Broadcom WiFi Driver bugs expose devices to hack

Experts warn of security flaws in the Broadcom WiFi chipset drivers that could allow potential attackers to remotely execute arbitrary code and to trigger DoS. According to a DHS/CISA alert and a CERT/CC vulnerability note, Broadcom WiFi chipset drivers are affected by security vulnerabilities impacting multiple operating systems. The flaws could be exploited to remotely execute arbitrary […]

Continue Reading

Facebook ‘unintentionally’ collected contacts from 1.5 Million email accounts without permission

Facebook made the headlines once again for alleged violations of the privacy of its users, this time collecting contacts from 1.5 Million email accounts without permission. New problems for Facebook, the company collected contacts from 1.5 Million email accounts without user’permission. We recently read about an embarrassing incident involving the social network giant that asked […]

Continue Reading

APT28 and Upcoming Elections: evidence of possible interference (Part II)

In mid-March, a suspicious Office document referencing the Ukraine elections appeared in the wild, is it related to APT28 and upcoming elections? Introduction The uncertain attribution of the Ukrainian themed malicious document discussed in our past article “APT28 and Upcoming Elections: Possible Interference Signals”, led us to a review of Sofacy’s phishing techniques to confirm or […]

Continue Reading

Code execution – Evernote

A local file path traversal issue exists in Evernote 7.9 for macOS which allows an attacker to execute arbitrary programs. Technical observation:A crafted URI can be used in a note to perform this attack using file:/// as an argument or by traversing to any directory like(../../../../something.app). Since Evernote also has a feature of sharing notes, in such a […]

Continue Reading