Cyber security news for all

More

    Identified bugs in the USB driver stack are security risks for users

    Security researchers have discovered a few programming errors in USB drivers. Many of them concern different Linux kernel versions; some of these Linux bugs were given CVE numbers due to the high security risks they pose. Other bugs affect Windowsv10.

    There is therefore no acute need for users to take action more. That could change, because from the researchers perspective, security-related problems continue to exist, at least for Microsoft. Experts are in contact with both companies to initiate a CVE assignment for the problems found. During the corona virus pandemic, they received little feedback from the companies. The freshly published white paper on the research findings at least shows that two of the macOS bugs could lead to an unplanned reboot and the others could freeze the system. It remains unclear whether, how and with what effort exploits are possible.

    Fuzzing tools, are applications that security researchers use to generate large amounts of invalid or random data for input to other programs. They then examine the reaction of the tested software to the inputs in order to find errors that can possibly be exploited for hacker attacks. USBFuzz is specifically designed for USB drivers. First and foremost, USBFuzz uses a device emulated by software to pass on random device data to the driver. Since the emulated USB device works at device level, transferring it to other platforms is very easy.At its core, USBFuzz uses a software emulated USB device to send drivers random device data.

    Information Passed On To Developers

    Users want to reduce the burden on the kernel developers when fixing the reported vulnerabilities. Some of these errors have been corrected. They were classified as safety relevant.

    Recent Articles

    Cyber threats become more dangerous to secure the digitization

    The pandemic has provided a boost to digital world. But now it is important to secure it. Examples of developments in the pandemic are...

    Sopra Steria was encrypted with Ryuk ransomware

    Last week, there was a successful ransomware on the servers of the French provider Sopra Steria. In an extremely brief statement, the company only...

    Emotet takes unusual approaches and loads new malware

    Even those who are not concerned with the security have mostly heard of Emotet. The malware has been up to mischief for several years,...

    Cyber criminals could exploit the Oracle network

    The software manufacturer Oracle network only holds its updates every three months. Oracle speaks of security gaps - Due to the extensive product range...

    Unauthorized access at Scalable Capital

    There has apparently been unauthorized access to individual data at Scalable Capital. The company informed its customers about the incident by mail yesterday, referring...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox