st1nger :unverified: 🏴☠️ :linux: :freebsd:<p>An analysis of the NSO BLASTPASS <a href="https://infosec.exchange/tags/Apple" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Apple</span></a> <a href="https://infosec.exchange/tags/iOS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>iOS</span></a> <a href="https://infosec.exchange/tags/iMessage" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>iMessage</span></a> <a href="https://infosec.exchange/tags/exploit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>exploit</span></a> by Ian Beer, <a href="https://infosec.exchange/tags/Google" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Google</span></a> <a href="https://infosec.exchange/tags/ProjectZero" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ProjectZero</span></a> <a href="https://googleprojectzero.blogspot.com/2025/03/blasting-past-webp.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">googleprojectzero.blogspot.com</span><span class="invisible">/2025/03/blasting-past-webp.html</span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
mathstodon.xyz is one of the many independent Mastodon servers you can use to participate in the fediverse.
A Mastodon instance for maths people. We have LaTeX rendering in the web interface!
Administered by:
Server stats:
2.7Kactive users
mathstodon.xyz: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.7
#projectzero
0 posts · 0 participants · 0 posts today
gtbarry<p>Google Claims World First As AI Finds 0-Day Security Vulnerability</p><p>AI has discovered a previously unknown zero-day exploit in widely used real-world software. It’s the first example, according to Google’s Project Zero and DeepMind, the forces behind Big Sleep, the large language model-assisted vulnerability agent that spotted the vulnerability.</p><p><a href="https://mastodon.social/tags/Google" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Google</span></a> <a href="https://mastodon.social/tags/ProjectZero" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ProjectZero</span></a> <a href="https://mastodon.social/tags/DeepMind" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DeepMind</span></a> <a href="https://mastodon.social/tags/BigSleep" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BigSleep</span></a> <a href="https://mastodon.social/tags/ArtificialIntelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ArtificialIntelligence</span></a> <a href="https://mastodon.social/tags/AI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AI</span></a> <a href="https://mastodon.social/tags/LLM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LLM</span></a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://mastodon.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://mastodon.social/tags/zeroday" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>zeroday</span></a> <a href="https://mastodon.social/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hacking</span></a></p><p><a href="https://www.forbes.com/sites/daveywinder/2024/11/05/google-claims-world-first-as-ai-finds-0-day-security-vulnerability/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">forbes.com/sites/daveywinder/2</span><span class="invisible">024/11/05/google-claims-world-first-as-ai-finds-0-day-security-vulnerability/</span></a></p>
:verified: domenuk<p>Project Zero blog:<br>LLMs find 0days now! 👀</p><p>And: our fuzzer setup did <em>not</em> reproduce it!</p><p><a href="https://googleprojectzero.blogspot.com/2024/10/from-naptime-to-big-sleep.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">googleprojectzero.blogspot.com</span><span class="invisible">/2024/10/from-naptime-to-big-sleep.html</span></a></p><p><a href="https://infosec.exchange/tags/Bigsleep" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Bigsleep</span></a> <a href="https://infosec.exchange/tags/LLM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LLM</span></a> <a href="https://infosec.exchange/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a> <a href="https://infosec.exchange/tags/ProjectZero" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ProjectZero</span></a> <a href="https://infosec.exchange/tags/GoogleDeepmind" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GoogleDeepmind</span></a></p>
8Bit | :linux: :godot: | 🍶🦊<p>On the day I finally got the physical versions of Project Zero 4/5, I finish the third game. My first full playthrough after over 15 years since I first got that game.</p><p>And what a GREAT game in the series this was.</p><p>Coincidentally this now also concludes my replay of the entire series and that has fully re-ignited my love for it. Just... outstanding games. </p><p><a href="https://mastodon.gamedev.place/tags/ProjectZero" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ProjectZero</span></a> <a href="https://mastodon.gamedev.place/tags/FatalFrame" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FatalFrame</span></a></p>
8Bit | :linux: :godot: | 🍶🦊<p>Today my physical collection of Project Zero/Fatal Frame (main line) games has become complete.</p><p>I only owned Mask Of the Lunar Eclipse and Maiden Of Black Water digitally before, but thanks to Play Asia I got the physical releases. </p><p>I love this series so much, it's great to finally have all (*) of them on the shelf.</p><p>(* Except for Spirit Camera... I am still looking for a copy with reasonable price)</p><p><a href="https://mastodon.gamedev.place/tags/ProjectZero" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ProjectZero</span></a> <a href="https://mastodon.gamedev.place/tags/FatalFrame" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FatalFrame</span></a></p>
