Six U-Boot bugs, GodDamn driver, 1M SSNs leak
Binarly uncovered six new flaws in the U‑Boot bootloader’s FIT signature verification, four causing denial‑of‑service crashes and two permitting arbitrary code execution before the OS loads. The bugs affect releases back to 2013, putting routers, BMCs, IoT gear and servers at risk of stealthy firmware attacks.
The GodDamn ransomware, a fresh rebrand of the Beast family, hijacks a Microsoft‑signed PoisonX driver to disable endpoint security tools. Coupled with AnyDesk remote access and a NirSoft credential‑harvesting suite, it lets attackers move laterally and encrypt data with little resistance.
The Municipal Revenue Collection Center’s online property map unintentionally exposed the Social Security numbers of about 1 million residents. Researchers showed that anyone could pull the data without authentication, forcing the agency to patch the flaw after denial of any breach. The incident highlights chronic cybersecurity gaps in Puerto Rico’s government infrastructure.
The Municipal Revenue Collection Center’s online property map unintentionally exposed the Social Security numbers of about 1 million residents. Researchers showed that anyone could pull the data without authentication, forcing the agency to patch the flaw after denial of any breach. The incident highlights chronic cybersecurity gaps in Puerto Rico’s government infrastructure.
Researchers reverse‑engineered Transsion’s Athena telemetry stack on TECNO, Infinix and itel phones and found it streams every app’s network activity, precise location, foreground app and camera usage to a Chinese server, tied to permanent IDs. The encryption keys are hard‑coded, making the data trivially decryptable, exposing a continent‑wide privacy breach.
Subscribe free