Google will pay $1.5 million for the most severe Android exploits

New Line Cinema Google will pay up to $1.5 million for the most severe hacks of its Pixel line of Android phones, a more than seven-fold increase over the previous top Android reward, the company said. Effective immediately, Google will pay $1 million for a “full chain remote code execution exploit with persistence which compromises
Complete Reading

Recent in-the-wild attacks on the critical Bluekeep vulnerability in many versions of Windows aren’t just affecting unpatched machines. It turns out the exploits—which repurpose the September release from the Metasploit framework—are also causing many patched machines to crash. Late last week, Windows users learned why: a separate patch Microsoft released 20 months ago for the
Complete Reading

Jérôme Segura Scammers are actively exploiting a bug in Firefox that causes the browser to lock up after displaying a message warning the computer is running a pirated version of Windows that has been hacked. The message, which appears without any user interaction upon visiting a site, reads: Please stop and do not close the
Complete Reading

Facebook and its WhatsApp messenger division on Tuesday sued Israel-based spyware maker NSO Group. This is an unprecedented legal action that takes aim at the unregulated industry that sells sophisticated malware services to governments around the world. NSO vigorously denied the allegations. Over an 11-day span in late April and early May, the suit alleges,
Complete Reading

A potentially serious vulnerability in Linux may make it possible for nearby devices to use Wi-Fi signals to crash or fully compromise vulnerable machines, a security researcher said. The flaw is located in the RTLWIFI driver, which is used to support Realtek Wi-Fi cards in Linux devices. The vulnerability triggers a buffer overflow in the
Complete Reading

Google is temporarily increasing the rewards it pays for hacks that exploit holes in a beefed-up security protection that debuted in desktop versions of Chrome last month. Chrome for Android, meanwhile, is receiving a slimmed-down version of the same protection. For a limited time, Google will boost its normal bounty amounts for exploits that allow
Complete Reading

Mobile phones of two prominent human rights activists were repeatedly targeted with Pegasus, the highly advanced spyware made by Israel-based NSO, researchers from Amnesty International reported this week. The Moroccan human rights defenders received SMS text messages containing links to malicious sites. If clicked, the sites would attempt to install Pegasus, which as reported here
Complete Reading

Attackers exploited a zeroday vulnerability in Apple’s iTunes and iCloud programs to infect Windows computers with ransomware without triggering antivirus protections, researchers from Morphisec reported on Thursday. Apple patched the vulnerability earlier this week. The vulnerability resided in the Bonjour component that both iTunes and iCloud for Windows relies on, according to a blog post.
Complete Reading

Attackers are exploiting a critical vulnerability in Google’s Android mobile operating system that can give them full control of at least 18 different phone models, including four different Pixel models, a member of Google’s Project Zero research group said on Thursday night. There’s evidence the vulnerability is being actively exploited, either by exploit developer NSO
Complete Reading

Enlarge / Artist’s impression of a malicious hacker coding up a BlueKeep-based exploit. Attackers have bombarded the Internet with more than 1 billion malicious ads in less than two months. The attackers targeted iOS and macOS users with what were zero-day vulnerabilities in Chrome and Safari browsers that were recently patched, researchers said on Monday.
Complete Reading

Create Account



Log In Your Account