Gnomer<p>I’m looking for a feed that aggregates recent reverse engineering and vulnerability centric security writeups, like the ones posted by Google project zero. I know there are many different security firms and academics that post these kind of articles now and then, but I’m having a hard time with discovery as every news site or feed I find is focused on cybersecurity threats and CVEs, or simply just malware actor reports. </p><p>Does anyone have something that fits the bill?<br><a href="https://infosec.exchange/tags/reverseengineering" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>reverseengineering</span></a> <a href="https://infosec.exchange/tags/googleprojectzero" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>googleprojectzero</span></a> <a href="https://infosec.exchange/tags/projectzero" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>projectzero</span></a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vulnerability</span></a> <a href="https://infosec.exchange/tags/vulnerability_research" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vulnerability_research</span></a></p>
Philippe<p><span class="h-card" translate="no"><a href="https://ard.social/@tagesschau" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>tagesschau</span></a></span> <a href="https://hessen.social/tags/Wissing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Wissing</span></a> und der <a href="https://hessen.social/tags/fdp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fdp</span></a> ist die <a href="https://hessen.social/tags/Freiheit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Freiheit</span></a> wichtiger als <a href="https://hessen.social/tags/projectzero" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>projectzero</span></a> .</p>
CatSalad🐈🥗 (D.Burch) :blobcatrainbow:<p>Mateusz Jurczyk with Google Project Zero posted a nice two part blog post on their journey of auditing the Windows Registry...</p><p><strong>The Windows Registry Adventure</strong></p><p><strong>Part #1: Introduction and research results</strong><br>🔥<a href="https://googleprojectzero.blogspot.com/2024/04/the-windows-registry-adventure-1.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">googleprojectzero.blogspot.com</span><span class="invisible">/2024/04/the-windows-registry-adventure-1.html</span></a></p><p><strong>Part #2: A brief history of the feature</strong><br>🔥<a href="https://googleprojectzero.blogspot.com/2024/04/the-windows-registry-adventure-2.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">googleprojectzero.blogspot.com</span><span class="invisible">/2024/04/the-windows-registry-adventure-2.html</span></a></p><p><a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://infosec.exchange/tags/ProjectZero" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ProjectZero</span></a> <a href="https://infosec.exchange/tags/Windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Windows</span></a></p>
8Bit | :linux: :godot: | 🍶🦊<p>Got a lot of things to obsess over. My recent rekindled love with the <a href="https://mastodon.gamedev.place/tags/ProjectZero" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ProjectZero</span></a>/#FatalFrame series, my stupid little <a href="https://mastodon.gamedev.place/tags/Atari" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Atari</span></a> Gamestation Pro and now those excellent Toaplan <a href="https://mastodon.gamedev.place/tags/Arcade" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Arcade</span></a> ports.</p><p>How you all keep sane at my incessant ramblings about all of that, I have no idea, but I think you for it anyway. :)</p>
8Bit | :linux: :godot: | 🍶🦊<p>Finished Chapter 2 of <a href="https://mastodon.gamedev.place/tags/ProjectZero" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ProjectZero</span></a>/#Fatal Frame II - <a href="https://mastodon.gamedev.place/tags/Wii" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Wii</span></a> Edition (getting tired of always writing EU and US titles).</p><p>Oh boy I remember why I liked the game so much. Also getting better with the Wii controls - although I still wish the game would get a Remaster. I don't mind motion controls, but the lack of a second thumbstick is cumbersome. And the devs knew it. A lot of the ghosts are REALLY slow.</p>
Dan Goodin<p>Google has removed a video posted by academic researchers demonstrating how a newly discovered side channel in Apple's A- and M-series CPUs can be used to steal a password.</p><p>I thought for sure the removal was a mistake, but a Google representative told me the video was removed for violating a term of service barring "demonstrating how to use computers or information technology to steal credentials, compromise personal data, or cause serious harm to others."</p><p>The video, demonstrating important research by <span class="h-card" translate="no"><a href="https://infosec.exchange/@genkin" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>genkin</span></a></span>, <span class="h-card" translate="no"><a href="https://infosec.exchange/@YuvalYarom" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>YuvalYarom</span></a></span> , <span class="h-card" translate="no"><a href="https://birdsite.wilde.cloud/users/themadstephan" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>themadstephan</span></a></span> and jason kim, is here:</p><p><a href="https://onedrive.live.com/?authkey=%21AMTjzIS6XfV1jzg&id=8208800C17D803E6%211176&cid=8208800C17D803E6&parId=root&parQt=sharedby&o=OneUp" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">onedrive.live.com/?authkey=%21</span><span class="invisible">AMTjzIS6XfV1jzg&id=8208800C17D803E6%211176&cid=8208800C17D803E6&parId=root&parQt=sharedby&o=OneUp</span></a></p><p>Just to underscore how arbitrary and patently asinine Google's ToS enforcement is here, two additional videos the researchers posted demonstrating the same side channel remain available.</p><p>I wonder how researchers from <a href="https://infosec.exchange/tags/projectzero" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>projectzero</span></a> feel about this. Is there any chance any of them can intervene?</p>
