Processor Vulnerabilities – Meltdown and Spectre
UPDATE 1/4/2018: Qualys has released several QIDs for detecting missing patches for these vulnerabilities. UPDATE 1/5/2018: Pre-built AssetView dashboards to visualize impact and remediation progress. Vulnerabilities potentially impacting all major processor vendors were disclosed today by Google.....
7.3AI Score
0.976EPSS
Meltdown and Spectre CPU Flaws Affect Intel, ARM, AMD Processors
Unlike the initial reports suggested about Intel chips being vulnerable to some severe ‘memory leaking’ flaws, full technical details about the vulnerabilities have now been emerged, which revealed that almost every modern processor since 1995 is vulnerable to the issues. Disclosed today by...
7AI Score
0.976EPSS
Intel In Security Hot Seat Over Reported CPU Design Flaw
UPDATE Intel is grappling with what many experts are describing as a processor design flaw impacting CPUs used in Linux, Windows and some macOS systems. The reported flaw is tied to Intel’s kernel virtual memory system that could allow an attacker to access kernel-protected data such as passwords.....
-0.2AI Score
A week in security (December 11 – December 17)
Last week we explained what fast flux is and how it's being abused, we showed you all kinds of Bitcoin-related scams, presented a video recording of a tech support scammer trying to sell free software, and pointed out some free software to keep an eye on your Internet traffic. We also informed you....
6.8AI Score
There’s a hole in my bucket: Bitcoin scams aim to exploit volatile market
Bitcoin! Black gold! Texas tea! Only one of these is currently worth ridiculous amounts of money (and technically numbers two and three are the same thing). Whether you're in possession of lots of Bitcoins, or in full bandwagon panic "must buy 20 graphics cards before the bubble bursts" mode, you.....
6.6AI Score
Google Patches Critical Encryption Bug Impacting Pixel, Nexus Phones
Google patched a critical encryption bug found on its Pixel, Pixel 2 and Nexus phones this week along with delivering 49 other fixes, part of its December Pixel / Nexus Security Bulletin. Five of the patches relate to vulnerabilities rated high. One of the patches (CVE-2017-13167) is for an...
2.2AI Score
0.001EPSS
Kaspersky Security Bulletin: Threat Predictions for 2018
Download the Kaspersky Security Bulletin: Threat Predictions for 2018 Introduction As hard as it is to believe, it's once again time for our APT Predictions. Looking back at a year like 2017 brings the internal conflict of being a security researcher into full view: on the one hand, each new event....
7.2AI Score
Updated opensc_etc packages fix security vulnerability
A vulnerability, dubbed ROCA, was identified in an implementation of RSA key generation due to a fault in a code library developed by Infineon Technologies. The affected encryption keys are used to secure many forms of technology, such as hardware chips, authentication tokens, software packages,...
5.9CVSS
1.3AI Score
0.004EPSS
Security update for the Linux Kernel (important)
The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.92 to receive various security and bugfixes. The following security bugs were fixed: CVE-2017-1000252: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (assertion failure, and...
8.7AI Score
0.004EPSS
What You Need To Know About The "ROCA" vulnerability
By Daniel Franke, Infosec Researcher Akamai is aware of the recently-disclosed "ROCA" vulnerability in cryptographic firmware used in products made by Infineon Technologies. A bug in the firmware's prime-search algorithm used for RSA key generation results in RSA keys that are relatively cheap and....
7AI Score
A week in security (October 16 – October 22)
Last week was an eventful one in security, keeping our research and intel teams on their toes. Multiple security researchers homed in on suspicious and malicious apps on Google Play, affecting thousands of Android users. A new variant of Mac malware Proton was also found in the wild, this time...
7.7AI Score
On ROCA, KRACK, BoundHook, Google Advanced Protection
Threatpost editors Mike Mimoso and Tom Spring recap this week’s infosec news starting with the ROCA vulnerabilities affecting factorization of RSA private keys, the KRACK WPA2 Wi-Fi vulnerabilities, the BoundHook attacks, and Google’s introduction of Advanced Protection for Gmail. Download:...
2.4AI Score
BoundHook Attack Exploits Intel Skylake MPX Feature
A post-intrusion technique developed by researchers at CyberArk Labs called BoundHooking allows attackers to exploit a feature in all Intel chips introduced since Skylake. The attack technique allows for the execution of code from any process without detection by antivirus software or other...
1.1AI Score
Serious Crypto-Flaw Lets Hackers Recover Private RSA Keys Used in Billions of Devices
If you think KRACK attack for WiFi is the worst vulnerability of this year, then hold on… ...we have got another one for you which is even worse. Microsoft, Google, Lenovo, HP and Fujitsu are warning their customers of a potentially serious vulnerability in widely used RSA cryptographic...
6.4AI Score
0.004EPSS
Factorization Flaw in TPM Chips Makes Attacks on RSA Private Keys Feasible
A flawed Infineon Technology chipset used on PC motherboards to securely store passwords, certificates and encryption keys risks undermining the security of government and corporate computers protected by RSA encryption keys. In a nutshell, the bug makes it possible for an attacker to calculate a.....
