12 matches found
AMD SEV Confidential Computing Vulnerability
AMD ID: AMD-SB-3019 Potential Impact: Loss of the SEV-based protection of a confidential guest. Severity: High Summary Researchers from Google®have provided AMD with information on a potential vulnerability that, if successfully exploited, could lead to the loss of SEV-based protection of a...
PT-2024-40128 · Unknown · Unzip-Stream
Name of the Vulnerable Software and Affected Versions: unzip-stream versions prior to 0.3.2 Description: The issue allows malicious zip files to write to unauthorized paths when using the Extract method of unzip-stream. A researcher from Google, Justin Taft, discovered this issue. Recommendations...
A ‘Magical Bug’ Exposed Any iPhone in a Hacker's Wi-Fi Range
A Google researcher found flaws in Apple's AWDL protocol that would have allowed for a complete device takeover...
The WannaCry Ransomware Has a Link to Suspected North Korean Hackers
A Google researcher has identified a telltale chunk of code shared between the ransomware and malware used by suspected DPRK hackers. The post The WannaCry Ransomware Has a Link to Suspected North Korean Hackers appeared first on WIRED...
Tavis Ormandy Discloses Comodo GeekBuddy VNC Server
Just when you thought it was safe to dive back into the Comodo waters, Google researcher Tavis Ormandy has surfaced with more trouble. Publicly disclosed yesterday on the Google Project Zero site, Ormandy said that a tech support application called GeekBuddy installed with Comodo Internet Securit...
Google Project Zero Discloses Windows Zero Day
Update: Google’s Project Zero has disclosed the details of an unpatched Windows vulnerability reported to Microsoft in September. The disclosure was made on Monday upon the expiration of 90-day waiting period imposed by Google researchers. Microsoft has yet to patch the Windows 8.1 vulnerability...
Google Researcher Reveals Zero-Day Windows 8.1 Vulnerability
A Google security researcher, 'James Forshaw' has discovered a privilege escalation vulnerability in Windows 8.1 that could allow a hacker to modify contents or even to take over victims' computers completely, leaving millions of users vulnerable. The researcher also provided a Proof of Concept P...
Internet Explorer vulnerability exposed by Google Researcher used in targeted attacks
Google and Microsoft are at each other's throats again. In a recent statement, Microsoft says hackers have been actively exploiting a vulnerability that was publicly disclosed by a Google researcher, Tavis Ormandy. Microsoft addressed the vulnerability in its monthly "Patch Tuesday" package of...
Attackers Exploiting Windows Help Center Flaw
Researchers have found evidence that attackers are exploiting the vulnerability in the Windows Help and Support Center that was at the center of so much controversy last week. The flaw, which is in the protocol handler related to the Microsoft Windows Help and Support Center, was disclosed late...
This Week In Security: The Full Disclosure Rabbit Hole Re-Opens
Had you gone to sleep in 2004 and woken up three days ago, you’d be forgiven for thinking you’d only slept a few hours instead of a few years. This week saw the inglorious return of not just the full disclosure debate, but also of the heated rhetoric that usually accompanies it. Had you awoken to...
Google Researcher Ships Exploit to Defeat ASLR+DEP
A prominent security researcher has released an exploit that uses a new technique to defeat ALSR + DEP on Microsoft’s Windows operating system. The exploit, released by Google security researcher “SkyLined,” uses the ret-into-libc technique to bypass DEP Data Execution Prevention and launch code...
Microsoft Confirms Unpatched Windows Kernel Flaw
One day after a Google security researcher releases code to expose a flaw that affects every release of the Windows NT kernel — from Windows NT 3.1 1993 up to and including Windows 7 2009 — Microsoft has released a security advisory to acknowledge the issue and warn of the risk of privilege...