Adrián 🎙️TERROR EN LÍNEA🎙️<p><a href="https://mastodon.social/tags/presentacion" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>presentacion</span></a> hola, soy Adrián. Soy profesor de Lengua y Literatura y también soy escritor.<br>He tenido la suerte de publicar varias novelas y ahora llevo un pódcast sobre videojuegos de terror llamado <a href="https://mastodon.social/tags/Terrorenlinea" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Terrorenlinea</span></a>. Me gusta la cultura en general y, dentro del ocio interactivo, cualquier videojuego de terror (<a href="https://mastodon.social/tags/residentevil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>residentevil</span></a> , <a href="https://mastodon.social/tags/condemned" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>condemned</span></a>, <a href="https://mastodon.social/tags/projectzero" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>projectzero</span></a>, <a href="https://mastodon.social/tags/silenthill" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>silenthill</span></a>, <a href="https://mastodon.social/tags/aloneinthedark" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>aloneinthedark</span></a>, etc) por supuesto, también <a href="https://mastodon.social/tags/tombraider" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tombraider</span></a> . Espero conocer a gente interesante. Un saludo!</p>
Marco Ivaldi<p>In mid-2022, <a href="https://infosec.exchange/tags/ProjectZero" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ProjectZero</span></a> was provided with access to pre-production hardware implementing the <a href="https://infosec.exchange/tags/ARM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ARM</span></a> <a href="https://infosec.exchange/tags/MTE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MTE</span></a> specification. This blog post series is based on that review, and includes general conclusions about the effectiveness of MTE as implemented, specifically in the context of preventing the <a href="https://infosec.exchange/tags/exploitation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>exploitation</span></a> of memory-safety <a href="https://infosec.exchange/tags/vulnerabilities" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vulnerabilities</span></a>.</p><p><a href="https://googleprojectzero.blogspot.com/2023/08/summary-mte-as-implemented.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">googleprojectzero.blogspot.com</span><span class="invisible">/2023/08/summary-mte-as-implemented.html</span></a></p>
Trush :gaming1_steam:<p>FATAL FRAME <br>Tecmo <br>Xbox<br>2002<br><a href="https://tkz.one/tags/Xbox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Xbox</span></a> <a href="https://tkz.one/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Microsoft</span></a> <a href="https://tkz.one/tags/Tecmo" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Tecmo</span></a> <a href="https://tkz.one/tags/fatalframe" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fatalframe</span></a> <a href="https://tkz.one/tags/ProjectZero" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ProjectZero</span></a> <a href="https://tkz.one/tags/retro" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>retro</span></a> <a href="https://tkz.one/tags/retrogames" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>retrogames</span></a> <a href="https://tkz.one/tags/RETROGAMING" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RETROGAMING</span></a></p>
Kevin Karhan :verified:<p><span class="h-card"><a href="https://infosec.exchange/@amuse" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>amuse</span></a></span> <span class="h-card"><a href="https://infosec.exchange/@k8em0" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>k8em0</span></a></span> Personally, I'm not a fan of "coordinated" vulnerability disclosure.</p><p>In fact I think that <a href="https://mstdn.social/tags/Google" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Google</span></a>'s <a href="https://mstdn.social/tags/ProjectZero" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ProjectZero</span></a> approach is more than graceful enough.</p><p>Big <a href="https://mstdn.social/tags/CCSS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CCSS</span></a> vendors like <a href="https://mstdn.social/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Microsoft</span></a> should be glad if someone chooses to look up the security.txt and contact them with details and not straight-up sell an exploit to <a href="https://mstdn.social/tags/Zerodium" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Zerodium</span></a> and other <a href="https://mstdn.social/tags/Govware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Govware</span></a> - <a href="https://mstdn.social/tags/Suppliers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Suppliers</span></a>, cuz those pay better and ask fewer questions.</p>
