Amazon fixes security flaws allowing smart home hijacks

Some smart home device owners may have dodged a bullet. Amazon recently patched 13 security flaws in an operating system for the Internet of Things, FreeRTOS, as well as Amazon Web Services connection modules. The holes let intruders crash devices,...

MIT finds a smarter way to fight Spectre-style CPU attacks

Many companies have developed patches to mitigate Meltdown- and Spectre-like speculative memory attacks. However, they can come with compromises: they can leave major gaps and still slow down your system. MIT researchers may have a better way. They'v...

WhatsApp fixes video call exploit that allowed account hijacks

WhatsApp owners may have just dodged a bullet. The messaging service has fixed a security flaw that let intruders hijack the app (and thus your account) when you answered an incoming video call in Android or iOS. If an attacker sent a malformed Real-...

Initial ‘Fortnite’ Android installer let hackers install malware

When Epic said it would skip the Google Play Store with Fortnite's Android release, it raised eyebrows among security experts. Wasn't it creating risks by encouraging gamers (some of whom didn't understand the potential dangers) to install non-Store...

Android exploit targeted apps’ shoddy use of external storage

Many mobile security flaws revolve around obvious avenues like websites or deep, operating system-level exploits. The security team at Check Point, however, has discovered another path: apps that make poor use of external storage like SD cards. Whi...

Permanent LTE exploits steer users to rogue websites

LTE was theoretically supposed to fix the security holes baked into earlier wireless standards, but it isn't completely immune. An international team of researchers has discovered a attack methods (nicknamed aLTEr) that takes advantage of inherent f...

Intel details fourth Spectre-style CPU security flaw

Intel said it was scrambling to find more Spectre-like processor security flaws, and unfortunately it just found one. The company (along with Google and Microsoft) has disclosed a fourth exploit (simply titled Variant 4) that once again uses specula...