Security
Headlines
HeadlinesLatestCVEs

Tag

#bios

Dell Urges Immediate Update to Fix Critical Power Manager Vulnerability

A critical security flaw in Dell Power Manager has been discovered that could allow attackers to compromise your systems and execute arbitrary code.

HackRead
#vulnerability#ios#amazon#bios#auth#dell#zero_day#jira
'Bootkitty' First Bootloader to Take Aim at Linux

Though it's still just a proof of concept, the malware is functional and can evade the Secure Boot process on devices from multiple vendors.

Linux 6.6 Race Condition

A security-relevant race between mremap() and THP code has been discovered. Reaching the buggy code typically requires the ability to create unprivileged namespaces. The bug leads to installing physical address 0 as a page table, which is likely exploitable in several ways: For example, triggering the bug in multiple processes can probably lead to unintended page table sharing, which probably can lead to stale TLB entries pointing to freed pages.

Inside the Booming ‘AI Pimping’ Industry

AI-generated influencers based on stolen images of real-life adult content creators are flooding social media.

Unwrapping the emerging Interlock ransomware attack

Cisco Talos Incident Response (Talos IR) recently observed an attacker conducting big-game hunting and double extortion attacks using the relatively new Interlock ransomware.

TeamTNT Exploits 16 Million IPs in Malware Attack on Docker Clusters

This article details a new campaign by TeamTNT, a notorious hacking group, leveraging exposed Docker daemons to deploy…

Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining

The infamous cryptojacking group known as TeamTNT appears to be readying for a new large-scale campaign targeting cloud-native environments for mining cryptocurrencies and renting out breached servers to third-parties. "The group is currently targeting exposed Docker daemons to deploy Sliver malware, a cyber worm, and cryptominers, using compromised servers and Docker Hub as the infrastructure

Android GKI Kernels Use-After-Free

Android GKI kernels contain broken non-upstream Speculative Page Faults MM code that can lead to use-after-free conditions.

New Flaws in Sonos Smart Speakers Allow Hackers to Eavesdrop on Users

Cybersecurity researchers have uncovered weaknesses in Sonos smart speakers that could be exploited by malicious actors to clandestinely eavesdrop on users. The vulnerabilities "led to an entire break in the security of Sonos's secure boot process across a wide range of devices and remotely being able to compromise several devices over the air," NCC Group security researchers Alex Plaskett and

Surface Pro 3 BIOS False Health Attestation / TPM Carte Blanche

On Surface Pro 3 with the SHA1 and SHA256 PCRs enabled on the TPM, BIOS version 3.11.2550 and earlier, only the SHA1 PCRs are extended by the firmware. This means that an adversary can boot into an unmeasured OS and extend the PCRs with false measurements to obtain false attestations. This is a proof of concept exploit from Google.