A new piece of research from academics at ETH Zurich has identified a number of critical security issues in the MEGA cloud storage service that could be leveraged to break the confidentiality and integrity of user data. In a paper titled "MEGA: Malleable Encryption Goes Awry," the researchers point out how MEGA's system does not protect its users against a malicious server, … [Read more...] about Researchers Uncover Ways to Break the Encryption of ‘MEGA’ Cloud Storage Service
Researchers
Researchers Disclose Rooting Backdoor in Mitel IP Phones for Businesses
Cybersecurity researchers have disclosed details of two medium-security flaws in Mitel 6800/6900 desk phones that, if successfully exploited, could allow an attacker to gain root privileges on the devices. Tracked as CVE-2022-29854 and CVE-2022-29855 (CVSS score: 6.8), the access control issues were discovered by German penetration testing firm SySS, following which patches … [Read more...] about Researchers Disclose Rooting Backdoor in Mitel IP Phones for Businesses
MIT Researchers Discover New Flaw in Apple M1 CPUs That Can’t Be Patched
A novel hardware attack dubbed PACMAN has been demonstrated against Apple's M1 processor chipsets, potentially arming a malicious actor with the capability to gain arbitrary code execution on macOS systems. It leverages "speculative execution attacks to bypass an important memory protection mechanism, ARM Pointer Authentication, a security feature that is used to enforce … [Read more...] about MIT Researchers Discover New Flaw in Apple M1 CPUs That Can’t Be Patched
Researchers Find Bluetooth Signals Can be Fingerprinted to Track Smartphones
A new research undertaken by a group of academics from the University of California San Diego has revealed for the first time that Bluetooth signals can be fingerprinted to track smartphones (and therefore, individuals). The identification, at its core, hinges on imperfections in the Bluetooth chipset hardware introduced during the manufacturing process, resulting in a "unique … [Read more...] about Researchers Find Bluetooth Signals Can be Fingerprinted to Track Smartphones
Researchers Warn of Unpatched “DogWalk” Microsoft Windows Vulnerability
An unofficial security patch has been made available for a new Windows zero-day vulnerability in the Microsoft Support Diagnostic Tool (MSDT), even as the Follina flaw continues to be exploited in the wild. The issue — referenced as DogWalk — relates to a path traversal flaw that can be exploited to stash a malicious executable file to the Windows Startup folder when a … [Read more...] about Researchers Warn of Unpatched “DogWalk” Microsoft Windows Vulnerability
Watch Out! Researchers Spot New Microsoft Office Zero-Day Exploit in the Wild
Cybersecurity researchers are calling attention to a zero-day flaw in Microsoft Office that could be abused to achieve arbitrary code execution on affected Windows systems. The vulnerability came to light after an independent cybersecurity research team known as nao_sec uncovered a Word document ("05-2022-0438.doc") that was uploaded to VirusTotal from an IP address in … [Read more...] about Watch Out! Researchers Spot New Microsoft Office Zero-Day Exploit in the Wild
Researchers Find Backdoor in School Management Plugin for WordPress
Multiple versions of a WordPress plugin by the name of "School Management Pro" harbored a backdoor that could grant an adversary complete control over vulnerable websites. The issue, spotted in premium versions before 9.9.7, has been assigned the CVE identifier CVE-2022-1609 and is rated 10 out of 10 for severity. The backdoor, which is believed to have existed since version … [Read more...] about Researchers Find Backdoor in School Management Plugin for WordPress
Researchers Expose Inner Workings of Billion-Dollar Wizard Spider Cybercrime Gang
The inner workings of a cybercriminal group known as the Wizard Spider have been exposed, shedding light on its organizational structure and motivations. "Most of Wizard Spider's efforts go into hacking European and U.S. businesses, with a special cracking tool used by some of their attackers to breach high-value targets," Swiss cybersecurity company PRODAFT said in a new … [Read more...] about Researchers Expose Inner Workings of Billion-Dollar Wizard Spider Cybercrime Gang
Researchers Find Potential Way to Run Malware on iPhone Even When it’s OFF
A first-of-its-kind security analysis of iOS Find My function has identified a novel attack surface that makes it possible to tamper with the firmware and load malware onto a Bluetooth chip that's executed while an iPhone is "off." The mechanism takes advantage of the fact that wireless chips related to Bluetooth, Near-field communication (NFC), and ultra-wideband (UWB) … [Read more...] about Researchers Find Potential Way to Run Malware on iPhone Even When it’s OFF
Researchers Warn of ‘Raspberry Robin’ Malware Spreading via External Drives
Cybersecurity researchers have discovered a new Windows malware with worm-like capabilities and is propagated by means of removable USB devices. Attributing the malware to a cluster named "Raspberry Robin," Red Canary researchers noted that the worm "leverages Windows Installer to reach out to QNAP-associated domains and download a malicious DLL." The earliest signs of the … [Read more...] about Researchers Warn of ‘Raspberry Robin’ Malware Spreading via External Drives