Proprietary Software Leftovers
Redaction Failure Shows Grayshift Is Swearing Cops To Secrecy About Its Phone-Cracking Tech
Law enforcement loves its new tech advances. It also hates to talk about them, operating under the assumption that the business of serving the public isn't the public's business. When pressed, officials will say something about staying one step ahead of criminals. But more often the opacity is nothing more than antagonism directed at people who expect transparency from those cashing publicly funded paychecks.
LockBit 2.0 Ransomware Proliferates Globally
The LockBit ransomware-as-a-service (RaaS) gang has ramped up its targeted attacks, researchers said, with attempts against organizations in Chile, Italy, Taiwan and the U.K. using version 2.0 of its malware.
Attacks in July and August have employed LockBit 2.0, according to a Trend Micro analysis released on Monday, featuring a souped-up encryption method.
Top researcher slams Microsoft over 'astonishingly bad' security advisories
A well-known security researcher has slammed Microsoft for its "astonishingly bad" security advisories, pointing to the wording in a TCP/IP remote code execution vulnerability released on 10 August this year as an example.
BlackBerry software flaw could impact cars, medical devices - U.S. agencies
The warning came after the Canadian company disclosed that its QNX Real Time Operating System has a vulnerability that could allow an attacker to execute an arbitrary code or flood a server with traffic until it crashes or gets paralyzed.
The software is used by automakers including Volkswagen, BMW and Ford Motor in many critical functions including the Advanced Driver Assistance System.
today's howtos
Games: Virtual Reality, AMD, and Among Us
Realtek AP-Router SDK vulnerabilities could impact millions of routers and IoT devices
The IoT Inspector Research Lab has discovered four high and critical vulnerabilities in the Realtek AP-Router “Jungle” SDK used for RTL819x SoCs that could impact millions of WiFi routers and dongles. An attacker can use a network attack, e.g. without physical access to the device, to generate a buffer or stack overflow helping him access the system and execute his own code. Realtek has released an advisory (PDF) with patchsets for all four vulnerabilities so you should upgrade the firmware if you can.
