November 15, 2023 at 11:11AM The encryption algorithms used to secure emergency radio communications will be released to the public domain, after vulnerabilities were found in TETRA. The decision to go public is a complete turn from ETSI, which initially denied vulnerabilities. The algorithms will be open to academic research for independent reviews. No date … Read more
November 14, 2023 at 05:49PM Microsoft released a November update with 63 bug fixes, including three actively exploited zero-day vulnerabilities. One of the bugs, CVE-2023-36036, allows attackers to acquire system-level privileges through Windows Cloud Files Mini Filter Driver. CVE-2023-36033 provides system-level access through the Windows DWM Core Library, and CVE-2023-36025 allows attackers to bypass Windows … Read more
November 14, 2023 at 03:31PM Chinese state-sponsored actors have become adept at exploiting zero-day vulnerabilities to conduct espionage, posing a significant and persistent threat to global organizations. Recent reports indicate that these actors are increasingly targeting public-facing devices, including firewalls, hypervisors, and email security tools. The success of these attacks is facilitated by threat sharing … Read more
October 30, 2023 at 09:45AM The Pwn2Own Toronto 2023 hacking competition concluded with a total of 58 vulnerabilities exploited. Participants earned over $1 million in rewards by successfully targeting routers, printers, smart speakers, NAS products, surveillance systems, and mobile phones. The highest reward of $100,000 was given to Chris Anastasio on the second day of … Read more
October 27, 2023 at 03:04PM The Pwn2Own Toronto 2023 hacking competition concluded with security researchers earning $1,038,500 for 58 zero-day exploits targeting mobile and IoT devices. The Samsung Galaxy S23 was hacked four times, while no teams attempted to hack the Apple iPhone 14 and Google Pixel 7. Team Viettel emerged as the winner, followed … Read more