ITSEC News<p>Google Suspends Chinese E-Commerce App Pinduoduo Over Malware - Google says it has suspended the app for the Chinese e-commerce giant Pinduoduo af... <a href="https://krebsonsecurity.com/2023/03/google-suspends-chinese-e-commerce-app-pinduoduo-over-malware/" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">krebsonsecurity.com/2023/03/go</span><span class="invisible">ogle-suspends-chinese-e-commerce-app-pinduoduo-over-malware/</span></a> <a href="https://schleuss.online/tags/alittlesunshine" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>alittlesunshine</span></a> <a href="https://schleuss.online/tags/latestwarnings" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>latestwarnings</span></a> <a href="https://schleuss.online/tags/databreaches" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>databreaches</span></a> <a href="https://schleuss.online/tags/breachforums" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>breachforums</span></a> <a href="https://schleuss.online/tags/webfraud2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>webfraud2</span></a>.0 <a href="https://schleuss.online/tags/pddholdings" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pddholdings</span></a> <a href="https://schleuss.online/tags/projectzero" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>projectzero</span></a> <a href="https://schleuss.online/tags/liuhuafang" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>liuhuafang</span></a> <a href="https://schleuss.online/tags/bytedance" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bytedance</span></a> <a href="https://schleuss.online/tags/pinduoduo" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pinduoduo</span></a> <a href="https://schleuss.online/tags/darknavy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>darknavy</span></a> <a href="https://schleuss.online/tags/google" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>google</span></a> <a href="https://schleuss.online/tags/tiktok" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tiktok</span></a> <a href="https://schleuss.online/tags/weibo" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>weibo</span></a> <a href="https://schleuss.online/tags/temu" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>temu</span></a></p>
📡 RightToPrivacy & Tech Tips<p>Google's Project Zero Warns A "Phone Call" May Infect Android </p><p><a href="https://fosstodon.org/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Infosec</span></a> <a href="https://fosstodon.org/tags/News" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>News</span></a> <a href="https://fosstodon.org/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersecurity</span></a> <a href="https://fosstodon.org/tags/Google" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Google</span></a> <a href="https://fosstodon.org/tags/ProjectZero" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ProjectZero</span></a> <a href="https://fosstodon.org/tags/vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vulnerability</span></a> <a href="https://fosstodon.org/tags/exploit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>exploit</span></a> <a href="https://fosstodon.org/tags/modem" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>modem</span></a> <a href="https://fosstodon.org/tags/Exynos" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Exynos</span></a> <a href="https://fosstodon.org/tags/privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>privacy</span></a> <a href="https://fosstodon.org/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://fosstodon.org/tags/smartphone" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>smartphone</span></a> <a href="https://fosstodon.org/tags/android" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>android</span></a> </p><p><a href="https://arstechnica.com/information-technology/2023/03/critical-vulnerabilities-allow-some-android-phones-to-be-hacked/" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">arstechnica.com/information-te</span><span class="invisible">chnology/2023/03/critical-vulnerabilities-allow-some-android-phones-to-be-hacked/</span></a></p>
Tero Keski-Valkama<p><a href="https://rukii.net/tags/Google" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Google</span></a> tells users of some <a href="https://rukii.net/tags/Android" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Android</span></a> phones: Nuke voice calling to avoid infection | <a href="https://rukii.net/tags/ArsTechnica" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ArsTechnica</span></a></p><p>“Tests conducted by <a href="https://rukii.net/tags/ProjectZero" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ProjectZero</span></a> confirm that those four vulnerabilities allow an attacker to remotely compromise a phone at the baseband level with no user interaction, and require only that the attacker know the victim's phone number.<br>With limited additional research and development, we believe that skilled attackers would be able to quickly create an operational <a href="https://rukii.net/tags/exploit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>exploit</span></a> to <a href="https://rukii.net/tags/compromise" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>compromise</span></a> affected devices silently and remotely.”</p><p><a href="https://arstechnica.com/information-technology/2023/03/critical-vulnerabilities-allow-some-android-phones-to-be-hacked/" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">arstechnica.com/information-te</span><span class="invisible">chnology/2023/03/critical-vulnerabilities-allow-some-android-phones-to-be-hacked/</span></a></p>
