Security Roundup: Owncloud, NXP, 0-Days, and Fingerprint Vulnerabilities
This week in security, an issue in Owncloud is being actively exploited, although the public exploit does not work against default installs. NXP, a chip manufacturer, experienced a security breach where a threat group gained access to their network for over two years, potentially compromising chip designs and vulnerability reports. Two 0-day attacks are in the wild, targeting a popular router and a Network Video Recorder, but the devices affected have not been specified. Researchers discovered vulnerabilities in fingerprint sensors used for Windows Hello login, allowing for bypassing authentication. Additionally, a new attack called BLUFFS targets Bluetooth connections. A Cyberlink installer was found to contain malicious code, and a service called "Have I Been Squatted" checks for typosquatting domains. Lastly, an AI model, ChatGPT, breaks when asked to repeat a word indefinitely.