The author of the BlueHammer exploit, which was released earlier this month and addressed in the last Patch Tuesday, continues to be annoyed with the responses from the Microsoft security research and vulnerability response team, and has released another Windows zero-day attack against Windows Defender. The RedSun exploit targets a logic and timing error in […]
If you’ve ever looked at widgets on your iPhone, you’ve probably noticed they’re largely static, save for a few first-party apps. By and large, third party developers are not supposed to be able to animate them. However, [Bryce Bostwick] found a workaround. You might be confused as to the idea of animated widgets, but it’s […]
[Georges Gagnerot] has been trying to emulate iOS and run iPhone software in a virtual environment. There were a few choices, and qemu-t8030 had a number of interesting features that you can check out in his post. The project requires a patched QEMU, and [Georges] did some basic jailbreaking techniques. The real problem, of course, […]
In a very mobile-centric installment, we’re starting with the story of a long-running iPhone exploitation campaign. It’s being reported that this campaign was being run by the Chinese government. Attack attribution is decidedly non-trivial, so let’s be cautious and say that these attacks were probably Chinese operations. In any case, Google’s Project Zero was the […]
I’m sure you’ve heard of Spectre, which was the first of many speculative execution vulnerabilities found in modern processors. A new one just popped up this week. At Blackhat on Tuesday, CVE-2019-1125 was announced by Bitdefender as SWAPGS. SWAPGS is an x86_64 instruction that is intended for use in context switching, that is when execution […]
Remember the end of GandCrab we talked about a couple weeks back? A new wrinkle to this story is the news that a coalition of law enforcement agencies and security researchers have released a decrypter and the master decryption keys for that ransomware. It’s theorized that researchers were able to breach the command and control […]