New Linux Kernel bug (dubbed Dirty Pipe) allows a regular user to escalate privileges to root. More
Google buys cybersecurity giant Mandiant for $5.4 billion to strengthen their cloud security. More.
Nvidia was hacked. Attackers got employee passwords and some proprietary information which they leaked online (DLSS source code). Two expired code-signing certificates were also in the leak. Malware signed with these certificates was already spotted in the wild. Windows still trusts them, even if expired, but they can be blocked. Hackers also demanded Nvidia to remove a feature that limits the Ethereum mining performance on some GPUs. More
Same hacker group breached Samsung and leaked 200 GB of source code. Samsung confirmed the leak concerns Galaxy devices. More
The hacker group is preparing for more leaks. Candidates seem to be MercadoLibre (breach confirmed here), Impresa (confirmed) and Vodafone (confirmed).
Researchers from Amsterdam discovered a new variant of the Spectre attack that bypasses existing mitigations. Intel confirmed. ARM also confirmed. A video demonstrating the exploit by extraction the root password from the /etc/shadow file is available here. More
APT41 compromised six US State government networks by exploiting vulnerable Internet facing web applications. In the process, they used a zero-day vulnerability in the USAHerds application (CVE-2021-44207) and the infamous Log4j vulnerability (CVE-2021-44228). More
Security researchers found a way to make the Amazon Echo hack itself using self-issuing voice commands. More
Don’t have time to check this page? You can get the news summary every week in your email inbox by subscribing to my newsletter.
OSCE3, OSEP, OSED, OSWE, OSCP certified. Over 10 years of experience in the IT industry, now working in Product Security and leading a Red Team. Huge Offensive Security and CTF nerd. I enjoy music, teaching and hiking.