So first off this week is something of a mystery. Microsoft released an out-of-cycle patch for Internet Explorer. The exploitability assessment from Microsoft indicates that this bug is under active exploitation, but not many details are available. Let’s take a look at what information has been released, and see what we can learn. A remote […]
A curious trend for some years in the world of PC hardware has been that of attaching LEDs to all the constituent parts of a computer. The idea is that somehow a gaming rig that looks badass will somehow be just a little bit faster. As [Graham Sutherland] discovered when he wanted to extinguish the […]
The ability to duplicate keys with a 3D printer is certainly nothing new, but so far we’ve only seen the technique used against relatively low hanging fruit. It’s one thing to print a key that will open a $15 Kwikset deadbolt from the hardware store or a TSA-approved “lock” that’s little more than a toy, […]
Of all the things which are annoying about the modern World Wide Web, the need to create and remember countless passwords is on the top of most people’s lists. From dozens of passwords for everything from social media sites to shopping, company, and productivity-related platforms like Github, a large part of our day is spent […]
VoIP cameras, DVRs, and other devices running the Web Services Dynamic Discovery (WSDD) protocol are being used in a new type of DDoS attack. This isn’t the first time a zeroconf service has been hijacked as part of a DDoS, as UPnP has also been abused in similar ways. Feel like alphabet soup yet? A […]
In a very mobile-centric installment, we’re starting with the story of a long-running iPhone exploitation campaign. It’s being reported that this campaign was being run by the Chinese government. Attack attribution is decidedly non-trivial, so let’s be cautious and say that these attacks were probably Chinese operations. In any case, Google’s Project Zero was the […]
How do you keep people out of your change jar? If you didn’t say with a 3D printed iris mechanism and high-voltage spark gap, then clearly you aren’t [Vije Miller]. Which is probably for the best, as we’re not sure we actually want to live in a world where there are two of these things. […]
[Matheus Garbelini] just came out with three (3!) different WiFi attacks on the popular ESP32/8266 family of chips. He notified Espressif first (thanks!) and they’ve patched around most of the vulnerabilities already, but if you’re running software on any of these chips that’s in a critical environment, you’d better push up new firmware pretty quick. […]
We’ll start with more Black Hat/DEFCON news. [Meh Chang] and [Orange Tsai] from Devcore took a look at Fortinet and Pulse Secure devices, and found multiple vulnerabilities. (PDF Slides) They are publishing summaries for that research, and the summary of the Fortinet research is now available. It’s… not great. There are multiple pre-authentication vulnerabilities, as […]