Tag Archives: Uncategorized

512-bit RSA key in home energy system gives control of “virtual power plant”

reader comments 78 When Ryan Castellucci recently acquired solar panels and a battery storage system for their home just outside of London, they were drawn to the ability to use an open source dashboard to monitor and control the flow of electricity being generated. Instead, they gained much, much more—some 200 megawatts of programmable capacity… Read More »

Mystery malware destroys 600,000 routers from a single ISP during 72-hour span

Getty Images reader comments 100 One day last October, subscribers to an ISP known as Windstream began flooding message boards with reports their routers had suddenly stopped working and remained unresponsive to reboots and all other attempts to revive them. “The routers now just sit there with a steady red light on the front,” one… Read More »

Linux maintainers were infected for 2 years by SSH-dwelling backdoor with huge reach

reader comments 16 Infrastructure used to maintain and distribute the Linux operating system kernel was infected for two years, starting in 2009, by sophisticated malware that managed to get a hold of one of the developers’ most closely guarded resources: the /etc/shadow files that stored encrypted password data for more than 550 system users, researchers… Read More »

Google patches its fifth zero-day vulnerability of the year in Chrome

reader comments 23 Google has updated its Chrome browser to patch a high-severity zero-day vulnerability that allows attackers to execute malicious code on end user devices. The fix marks the fifth time this year the company has updated the browser to protect users from an existing malicious exploit. The vulnerability, tracked as CVE-2024-4671, is a… Read More »

SSH protects the world’s most sensitive networks. It just got a lot weaker

Enlarge / Terrapin is coming for your data. Aurich Lawson | Getty Images reader comments 65 Sometime around the start of 1995, an unknown person planted a password sniffer on the network backbone of Finland’s Helsinki University of Technology (now known as Aalto University). Once in place, this piece of dedicated hardware surreptitiously inhaled thousands… Read More »

Intel fixes high-severity CPU bug that causes “very strange behavior”

reader comments 15 with Intel on Tuesday pushed microcode updates to fix a high-severity CPU bug that has the potential to be maliciously exploited against cloud-based hosts. The flaw, affecting virtually all modern Intel CPUs, causes them to “enter a glitch state where the normal rules don’t apply,” Tavis Ormandy, one of several security researchers… Read More »

This tiny device is sending updated iPhones into a never-ending DoS loop

Enlarge / A fully updated iPhone (left) after being force crashed by a Flipper Zero (right). Jeroen van der Ham reader comments 153 with One morning two weeks ago, security researcher Jeroen van der Ham was traveling by train in the Netherlands when his iPhone suddenly displayed a series of pop-up windows that made it… Read More »

Hackers can force iOS and macOS browsers to divulge passwords and much more

Kim et al. reader comments 49 with Researchers have devised an attack that forces Apple’s Safari browser to divulge passwords, Gmail message content, and other secrets by exploiting a side channel vulnerability in the A- and M-series CPUs running modern iOS and macOS devices. iLeakage, as the academic researchers have named the attack, is practical… Read More »

GPUs from all major suppliers are vulnerable to new pixel-stealing attack

reader comments 10 with GPUs from all six of the major suppliers are vulnerable to a newly discovered attack that allows malicious websites to read the usernames, passwords, and other sensitive visual data displayed by other websites, researchers have demonstrated in a paper published Tuesday. The cross-origin attack allows a malicious website from one domain—say,… Read More »

How China gets free intel on tech companies’ vulnerabilities

Wired staff; Getty Images reader comments 46 with For state-sponsored hacking operations, unpatched vulnerabilities are valuable ammunition. Intelligence agencies and militaries seize on hackable bugs when they’re revealed—exploiting them to carry out their campaigns of espionage or cyberwar—or spend millions to dig up new ones or to buy them in secret from the hacker gray… Read More »