and sharing service were targeted through a supply chain attack in which hackers replaced the company’s official Chrome extension with a malicious version. The attack happened ...
Security Boulevard
Unofficial Patch Available for Latest Windows Zero-Day Exploit

Unofficial Patch Available for Latest Windows Zero-Day Exploit

While Microsoft is still working on fixing a recently disclosed privilege escalation vulnerability in Windows, security firm ACROS Security has stepped in to provide a temporary patch for the flaw. The unofficial ...
Security Boulevard
Loading...