Weekly news · malgregator

InfoSec Week 49, 2018

Apple included support for the WebAuthentication API in the latest Safari Release 71 (Technology Preview). The new WebAuthentication as implemented supports USB-based CTAP2 devices.

Posted Dec 7, 2018

#Weekly-News

InfoSec Week 48, 2018

Sennheiser's HeadSetup software is installing a root certificate into the OS Trusted CA Certificate store. They have also put a private key on a device, the same one for all users, which allows any user to perform a man-in-the-middle SSL attacks against SSL communication.

Posted Nov 30, 2018

#Weekly-News

InfoSec Week 47, 2018

The German government-issued identity card (nPA) SDK had a critical security vulnerability allowing an attacker to impersonate arbitrary users against affected web applications.

Posted Nov 23, 2018

#Weekly-News

InfoSec Week 46, 2018

Researchers at the University of California have found that GPUs are vulnerable to side-channel attacks and demonstrated multiple types of attacks. After reverse engineering Nvidia GPU, researchers were able to steal rendered password box from a browser, sniffed other browser related data and also settings from the neural network computations on a GPU in the data center.

Posted Nov 16, 2018

#Weekly-News

InfoSec Week 45, 2018

A default VirtualBox virtual network device has a vulnerability allowing an attacker with root privilege to escape guest OS, execute commands in ring3 on a host. All operating systems affected.

Posted Nov 9, 2018

#Weekly-News

InfoSec Week 44, 2018

The US federal prosecutors say that Chinese spies hacked dozen firms to steal aviation engineering secrets for the Chinese aerospace company.

Posted Nov 2, 2018

#Weekly-News

InfoSec Week 43, 2018

A zero-day vulnerability in the jQuery File Upload plugin is actively exploited for at least three years. Patch now!

Posted Oct 26, 2018

#Weekly-News

InfoSec Week 42, 2018

The Czech Security Intelligence Service (BIS) shuts down Hezbollah servers in the Hezbollah hacking operation. Hackers used female Facebook profiles to trick victims into installing spyware.

Posted Oct 19, 2018

#Weekly-News

InfoSec Week 41, 2018

Memory corruption bug in WhatsApp's non-WebRTC video conferencing implementation can screw you. Just answering a call from an attacker could completely compromise WhatsApp.

Posted Oct 12, 2018

#Weekly-News

InfoSec Week 40, 2018

Estonia sues Gemalto for €152M over ID card flaws. According to an article, some keys were NOT generated on a smartcard due to a scaling issue. Well, looks like they are not affected by ROCA vulnerability, just compromised by Gemalto:)

Posted Oct 4, 2018

#Weekly-News

InfoSec Week 39, 2018

Linux had officially committed to implementing and obeying the Code of Conduct — which is immediately misused to remove top Linux coders. Some of the Linux developers are now threatening to withdraw the license to all of their code.

Posted Sep 28, 2018

#Weekly-News

InfoSec Week 38, 2018

Purism project introduced their own security token called the Librem Key. They have partnered with the Nitrokey manufacturer, but the firmware provides additional functionality, like a challenge response mode where the key informs you if the bios running on a PC has validated itself to the key.

Posted Sep 21, 2018

#Weekly-News