Pierluigi Paganini November 03, 2021
Google fixes actively exploited Zero-Day Kernel flaw in Android

Google’s Android November 2021 security updates address a zero-day vulnerability in the Kernel that is actively exploited in the wild. Google’s Android November 2021 security updates addressed 18 vulnerabilities in the framework and system components and 18 issues in the kernel and vendor components. One of these issues, tracked as CVE-2021-1048, is a use-after-free (UAF) vulnerability […]

Pierluigi Paganini September 27, 2017
ZNIU, the first Android malware family to exploit the Dirty COW vulnerability

Security experts at Trend Micro have recently spotted a new strain of Android malware, dubbed ZNIU, that exploits the Dirty COW Linux kernel vulnerability. The Dirty COW vulnerability was discovered by the security expert Phil Oester in October 2016, it could be exploited by a local attacker to escalate privileges. The name ‘Dirty COW’ is due to the fact that it’s […]

Pierluigi Paganini September 09, 2017
Microsoft confirmed it won’t fix kernel issue that could be exploited to evade antivirus

A design flaw within the Windows kernel could be exploited by attackers to evade antivirus and stop them from recognizing malware. A design flaw within the Windows kernel is the root cause for antivirus stopping from recognizing malware, and the bad news is that Microsoft won’t fix it because the tech giant doesn’t consider it as a […]

Pierluigi Paganini August 28, 2017
Zimperium researcher released an iOS Kernel Exploit PoC

Zimperium Researcher Adam Donenfeld released an iOS Kernel Exploit PoC that can be used to gain full control of iOS mobile devices. Researcher Adam Donenfeld of mobile security firm Zimperium published a Proof-of-concept (PoC) for recently patched iOS vulnerabilities that can be chained to gain full control of iOS mobile devices. The expert called the PoC […]

Pierluigi Paganini November 15, 2016
CVE-2016-7461 code execution flaw affects VMware Workstation

VMware has patched a critical out-of-bounds memory access vulnerability, tracked as CVE-2016-7461, affecting its Workstation and Fusion products. The flaw, that resides in the affects the drag-and-drop function, can be exploited by attackers to execute arbitrary code on the host operating system running Fusion or Workstation. The security vulnerability affects Workstation Player and Pro 12.x, and […]

Pierluigi Paganini May 20, 2015
Millions of Routers open to attack due to a NetUSB flaw

A simple vulnerability has been uncovered in the NetUSB component, millions of modern routers and other IoT devices are exposed to the risk of cyber attacks The security expert Stefan Viehbock from SEC Consult Vulnerability Lab has reported a critical vulnerability (CVE-2015-3036) that potentially affects millions of routers and Internet of Things devices using the KCodes […]