Tag: vulnerability

KrØØk: Serious vulnerability affected encryption of billion+ Wi‑Fi devices

March 2, 2020

ESET researchers uncover a previously unknown security flaw allowing an adversary to decrypt some wireless network packets transmitted by vulnerable devices. ESET Research has published its latest white paper, KrØØk – CVE-2019-15126: Serious vulnerability deep inside your Wi-Fi encryption. This blogpost summarizes that white paper, authored by researchers Miloš Čermák, Robert Lipovský and Štefan Svorenčík. For updated … More KrØØk: Serious vulnerability affected encryption of billion+ Wi‑Fi devices

Google: Flaws in Apple’s privacy tool could enable tracking

January 27, 2020

Safari’s anti-tracking feature could apparently give access to users’ browsing habits. An anti-tracking tool baked into Apple’s Safari web browser was found to contain flaws that, if abused, could enable the very thing that the tool was designed to prevent, according to a team of Google researchers. In a recently released report, the researchers disclosed multiple … More Google: Flaws in Apple’s privacy tool could enable tracking

Microsoft exposed 250 million customer support records

January 23, 2020

Databases containing 14 years’ worth of customer support logs were publicly accessible with no password protection. Over 250 million customer service and support records were exposed by Microsoft over a two-day period in December 2019 due to a server misconfiguration. Since the records weren’t secured with any authentication measures, anyone with an internet connection and … More Microsoft exposed 250 million customer support records

New Internet Explorer zero‑day remains unpatched

January 21, 2020

You may want to implement a workaround or stop using the browser altogether, at least until Microsoft issues a a fix. Microsoft has released a security advisory alerting users to an as-yet unpatched vulnerability in its Internet Explorer (IE) web browser that is being exploited in limited targeted attacks. The zero-day, which is tracked as CVE-2020-0674, is a … More New Internet Explorer zero‑day remains unpatched

Millions of modems at risk of remote hijacking

January 15, 2020

Multiple cable modem models from various manufacturers found vulnerable to takeover attacks. Hundreds of millions of cable modems from various manufacturers may be susceptible to a critical vulnerability that can enable attackers to intercept people’s private messages or redirect their internet traffic, new research has found. Tracked as CVE-2019-19494 and nicknamed Cable Haunt, the vulnerability is estimated to … More Millions of modems at risk of remote hijacking

Google disables Xiaomi smart home integration after camera bug

January 7, 2020

A Xiaomi security camera owner reports receiving random images from strangers’ homes. Smart-home security appliances are not always what they are made out to be and recently some have been running into more problems than is healthy. Some smart doorbells have been caught recording more data than thought, while Wyze Labs, which makes connected home gadgets, has been … More Google disables Xiaomi smart home integration after camera bug

Microsoft issues patch for Internet Explorer zero‑day

November 15, 2019

The critical vulnerability could also be exploited via a malicious Microsoft Office document. Microsoft has shipped out a fix for a critical flaw in Internet Explorer (IE) that is being exploited in the wild. Tracked as CVE-2019-1429, the vulnerability is part of this month’s batch of regular security updates known as Patch Tuesday. The zero-day … More Microsoft issues patch for Internet Explorer zero‑day