Tag

Technology Security

All articles tagged with #technology security

technology-security16 hours ago

Microsoft patches a record 570 flaws in AI-augmented Patch Tuesday

Microsoft released a record Patch Tuesday fixing at least 570 vulnerabilities across Windows and related software, driven by AI-driven vulnerability discovery; about 60 are critical and three zero-days are already being exploited. Highlights include CVE-2026-56155 (Active Directory Federation Services), CVE-2026-56164 (SharePoint), and CVE-2026-50661 (BitLocker bypass), plus a Copilot remote code execution flaw (CVE-2026-48561). Industry experts warn exploitability ratings may lag AI-enabled discovery as patch cadences rise across vendors. Users are advised to back up systems and consider delaying updates if stability is a concern.

RedHook variant weaponizes Wireless ADB to gain shell control on Android
technology-security2 days ago

RedHook variant weaponizes Wireless ADB to gain shell control on Android

A new RedHook Android malware variant abuses Wireless ADB to obtain shell-level privileges without a PC by tricking victims into granting Accessibility permissions and using Shizuku to run privileged commands. It effectively turns the phone into its own ADB client (via 127.0.0.1), enabling 53 commands including screen streaming, input simulation, app install/uninstall, data theft, overlays, and even camera access, all without device rooting. The malware uses multiple persistence methods (silent audio, WakeLocks, dual services, watchdog, boot autostart, and oom_score_adj) and is distributed via social engineering that impersonates government or financial institutions to push fake Google Play sites. Users are advised to only install from Google Play, scrutinize permissions, and keep Play Protect enabled.

technology-security2 months ago

Dirty Frag: Early Disclosure Lets Linux Root on Major Distros

A Linux local privilege escalation named 'Dirty Frag' was publicly disclosed early, enabling local users to obtain root by exploiting decryption fast paths in the esp4, esp6, and rxrpc kernel code; with no CVEs or patches yet due to the embargo break, a workaround exists to disable the affected modules via: sh -c "printf 'install esp4 /bin/false\ninstall esp6 /bin/false\ninstall rxrpc /bin/false\n' > /etc/modprobe.d/dirtyfrag.conf; rmmod esp4 esp6 rxrpc 2>/dev/null; true"; Alma Linux has released early patches for testing, and oss-security has more details; this situation means risk on most major distros until patches are issued.

Nvidia Responds Briefly to China
world11 months ago

Nvidia Responds Briefly to China

Nvidia is caught in a geopolitical struggle as it faces accusations from Chinese state media that its chips pose a security threat, following a deal with the US to sell chips in China that involves a controversial revenue-sharing agreement. The company denies any security risks, emphasizing the importance of trust in its technology amidst tensions between the US and China.

"Unpatchable Apple Chip Flaw Exposes Encryption Keys"
technology-security2 years ago

"Unpatchable Apple Chip Flaw Exposes Encryption Keys"

A flaw in Apple's M-series chips allows attackers to exploit the data memory-dependent prefetcher to reveal encryption keys, posing a virtually unpatchable threat. The US warns of potential cyberattacks on water systems by hackers from Iran and China, while a new Russian wiper malware, AcidPour, threatens communication networks. Additionally, China-linked hacker group Earth Krahang has targeted organizations worldwide, breaching 70 entities, including 48 government organizations.

"Wyze Customers Exposed to Home Surveillance Glitch"
technology-security2 years ago

"Wyze Customers Exposed to Home Surveillance Glitch"

WYZE customers report being able to see inside other people's homes due to a glitch in the home security camera system, with one woman in South Bend, Indiana, witnessing footage from a different time zone. The company's office was found nearly empty, with no one available to address the issue. WYZE has acknowledged disruptions and login difficulties, and disabled the events tab in the app to investigate the security issue. Customers are concerned about the breach's implications for their privacy and security.

"26 Billion Records Stolen: The Mother of All Data Breaches"
technology-security2 years ago

"26 Billion Records Stolen: The Mother of All Data Breaches"

A massive data breach, dubbed the "Mother of All Breaches," has exposed 26 billion records from popular sites like LinkedIn, Twitter, and more, making it the largest breach in history. The compromised data includes sensitive information, posing a significant risk for identity theft and cyberattacks. While the source of the breach remains unknown, experts advise users to be vigilant against phishing scams, change their passwords, and enable two-factor authentication for all accounts.