Trip and Honey discuss tech like no one else

Private Israeli spyware used

Update now! Chrome fix patches in-the-wild zero-day

About the security content of iOS 14.8 and iPadOS 14.8

New Mēris botnet breaks DDoS record with 21.8 million RPS attack

Microsoft fixes bug letting hackers take over Azure containers

Episode 3

Trip and Honey discuss tech like no one else Join our community!! Subscribe to the Insecurity Brief podcast now on every platform we can find Follow us on Twitter @HoneyBeez0x @trip_elix 

links

Youtube : https://www.youtube.com/watch?v=P6UpwSVD5BY

Itunes: https://podcasts.apple.com/us/podcast/millions-of-wifi-devices-made-vulnerable-from-realteks-sdk/id1583788677?i=1000535386017

Soundcloud: https://soundcloud.com/user-841713900/episode-3the-insecurity-brief-millions-of-wifi-devices-made-vulnerable-from-realteks-sdk

Spotify : https://open.spotify.com/episode/6VBqEZYiwtYdRhS7iYqBoN

Trip’s books https://www.tripelix.com/merch 

Honey’s books https://beedefense.net  

#realtek #Talos #zeroday #wifi # Bladehawk #android #facebook

Taiwanese chip designer Realtek is warning of four security vulnerabilities in three software development kits (SDKs) accompanying its WiFi modules, which are used in almost 200 IoT devices made by at least 65 vendors https://thehackernews.com/2021/08/multiple-flaws-affecting-realtek-wi-fi.html threatpost.comMultiple Flaws Affecting Realtek Wi-Fi SDKs Impact Nearly a Million IoT Devices

Talos release protection against zero-day vulnerability in Microsoft MSHTML

BladeHawk group: Android espionage against Kurdish ethnic group

Protronmail logs IP Addresses for French government targeting activists

The attacker returned the loot after being offered a gig as chief security advisor with Poly Network.

ProtonMail Logs Activist’s IP Address With Authorities After Swiss Court OrderEnd-to-end encrypted email service provider ProtonMail has drawn criticism after it ceded to a legal request and shared the IP address of anti-gentrification activists with law enforcement authorities, leading to their arrests in France.

Episode 1

Windows Easily hacked by simply plugging in a mouse or keyboard

Razer is a very popular computer peripherals manufacturer known for its gaming mice and keyboards.  A Razer Synapse zero-day vulnerability has been disclosed on Twitter, allowing you to gain Windows admin privileges simply by plugging in a Razer mouse or keyboard.

Trip and Honey discuss tech like no one else 

Join our community!!

Subscribe to the Insecurity Brief podcast now on every platform we can find

Follow us on Twitter

@HoneyBeez0x

@trip_elix

link to the apt names

https://docs.google.com/spreadsheets/d/1H9_xaxQHpWaa4O_Son4Gx0YOIzlcBWMsdvePFX68EKU/htmlview#

Links

Our Website:

https://www.tripelix.com/insecurity/windows-easily-hacked-by-simply-plugging-in-a-mouse-or-keyboard/

Youtube:

https://youtu.be/8Np8QKw7koI

iTunes:

https://podcasts.apple.com/us/podcast/windows-easily-hacked-by-simply-plugging-in-a-mouse/id1583788677?i=1000535137047

Spotify:

https://open.spotify.com/episode/0zaxX9x9ZpLQj9H3NJOnsD

Trip’s books

https://www.tripelix.com/merch

Honey’s books

https://beedefense.net

 #windows #hack #zeroday #keyboard #mouse #usb #exploit

Razer bug lets you become a Windows 10 admin by plugging in a mouse

A Razer Synapse zero-day vulnerability has been disclosed on Twitter, allowing you to gain Windows admin privileges simply by plugging in a Razer mouse or keyboard.

https://www.bleepingcomputer.com/news/security/razer-bug-lets-you-become-a-windows-10-admin-by-plugging-in-a-mouse/

bleepingcomputer.com

The SideWalk may be as dangerous as the CROSSWALK

SideWalk is a modular backdoor that can dynamically load additional modules sent from its C&C server, makes use of Google Docs as a dead drop resolver, and uses Cloudflare workers as a C&C server. It can also properly handle communication behind a proxy.

https://www.welivesecurity.com/2021/08/24/sidewalk-may-be-as-dangerous-as-crosswalk/

welivesecurity.com

New 0-Day Attack Targeting Windows Users With Microsoft Office Documents

Microsoft on Tuesday warned of an actively exploited zero-day flaw impacting Internet Explorer that’s being used to hijack vulnerable Windows systems by leveraging weaponized Office documents.

https://thehackernews.com/2021/09/new-0-day-attack-targeting-windows.html

thehackernews.com

This is a test episode