AI Score
0.004EPSS
Over The Air - Vol. 2, Pt. 3: Exploiting The Wi-Fi Stack on Apple Devices
Posted by Gal Beniamini, Project Zero In this blog post we’ll complete our goal of achieving remote kernel code execution on the iPhone 7, by means of Wi-Fi communication alone. After developing a Wi-Fi firmware exploit in the previous blog post, we are left with the task of using our newly...
7.4AI Score
October Patch Tuesday: 28 Critical Microsoft Vulnerabilities
Today Microsoft released patches covering 62 vulnerabilities as part of October’s Patch Tuesday update, with 30 of them affecting Windows. Patches covering 28 of these vulnerabilities are labeled as Critical, and 33 can result in Remote Code Execution. According to Microsoft, a vulnerability in...
8.5AI Score
0.955EPSS
Broadcom produces Wi-Fi HardMAC SoCs which are used to handle the PHY and MAC layer processing. These chips are present in both mobile devices and Wi-Fi routers, and are capable of handling many Wi-Fi related events without delegating to the host OS. On iOS, the "AppleBCMWLANBusInterfacePCIe"...
8.8AI Score
0.021EPSS
Apple: OOB NUL byte write when handling WLC_E_TRACE event packets(CVE-2017-7112)
Broadcom produces Wi-Fi HardMAC SoCs which are used to handle the PHY and MAC layer processing. These chips are present in both mobile devices and Wi-Fi routers, and are capable of handling many Wi-Fi related events without delegating to the host OS. On iOS, the "AppleBCMWLANBusInterfacePCIe"...
9AI Score
0.019EPSS
Apple: Information Leak when handling WLC_E_COUNTRY_CODE_CHANGED event packets(CVE-2017-7116)
Broadcom produces Wi-Fi HardMAC SoCs which are used to handle the PHY and MAC layer processing. These chips are present in both mobile devices and Wi-Fi routers, and are capable of handling many Wi-Fi related events without delegating to the host OS. On iOS, the "AppleBCMWLANBusInterfacePCIe"...
8.7AI Score
0.004EPSS
Broadcom produces Wi-Fi HardMAC SoCs which are used to handle the PHY and MAC layer processing. These chips are present in both mobile devices and Wi-Fi routers, and are capable of handling many Wi-Fi related events without delegating to the host OS. On iOS, the "AppleBCMWLANBusInterfacePCIe"...
9.1AI Score
0.019EPSS
A week in security (October 02 – October 08)
Last week, we gave you some tips for National Cybersecurity Awareness Month, walked through an exploration of a small adware file, and explored the complicated world of the Homograph attack. Here's what else happened in security. VB2017 Many of our team members attended VB2017 in Madrid, one of...
6.7AI Score
Nzyme collects 802.11 management frames directly from the air and sends them to a Graylog (Open Source log management) setup for WiFi IDS, monitoring, and incident response. It only needs a JVM and a WiFi adapter that supports monitor mode. Think about this like a long-term (months or years)...
6AI Score
On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56, an attacker can trigger an information leak due to insufficient length validation, related to ICMPv6 router advertisement...
7.5CVSS
7.3AI Score
0.004EPSS
On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56, an attacker can trigger an information leak due to insufficient length validation, related to ICMPv6 router advertisement...
7.5CVSS
8.3AI Score
0.004EPSS
On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56, an attacker can trigger an information leak due to insufficient length validation, related to ICMPv6 router advertisement...
7.5CVSS
7.3AI Score
0.004EPSS
On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56, an attacker can trigger an information leak due to insufficient length validation, related to ICMPv6 router advertisement...
7.3AI Score
0.004EPSS
8.8AI Score
0.004EPSS
Over The Air - Vol. 2, Pt. 2: Exploiting The Wi-Fi Stack on Apple Devices
Posted by Gal Beniamini, Project Zero In this blog post we’ll continue our journey towards over-the-air exploitation of the iPhone, by means of Wi-Fi communication alone. This part of the research will focus on the firmware running on Broadcom’s Wi-Fi SoC present on the iPhone 7. We’ll begin...
9.8CVSS
9.5AI Score
0.012EPSS
Broadcom: OOB write when handling 802.11k Neighbor Report Response(CVE-2017-11120)
Broadcom produces Wi-Fi HardMAC SoCs which are used to handle the PHY and MAC layer processing. These chips are present in both mobile devices and Wi-Fi routers, and are capable of handling many Wi-Fi related events without delegating to the host OS. In order to allow fast roaming between access...
10AI Score
0.008EPSS
Broadcom: Heap overflow when handling 802.11v WNM Sleep Mode Response(CVE-2017-7065)
Broadcom produces Wi-Fi HardMAC SoCs which are used to handle the PHY and MAC layer processing. These chips are present in both mobile devices and Wi-Fi routers, and are capable of handling many Wi-Fi related events without delegating to the host OS. In order to allow clients to configure...
8.8AI Score
0.006EPSS
Broadcom: Denial of service and OOB read in TCP KeepAlive Offloading(CVE-2017-7066)
Broadcom produces Wi-Fi HardMAC SoCs which are used to handle the PHY and MAC layer processing. These chips are present in both mobile devices and Wi-Fi routers, and are capable of handling many Wi-Fi related events without delegating to the host OS. In order to reduce overhead on the host, some...
8.2AI Score
0.001EPSS
Broadcom: Multiple overflows when handling 802.11r (FT) Reassociation Response(CVE-2017-11121)
Broadcom produces Wi-Fi HardMAC SoCs which are used to handle the PHY and MAC layer processing. These chips are present in both mobile devices and Wi-Fi routers, and are capable of handling many Wi-Fi related events without delegating to the host OS. In order to allow fast roaming between access...
9.1AI Score
0.002EPSS
On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, an attacker can craft a malformed RRM neighbor report frame to trigger an internal buffer overflow in the Wi-Fi firmware, aka...
9.8CVSS
9.6AI Score
0.008EPSS
On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, properly crafted malicious over-the-air Fast Transition frames can potentially trigger internal Wi-Fi firmware heap and/or stack overflows, leading to denial of service or other effects, aka...
9.8CVSS
9.1AI Score
0.002EPSS
On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, properly crafted malicious over-the-air Fast Transition frames can potentially trigger internal Wi-Fi firmware heap and/or stack overflows, leading to denial of service or other effects, aka...
9.8CVSS
9.2AI Score
0.002EPSS
On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, an attacker can craft a malformed RRM neighbor report frame to trigger an internal buffer overflow in the Wi-Fi firmware, aka...
9.8CVSS
9.5AI Score
0.008EPSS
On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, an attacker can craft a malformed RRM neighbor report frame to trigger an internal buffer overflow in the Wi-Fi firmware, aka...
9.8CVSS
9.5AI Score
0.008EPSS
On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, properly crafted malicious over-the-air Fast Transition frames can potentially trigger internal Wi-Fi firmware heap and/or stack overflows, leading to denial of service or other effects, aka...
9.8CVSS
9.2AI Score
0.002EPSS
Over The Air - Vol. 2, Pt. 1: Exploiting The Wi-Fi Stack on Apple Devices
Posted by Gal Beniamini, Project Zero Earlier this year we performed research into Broadcom’s Wi-Fi stack. Due to the ubiquity of Broadcom’s stack, we chose to conduct our prior research through the lens of one affected family of products -- the Android ecosystem. To paint a more complete picture.....
8.8CVSS
9.6AI Score
0.006EPSS
iPhone 7 and Samsung Galaxy S7 Wi-Fi Chip Hack Vulnerability
Exploit for hardware platform in category remote...
7.1AI Score
On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, an attacker can craft a malformed RRM neighbor report frame to trigger an internal buffer overflow in the Wi-Fi firmware, aka...
9.7AI Score
0.008EPSS
On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, properly crafted malicious over-the-air Fast Transition frames can potentially trigger internal Wi-Fi firmware heap and/or stack overflows, leading to denial of service or other effects, aka...
9.3AI Score
0.002EPSS
Signal Testing New Private Contact Discovery Service
Open Whisper Systems, the company behind the encrypted messaging app Signal, is testing a new private contact discovery service that in theory will allow the app to determine if a user has Signal contacts in their address book but forbid its servers from accessing the users’ address book. Moxie...
-0.2AI Score
Remote Wi-Fi Attack Backdoors iPhone 7
Google on Tuesday disclosed details and a proof-of-concept exploit for a Wi-Fi firmware vulnerability in Broadcom chipsets patched this week in iOS 11. The attack enables code execution and persistent presence on a compromised device. “The exploit gains code execution on the Wi-Fi firmware on the.....
0.6AI Score
0.008EPSS
Google Researcher Publishes PoC Exploit for Apple iPhone Wi-Fi Chip Hack
You have now another good reason to update your iPhone to newly released iOS 11—a security vulnerability in iOS 10 and earlier now has a working exploit publicly available. Gal Beniamini, a security researcher with Google Project Zero, has discovered a security vulnerability (CVE-2017-11120) in...
8.9AI Score
EPSS
Broadcom 802.11v WNM Sleep Mode Response Heap Overflow Vulnerability
Broadcom suffers from a heap overflow vulnerability when handling 802.11v WNM Sleep Mode...
0.1AI Score
0.006EPSS
Broadcom 802.11r (FT) Reassociation Response Overflows Vulnerability
Broadcom suffers from multiple overflow vulnerabilities when handling 802.11r (FT) Reassociation...
9.6AI Score
0.002EPSS
Apple PCIe Message Ring Protocol Race Conditions Vulnerability
Exploit for macOS platform in category dos /...
8.9AI Score
0.021EPSS
Apple WLC_E_COUNTRY_CODE_CHANGED Information Leak Vulnerability
Exploit for macOS platform in category dos /...
8.7AI Score
0.004EPSS