Broadcom Wifi chip | Breaking Cybersecurity News | The Hacker News

Google has released its latest monthly security update for Android devices, including a serious bug in some Broadcom Wi-Fi chipsets that affects millions of Android devices, as well as some iPhone models. Dubbed BroadPwn , the critical remote code execution vulnerability resides in Broadcom's BCM43xx family of WiFi chipsets, which can be triggered remotely without user interaction, allows a remote attacker to execute malicious code on targeted Android devices with kernel privileges. "The most severe vulnerability in this [runtime] section could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process," Google describes in the July 2017 Android Security Bulletin. The BroadPwn vulnerability ( CVE-2017-3544 ) has been discovered by Exodus Intelligence researcher Nitay Artenstein, who says the flawed Wi-Fi chipset also impacts Apple iOS devices. Since Artenstein will be presenting his finding at...

Millions of smartphones and smart gadgets, including Apple iOS and many Android handsets from various manufacturers, equipped with Broadcom Wifi chips are vulnerable to over-the-air hijacking without any user interaction. Just yesterday, Apple rushed out an emergency iOS 10.3.1 patch update to address a serious bug that could allow an attacker within same Wifi network to remotely execute malicious code on the Broadcom WiFi SoC (Software-on-Chip) used in iPhones, iPads, and iPods. The vulnerability was described as the stack buffer overflow issue and was discovered by Google's Project Zero staffer Gal Beniamini, who today detailed his research on a lengthy blog post , saying the flaw affects not only Apple but all those devices using Broadcom's Wi-Fi stack. Beniamini says this stack buffer overflow issue in the Broadcom firmware code could lead to remote code execution vulnerability, allowing an attacker in the smartphone's WiFi range to send and execute code on th...

Identity-based attacks are on the rise. Attackers are targeting identities with compromised credentials, hijacked authentication methods, and misused privileges. While many threat detection solutions focus on cloud, endpoint, and network threats, they overlook the unique risks posed by SaaS identity ecosystems. This blind spot is wreaking havoc on heavily SaaS-reliant organizations big and small. The question is, what can security teams do about it? Have no fear, because Identity Threat Detection and Response (ITDR) is here to save the day. It's essential to have the visibility and response mechanisms to stop attacks before they become breaches. Here's the super lineup that every team needs to stop SaaS identity threats. #1 Full coverage: cover every angle  Like Cap's shield, this defense should cover every angle. Traditional threat detection tools such as XDRs and EDRs fail to cover SaaS applications and leave organizations vulnerable. SaaS identity threat detection and re...