Mar 03, 2023Ravie LakshmananEnterprise Security / IoT A pair of serious security defects has been disclosed in the Trusted Platform Module (TPM) 2.0 reference library specification that could potentially lead to information disclosure or privilege escalation. One of the vulnerabilities, CVE-2023-1017, concerns an out-of-bounds write, while the other, CVE-2023-1018, is … [Read more...] about New Flaws in TPM 2.0 Library Pose Threat to Billions of IoT and Enterprise Devices
Billions
A Critical Random Number Generator Flaw Affects Billions of IoT Devices
A critical vulnerability has been disclosed in hardware random number generators used in billions of Internet of Things (IoT) devices whereby it fails to properly generate random numbers, thus undermining their security and putting them at risk of attacks. "It turns out that these 'randomly' chosen numbers aren't always as random as you'd like when it comes to IoT devices," … [Read more...] about A Critical Random Number Generator Flaw Affects Billions of IoT Devices
Popular iOS SDK Accused of Spying on Billions of Users and Committing Ad Fraud
A popular iOS software development kit (SDK) used by over 1,200 apps—with a total of more than a billion mobile users—is said to contain malicious code with the goal of perpetrating mobile ad-click fraud and capturing sensitive information.According to a report published by cybersecurity firm Snyk, Mintegral — a mobile programmatic advertising platform owned by Chinese mobile … [Read more...] about Popular iOS SDK Accused of Spying on Billions of Users and Committing Ad Fraud
Critical GRUB2 Bootloader Bug Affects Billions of Linux and Windows Systems
A team of cybersecurity researchers today disclosed details of a new high-risk vulnerability affecting billions of devices worldwide—including servers and workstations, laptops, desktops, and IoT systems running nearly any Linux distribution or Windows system.Dubbed 'BootHole' and tracked as CVE-2020-10713, the reported vulnerability resides in the GRUB2 bootloader, which, if … [Read more...] about Critical GRUB2 Bootloader Bug Affects Billions of Linux and Windows Systems
New Ripple20 Flaws Put Billions of Internet-Connected Devices at Risk of Hacking
The Department of Homeland Security and CISA ICS-CERT today issued a critical security advisory warning about over a dozen newly discovered vulnerabilities affecting billions of Internet-connected devices manufactured by over 500 vendors across the globe.Dubbed "Ripple20," the set of 19 vulnerabilities resides in a low-level TCP/IP software library developed by Treck, which, if … [Read more...] about New Ripple20 Flaws Put Billions of Internet-Connected Devices at Risk of Hacking