Trend Micro’s Zero Day Initiative (ZDI) has announced the targets and prizes for its next Pwn2Own hacking competition, as well as the introduction of a new category that aims to simulate a real world home office environment.
LastPass Says Source Code Stolen in Data Breach
Password management software firm LastPass has suffered a data breach that led to the theft of source code and proprietary technical information.
Apple Patches New macOS, iOS Zero-Days
Apple on Wednesday rolled out emergency patches for a pair of already exploited zero-day vulnerabilities in its flagship macOS and iOS platforms.
Apple confirmed in-the-wild exploitation of the vulnerabilities in separate advisories warning about code execution flaws in fully patched iPhone, iPad and macOS devices.
Google Introduces DNS-over-HTTP/3 in Android
Google this week announced the rollout of DNS-over-HTTP/3 (DoH3) for Android 11 and newer devices.
An encrypted DNS protocol, DoH3 is expected to provide performance and safety improvements compared to alternatives, mainly through the QUIC transport layer network protocol.
Adobe Plugs 46 Security Flaws on Patch Tuesday
Adobe’s security response team has pushed out a massive batch of patches to cover at least 46 vulnerabilities in a wide range of enterprise-facing software products.
As part of its scheduled Patch Tuesday release for June, Adobe warned of “critical” code execution flaws that expose both Windows and macOS users to malicious hacker attacks.
Researchers: Wi-Fi Probe Requests Expose User Data
A group of academic researchers from the University of Hamburg in Germany has discovered that mobile devices leak identifying information about their owners via Wi-Fi probe requests.
Mobile devices use these probe requests to receive information about nearby Wi-Fi access points and establish connections to them when a probe response is received.
Researcher Shows How Tesla Key Card Feature Can Be Abused to Steal Cars
A researcher has shown how a key card feature introduced by Tesla last year could be abused to add an unauthorized key that allows an attacker to open and start a vehicle.
The research was conducted by Martin Herfurt, an Austria-based member of the Trifinite research group, which focuses on Bluetooth security.
Millions of Budget Smartphones With UNISOC Chips Vulnerable to Remote DoS Attacks
Millions of budget smartphones that use UNISOC chipsets could have their communications remotely disrupted by hackers due to a critical vulnerability discovered recently by researchers at cybersecurity firm Check Point.
Microsoft Finds Major Security Flaws in Pre-Installed Android Apps
Bug hunters at Microsoft are calling attention to several high-severity vulnerabilities in a mobile framework used in pre-installed Android System apps, warning that exploitation could have allowed the implantation of a persistent backdoor on Android devices.
Researchers Devise New Type of Bluetooth LE Relay Attacks
Security researchers at NCC Group have created a new tool capable of launching a new type of Bluetooth Low Energy (BLE) relay attack that bypasses existing protections and mitigations.