Equifax Settlement, Android Video File Exploit, Encryption Backdoors Security Boulevard
This is your Shared Security Weekly Blaze for July 29th 2019 with your host, Tom Eston. In this week’s episode: Details on the Equifax breach settlement, why …
Enlarge / The fox animoji. (credit: Samuel Axon)
Hackers exploited a pair of potent zero-day vulnerabilities in Firefox to infect Mac users with a largely undetected backdoor, according to accounts pieced together from multiple people.
Mozilla released an update on Tuesday that fixed a code-execution vulnerability in a JavaScript programming method known as Array.pop. On Thursday, Mozilla issued a second patch fixing a privilege-escalation flaw that allowed code to break out of a security sandbox that Firefox uses to prevent untrusted content from interacting with sensitive parts of a computer operating system. Interestingly, a researcher at Google’s Project Zero had privately reported the code-execution flaw to Mozilla in mid April.
On Monday, as Mozilla was readying a fix for the array.pop flaw, unknown hackers deployed an attack that combined working exploits for both vulnerabilities. The hackers then used the attack against employees of Coinbase, according to Philip Martin, chief information security officer for the digital currency exchange.
Read 12 remaining paragraphs | Comments
Hackers Hijacked ASUS Software Updates to Install Backdoors on Thousands of Computers Motherboard
Researchers at cybersecurity firm Kaspersky Lab say that ASUS, one of the world’s largest computer makers, was used to unwittingly install a malicious …
Google’s Project Zero released a proof-of-concept attack against a Wi-Fi firmware vulnerability in Broadcom chips that backdoors the iPhone 7. The flaw was patched in iOS 11.
Threatpost | The first stop for security news