exploit

Zero-Day-Lücke in Qualcomm-Mobilprozessoren bereits vereinzelt angegriffen

Etliche Snapdragon-Chips für Android-Geräte weisen eine als kritisch eingestufte Sicherheitslücke auf. Sie wurde schon vereinzelt und gezielt ausgenutzt.

https://www.heise.de/news/Zero-Day-Luecke-in-Qualcomm-Mobilprozessoren-bereits-vereinzelt-angegriffen-9977340.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#Android #Qualcomm #Security #Sicherheitslücken #Smartphone #Exploit #news

I also have to patch my desktops BIOS on both of my boxes due to a vulnerability disclosed at @defcon while I was there. So I guess I will get to doing that on both the main Linux workstation and the Windows Enterprise box which handles my OBS streams this weekend. That's annoying as it means I have to reapply my memory tweaks and fan curves. #Infosec #cybersecurity #linux #windows #exploit #defcon

🚨 #Security #Alert! 🚨
If you run a #PHP-based website, the time to update PHP is NOW!

A critical vulnerability (CVE-2024-4577) has been found and it's already being exploited in the wild.

https://arstechnica.com/security/2024/06/thousands-of-servers-infected-with-ransomware-via-critical-php-vulnerability/

#security #hack #vulnerability #exploit #web

Oof, this is a bad one. A vulnerability was found in the UEFI reference design, a firmware codebase used by virtually all popular Windows and Linux PCs. The exploit uses a bug in an image decoder (yep, image decoders, once again) that runs during boot *before* most security countermeasures are installed.

The image used during boot is configurable from userland. So an exploit can run during a user session, after which the next reboot will be compromised.

“Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack”

#software #security #exploit

https://arstechnica.com/security/2023/12/just-about-every-windows-and-linux-device-vulnerable-to-new-logofail-firmware-attack/