Redhotcyber<p>4 RCE scoperte da Google sui chipset Exynos di Samsung. Per compromettere il dispositivo, basta il numero di telefono</p><p>Il team di <a href="https://mastodon.bida.im/tags/bug" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bug</span></a> <a href="https://mastodon.bida.im/tags/ProjectZero" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ProjectZero</span></a> di <a href="https://mastodon.bida.im/tags/Google" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Google</span></a> ha scoperto 18 <a href="https://mastodon.bida.im/tags/vulnerabilit%C3%A0" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vulnerabilità</span></a> 0-day nei chipset <a href="https://mastodon.bida.im/tags/Exynos" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Exynos</span></a> di <a href="https://mastodon.bida.im/tags/Samsung" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Samsung</span></a>, utilizzati nei più diffusi <a href="https://mastodon.bida.im/tags/smartphone" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>smartphone</span></a>, dispositivi indossabili e automobili.</p><p>I difetti di <a href="https://mastodon.bida.im/tags/sicurezza" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sicurezza</span></a> di Exynos sono stati segnalati tra la fine del 2022 e l’inizio del 2023. Alcuni di loro non sono stati aggiornati a dicembre 2022.</p><p>Secondo il capo di Project Zero, Tim Willis, l’unica informazione necessaria per compiere gli <a href="https://mastodon.bida.im/tags/attacchi" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>attacchi</span></a> è il numero di <a href="https://mastodon.bida.im/tags/telefono" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>telefono</span></a> della vittima. </p><p><a href="https://mastodon.bida.im/tags/redhotcyber" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>redhotcyber</span></a> <a href="https://mastodon.bida.im/tags/informationsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>informationsecurity</span></a> <a href="https://mastodon.bida.im/tags/ethicalhacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ethicalhacking</span></a> <a href="https://mastodon.bida.im/tags/dataprotection" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dataprotection</span></a> <a href="https://mastodon.bida.im/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hacking</span></a> <a href="https://mastodon.bida.im/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://mastodon.bida.im/tags/cybercrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybercrime</span></a> <a href="https://mastodon.bida.im/tags/cybersecurityawareness" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurityawareness</span></a> <a href="https://mastodon.bida.im/tags/cybersecuritytraining" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecuritytraining</span></a> <a href="https://mastodon.bida.im/tags/cybersecuritynews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecuritynews</span></a> <a href="https://mastodon.bida.im/tags/privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>privacy</span></a> <a href="https://mastodon.bida.im/tags/infosecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosecurity</span></a></p><p><a href="https://www.redhotcyber.com/post/4-rce-scoperte-da-google-sui-chipset-exynos-di-samsung-per-compromettere-il-dispositivo-basta-il-numero-di-telefono/" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">redhotcyber.com/post/4-rce-sco</span><span class="invisible">perte-da-google-sui-chipset-exynos-di-samsung-per-compromettere-il-dispositivo-basta-il-numero-di-telefono/</span></a></p>
happygeek :unverified: + :verified: = $0<p>New by me at Forbes: The security research supremos over at Project Zero have uncovered no less than 18 zero-days impacting the Samsung Exynos modem chipset. That's bad right? Even worse, four of them, including CVE-2023-24033, enable internat-to-baseband level remote code execution. Silently and with zero user interaction. That's *really* bad.</p><p>Even worse, yeah, sorry, these were disclosed to Samsung more than 90 days ago, and no public patch is available yet - hence the Project Zero disclosure now.</p><p>Recommendations for affected users awaiting patches (Google Pixel 6 and 7 series were impacted but patched in the March security update) are advised to disable both Wi-Fi calling and VoLTE as a matter of urgency.</p><p><a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/samsung" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>samsung</span></a> <a href="https://infosec.exchange/tags/google" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>google</span></a> <a href="https://infosec.exchange/tags/projectzero" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>projectzero</span></a> <a href="https://infosec.exchange/tags/zeroday" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>zeroday</span></a> <a href="https://infosec.exchange/tags/tech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tech</span></a> <a href="https://infosec.exchange/tags/news" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>news</span></a> </p><p><a href="https://www.forbes.com/sites/daveywinder/2023/03/17/new-samsung-0-click-security-threat-alert-disable-wi-fi-calling-now/" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">forbes.com/sites/daveywinder/2</span><span class="invisible">023/03/17/new-samsung-0-click-security-threat-alert-disable-wi-fi-calling-now/</span></a></p>
SearchLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload