exploit

The Department of Homeland Security (DHS) has issued a cybersecurity warning that documents vulnerabilities in the Medtronic Conexus Radio Frequency Telemetry Protocol. Medtronic makes cardio-defibrillators that are planted into a patient's chest and can be read and programmed by trained medical...

According to a recent post on David Sopas' security blog, the very popular, and very cheap, Logitech M185 is vulnerable to a keystroke injection attack. Using a recent version of the "Bettercap" hacking toolkit and a 2.4ghz USB dongle, the security researcher used the mouse to open a script...

Apple has released iOS 12.1.4 and it fixes two zero-day exploits that had been abused by hackers. According to Google Project Zero team lead, Ben Hawkes, "CVE-2019-7286 and CVE-2019-7287 were exploited in the wild as 0day." CVE-2019-7286 allowed hackers to gain elevated privileges by using a...

A security researcher from Tenable Research discovered a hardcoded backdoor in the 3.1.190 PremiSys IDenticard system that "allows attackers to add new users to the badge system, modify existing users, delete users, assign permission, and pretty much any other administrative function." Security...

Eurogamer says that some enterprising Fallout 76 players managed to glitch their way into a "developer room" with high tier and unreleased items. While the exploit is just now going public, Eurogamer's sources say that the exploit has been circulating around Discord servers for several weeks...

Microsoft has released an emergency security update to patch an actively exploited vulnerability in Internet Explorer. CVE-2018-8653 addresses a remote code execution vulnerability caused by the way the scripting engine handles objects in Internet Explorer. The exploit corrupts memory in such as...

TYR on YouTube has created a guide to flying in Fallout 76. The exploit just requires that the player has mutations and perks that are easily found in the game. Fallout 76 - *Flying* Mutation Exploit Tutorial - (No Jetpack Needed) - OP Exploit. Yes... you read that title correct.... G'day guys...

PortSmash is a new hardware level side channel exploit that leaks encrypted data from a computer's memory or CPU. Scientists can use multiple ways to record and analyze the data to break encryption algorithms and recover the CPU's data. Researchers from Tampere University of Technology in...

For the past 3 years, Google has been paying top researchers for submitting vulnerability reports about flaws and bugs in the Android ecosystem. Recently the Android Security Rewards (ASR) just exceeded the $3 million mark in rewards to researchers. This year alone 470 qualifying vulnerability...

Remember our coverage of Spectre? Well researchers at the Graz University of Technology have a working model of how to read arbitrary memory over a network called NetSpectre. NetSpectre attacks have been shown to work over LAN and Google Cloud. The computers being attacked do not need to run...

The folks from Imperva have found a new cryptomining bug out in the wild that targets database servers and application servers. What's unique about this thing is it's worm-like behavior and creation using NSA exploits that were leaked into the wild. This sucker shouldn't be able to mess with...

When this flaw came about we were still freaking out about Y2K ending the world. Well, Y2K turned out to be about as bad as the new ice age in the 70's. But unlike the new North American Ice Age, Global Warming, Polar Ice Cap Destruction, and Global Warming, Microsoft has actually fixed this...

Specter released a PS4 4.05 kernel exploit to GitHub today and stated it will allow jailbreaking and kernel-level modification to the PS4 system. However, they are not providing code that allows for homebrew or pirating games. With that said, I'm sure others will be more than willing to...

I guess the NSA is the gift that keeps on giving. It appears that the Bad Rabbit ransomware that hit over 200 major organizations this week, primarily in Russia and the Ukraine does indeed use the EternalRomance exploit that leaked out of the NSA. Disable your WMI service to prevent the...

I know we have a lot of HardOCP readers that use Linux systems at home, and if you use the Samba networking utility, now is the time to pay attention. A newly found flaw in widely used networking software leaves tens of thousands of computers potentially vulnerable to an attack similar to that...

Apparently CIA's archive of tools used to compromise targeted systems was recently circulated in an unauthorized manner among former CIA contractors and hackers, one or more of which provided the information to Wikileaks. This leak outlines how CIA has been able to compromise platforms like...

As we have reported on in the past, the FBI has successfully compromised TOR, the service used to anonymously browse the internet, and access the so-called "dark net." As part of the case against one of the suspects arrested on child pr0n charges in 2015, a Judge ordered the DOJ to disclose the...

How about that. In a world where Microsoft puts off a patch Tuesday in February with known 0-day exploits in the wild, a new Linux exploit has been discovered, and fixed in Git a week before it was announced giving distribution managers time to patch it in their repositories. You have to...