Security Alerts & News
by Tymoteusz A. Góral

#1774 One bit to rule a system: analyzing CVE-2016-7255 exploit in the wild
Recently, Google researchers discovered a local privilege escalation vulnerability in Windows which was being used in zero-day attacks, including those carried out by the Pawn Storm espionage group. Microsoft was able to release a patch by the next Patch Tuesday, November 8. This entry provides a complete analysis of the vulnerability based on samples acquired in the wild.

This is an easily exploitable vulnerability which can be found in all supported versions of Windows, from Windows 7 to Windows 10. The exploit code we’ve seen in the wild only affects 64-bit versions of Windows, although both 32- and 64-bit versions have the underlying flaw. Let us examine this vulnerability in some detail to understand the techniques used by the attacker. By changing one bit, the attacker can elevate the privileges of a thread, giving administrator access to a process that would not have it under normal circumstances.
Read more
#1775 New large-scale DDoS attacks follow schedule
#1774 One bit to rule a system: analyzing CVE-2016-7255 exploit in the wild
#1773 Exploit company exodus sold Firefox zero-day earlier this year
#1772 Bypassing CSP using polyglot JPEG
#1771 A beginner’s guide to beefing up your privacy and security online
#1770 New SmsSecurity variant roots phones, abuses accessibility features and TeamViewer
#1769 Google fixes 12 high-severity flaws In Chrome browser
#1768 Buffer overflow exploit can bypass Activation Lock on iPads running iOS 10.1.1
#1767 Amazon offers DDoS protection with Shield
#1766 Fake Apple chargers fail safety tests
#1765 Analysis of multiple vulnerabilities in AirDroid
#1764 UK's new Snoopers' Charter just passed an encryption backdoor law by the backdoor
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12