The academics have mounted a successful GPS spoofing attack against road navigation systems that can trick humans into driving to incorrect locations. The novel part is that they are using real map data to generate plausible malicious instructions.
Folks from Cloudflare, Mozilla, Fastly, and Apple during a hackaton implemented Encrypted Server Name Indication (SNI). There are implementations in BoringSSL, NSS and picotls.
Good insight on how credit card thieves use free-to-play apps to steal and launder money from the credit cards.
Chromium recently introduced Cross-Origin Read Blocking (CORB) that helps mitigate the threat of side-channel attacks (including Spectre).
For anybody interested in reverse engineering, nice write up about the Smoke Loader malware bot unpacking mechanism and communication with the C&C.
A research on how to bypass memory scanners using Cobalt Strike’s beacon payload and the gargoyle memory scanning evasion technique.
Eset researchers analyzed ongoing espionage campaign against the Ukrainian government institutions.
The intercept summarized what the public has learned about Russian and U.S. spycraft from the Special Counsel Robert Mueller’s indictment of hackers.
Security researchers have uncovered a highly targeted mobile malware campaign that has been operating since August 2015 and found spying on 13 selected iPhones in India.
There is an exploit for Ubuntu Linux (up to 4.17.4) where other users coredumps can be read via setgid directory and killpriv bypass.
The U.S. Secret Service is warning about a new scam scheme where the crooks are intercepting new debit cards in the mail and replace the chips on the cards with chips from old cards. Once owners activate the cards, crooks will use stolen chips for their financial gain.
Russian state regulator Roskomnadzor have ordered to block the Telegram messaging application 48 hours after it missed a deadline to give up encryption keys to the online conversations of its users. I am not sure whether the Telegram protocol is actually blocked in Russia now.
A new Android P version will enforce applications to communicate over TLS secured connection by default.
Kudelski Security published a walk-through guide about Manger's attack against RSA OAEP. 1-bit leak from oraculum suffices to decrypt ciphertexts.
In depth article about stealing FUZE credit card content via Bluetooth.
Understanding Code Signing Abuse in Malware Campaigns. Pretty good statistics.
There is a vulnerability that results in a bypass of a tamper protection provided by the Sophos Endpoint Protection v10.7. Protection mechanism can be bypassed by deleting the unprotected registry key.
Several vulnerabilities have been found in the Apache HTTPD server. Update now.
Microsoft Windows tool certutil.exe for displaying certification authority information can be used to fetch data from the internet in the similar fashion like WGET or CURL.
There is a paper about breaking 256-bit security (NIST post-quantum candidate) WalnutDSA in under a minute.
Snallygaster - a Tool to Scan for Secrets on Web Servers
Nice map of the ongoing Linux kernel defenses. The map shows the relations between the vulnerability classes, current kernel defenses and bug detection mechanisms.
New research has found a flaw in a group messaging part of a Signal protocol used by Signal, WhatsApp and Threema. It’s hardly exploitable, but the server (attacker) could be, in some theoretical scenario, able to silently join an encrypted group chat.
Janit0r, author of the mass internet scanning campaign known as Internet Chemotherapy, released two more blogs about the campaign. Interesting.
A tale about the npm package which crawled user entered credit card information from the websites. It is a work of fiction, but published few hours after dozens of npm packages stopped working due to missing dependencies... Scary.
HC7 Planetary Ransomware is probably the first known ransomware asking for Ethereum as a ransom payment. It's for Windows users only.
There is a hardwired network backdoor in the Western Digital MyCloud drives (user: mydlinkBRionyg, password: abc12345cba). Vendor probably patched it six months after reported.
Wi-Fi Protected Access III - WPA3 will be forced on a marked this year. Hopefully a lot of security enhancements to wi-fi protocol will be delivered by the WPA3-certified devices.
Let's Encrypt certification authority has temporarily disabled TLS-SNI-01 authorization challenge due to reported exploitation technique possible on a shared hosting infrastructure.
Google Cloud security engineers reported remote code execution vulnerability in the AMD Platform Security Processor.
Brian Krebs wrote a blog about the flourishing online markets with the stolen credentials.
VirusTotal has a new feature, a visualization tool for the relationship between files, URLs, domains and IP addresses.
A Meltdown vulnerability proof of concept for reading passwords out of Google Chrome browser.