Google has started automatically blocking emails sent by bulk senders who don’t meet stricter spam thresholds and authenticate their messages as required by new guidelines to strengthen defenses against spam and phishing attacks. As announced in October, the company now requires those ...
A premium WordPress plugin named LayerSlider, used in over one million sites, is vulnerable to unauthenticated SQL injection, requiring admins to prioritize applying security updates for the plugin. LayerSlider is a versatile tool for creating responsive sliders, image galleries, and ...
By Mark Brand, Google Project Zero Introduction It’s finally time for me to fulfill a long-standing promise. Since I first heard about ARM’s Memory Tagging Extensions, I’ve said (to far too many people at this point to be able to back ...
By Ian Beer A graph representation of the sandbox escape NSExpression payload In April this year Google’s Threat Analysis Group, in collaboration with Amnesty International, discovered an in-the-wild iPhone zero-day exploit chain being used in targeted attacks delivered via malicious ...
By Seth Jenkins, Project Zero Introduction In December 2022, Google’s Threat Analysis Group (TAG) discovered an in-the-wild exploit chain targeting Samsung Android devices. TAG’s blog post covers the targeting and the actor behind the campaign. This is a technical analysis ...
By Mark Brand, Project Zero Background In 2018, in the v8.5a version of the ARM architecture, ARM proposed a hardware implementation of tagged memory, referred to as MTE (Memory Tagging Extensions). In Part 1 we discussed testing the technical (and implementation) limitations ...
By Mark Brand, Project Zero Background In 2018, in the v8.5a version of the ARM architecture, ARM proposed a hardware implementation of tagged memory, referred to as MTE (Memory Tagging Extensions). Through mid-2022 and early 2023, Project Zero had access to ...
Citrix today released patches for multiple new security vulnerabilities affecting its Citrix Endpoint Management (CEM), also known as XenMobile, a product made for enterprises to help companies manage and secure their employees’ mobile devices remotely. Citrix Endpoint Management offers businesses ...
If you haven’t recently updated your Chrome, Opera, or Edge web browser to the latest available version, it would be an excellent idea to do so as quickly as possible. Cybersecurity researchers on Monday disclosed details about a zero-day flaw ...
A security researcher earlier today publicly revealed details and proof-of-concept exploit code for an unpatched, critical zero-day remote code execution vulnerability affecting the widely used internet forum software vBulletin that’s already under active exploitation in the wild. vBulletin is a ...
If you are using TeamViewer, then beware and make sure you’re running the latest version of the popular remote desktop connection software for Windows. TeamViewer team recently released a new version of its software that includes a patch for a ...
Popular video conferencing app Zoom has addressed several security vulnerabilities, two of which affect its Linux client that could have allowed an attacker with access to a compromised system to read and exfiltrate Zoom user data—and even run stealthy malware ...
A United States regulator has fined the credit card provider Capital One Financial Corp with $80 million over last year’s data breach that exposed the personal information of more than 100 million credit card applicants of Americans. The fine was ...
Cybersecurity researchers today highlighted an evasive phishing technique that attackers are exploiting in the wild to target visitors of several sites with a quirk in domain names, and leverage modified favicons to inject e-skimmers and steal payment card information covertly. ...
For much of this year, IT professionals all over the globe have had their hands full, finding ways to help businesses cope with the fallout of the coronavirus (COVID-19) pandemic. In many cases, it involved a rapid rollout of significant ...