Google warns of system-controlling Chrome bug

Google is patching a serious bug in the desktop version of its Chrome browser that could let an attacker take over a computer simply by luring them to a website.

Source: Google warns of system-controlling Chrome bug

Advertisements

Google Uncovers How Just Visiting Some Sites Were Secretly Hacking iPhones For Years

Beware Apple users! Your iPhone can be hacked just by visiting an innocent-looking website, confirms a terrifying report Google researchers released earlier today.

The story goes back to a widespread iPhone hacking campaign that cybersecurity researchers from Google’s Project Zero discovered earlier this year in the wild, involving at least five unique iPhone exploit chains capable of remotely jailbreaking an iPhone and implanting spyware on it.

Source: Google Uncovers How Just Visiting Some Sites Were Secretly Hacking iPhones For Years

MIT Boffins Create NanoTube RISC Processor

Those scientists at MIT have been very busy bees. With the world burning around us, they thought we’d need new technology to speed up the destruction. They’ve brought it to us in the form of a shiny new microprocessor.

The difference with this one is instead of using traditional silicone to create the transistors that make up the logic gates, they have used carbon nanotubes.

The nanotubes are small, which means miniaturisation of this type of processor can continue, a factor which is limiting current microprocessor design.

However, as the article goes on to explain, this design isn’t without its own implementation issues.

This is a fascinating insight into the potential future of microprocessors and well worth a read.

Source: 16-bit RISC-V processor made with carbon nanotubes

Threat Roundup for August 9 to August 16

Talos is publishing a glimpse into the most prevalent threats we’ve observed between Aug. 9 and Aug. 16. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioural characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats.

Source: Threat Roundup for August 9 to August 16

Python Tool Leveraging Rapid7’s Open Data OSINT Dataset

Over on James Sawyer’s github repos you’ll find a neat set of Python utilities that leverage the Rapid7 OSINT dataset.

The Rapid7 Open Data set is a collection of Open Source Intelligence data feeds collected via their project SONAR research. This provide forward and reverse DNS records, similar to PassiveTotal or OpenDNS, HTTP and HTTPS GET responses, SSL Certificate data, UDP and TCP scans and other data.

These can be used to bolster any threat intelligence offering.

For further details see James’ site.

Sploitus.com: Exploit Search Database

BoOom

Anton Lopanitsyn, a security research using the moniker Bo0om, has provided an exploit database search facility which is called sploitus.com. It seems to be receive fairly up to date exploit data.

Anton seems to be quiet at the moment, but you can catch up with his exploits on his blog and via twitter. He also publishes various code experiments and exploits on his github pages, with a particularly useful looking fuzzing repo which you could use in OWASP ZAP, BURP Suite or similar.