Intel patches a remote code execution bug hidden in its chips since 2008

For the past seven years, millions of Intel PCs have been potentially vulnerable Intel have announced that there is a privilege escalation vulnerability in their Active Management Technology (AMT), Standard Manageability (ISM) and Small Business Technology (SBT) products. These products provide remote and out of band management capabilities to Intel based …

0-Day vulnerabilities in Apache Struts: a plague for companies?

In the last months, Apache Struts was afflicted by some serious 0-Day vulnerabilities, that allows remote code execution on unpatched hosts Every security expert trembles with fear when he reads “RCE” (Remote Code Execution) on a disclosure document, and read it often in a few months, especially when it concerns …

Phishing with Unicode Domains, an attack almost impossible to detect

The vulnerability affects Chrome, Firefox and Opera The security researcher Xudong Zheng has discovered a new technique for phishing attacks: using an homograph attack, Zheng discovers that is possible to display a fake domain names as the websites of legitimate services, like Apple, Google, or Amazon to steal login or financial …

CVE-2017–0199: the MS Office 0-day is already used to spread malware

However, Microsoft has pached the vulnerability, so…update! On unpatched systems, the vulnerability is triggered by opening a document that opens a download warning, followed by a download from a malicious server that sends a dangerous document: The document is a compiled HTML file with an embedded script: Word accepts and …

Smartphones using Broadcom Wi-Fi SOC can be hacked Over-the-Air

Security patch available only for Nexus & iOS A stack buffer overflow issue that affects all devices using Broadcom’s Wi-Fi stack was discovered by Google’s Project Zero researcher Gal Beniamini. The flaw affects Apple devices and also all android devices using Broadcom’s Wi-Fi stack: an attacker within the smartphone’s WiFi range …