Multiple “CIA failures” led to theft of agency’s top-secret hacking tools

[ad_1] Enlarge / CIA headquarters. In early 2017, WikiLeaks began publishing details of top-secret CIA hacking tools that researchers soon confirmed were part of a large tranche of confidential documents stolen from one of the agency’s isolated, high-security networks. The leak—comprising as much as 34 terabytes of information and representing the CIA’s biggest data loss…

Intel will soon bake anti-malware defenses directly into its CPUs

[ad_1] Enlarge / A mobile PC processor code-named Tiger Lake. It will be the first CPU to offer a security capability known as Control-Flow Enforcement Technology. Intel The history of hacking has largely been a back-and-forth game, with attackers devising a technique to breach a system, defenders constructing a countermeasure that prevents the technique, and…

UPnP flaw exposes millions of network devices to attacks over the Internet

[ad_1] Millions of routers, printers, and other devices can be remotely commandeered by a new attack that exploits a security flaw in the Universal Plug and Play network protocol, a researcher said. CallStranger, as the exploit has been named, is most useful for forcing large numbers of devices to participate in distributed denial of service—or…

Exploit code for wormable flaw on unpatched Windows devices published online

[ad_1] A researcher has published exploit code for a Microsoft Windows vulnerability that, when left unpatched, has the potential to spread from computer to computer with no user interaction. So-called wormable security flaws are among the most severe, because the exploit of one vulnerable computer can start a chain reaction that rapidly spreads to hundreds…

Attackers exploit 0-day code-execution flaw in the Sophos firewall

[ad_1] Users of a widely used firewall from Sophos have been under a zero-day attack that was designed to steal usernames, cryptographically protected passwords, and other sensitive data, officials with the security firm said on Sunday. The well-researched and developed attack exploited a SQL injection flaw in fully patched versions of the Sophos XG Firewall.…

That no-click iOS 0-day reported to be under exploit doesn’t exist, Apple says

[ad_1] Apple is disputing the accuracy of this week’s report that found attackers have been exploiting an unpatched iOS bug that allowed them to take full control of iPhones. San Francisco-based security firm ZecOps said on Wednesday that attackers had used the zero-day exploit against at least six targets over a span of at least…

A critical iPhone and iPad bug that lurked for 8 years is under active attack

[ad_1] ZecOps A critical bug that has lurked in iPhones and iPads for eight years is under active attack by sophisticated hackers who are using a zero-day exploit to hack the devices of high-profile targets, a security firm reported on Wednesday. The exploit is triggered by sending booby-trapped emails that, in some cases, require no…

Microsoft patches 4 Windows 0days under active exploit

[ad_1] Enlarge / A person seems to be on the dwelling display for the “new” Windows 7 platform when it was launched in October 2009. Microsoft has ended help, however the OS lives on. Microsoft has patched 4 actively exploited vulnerabilities that enable attackers to execute malicious code or elevate system privileges on units that…