Apple included support for the WebAuthentication API in the latest Safari Release 71 (Technology Preview).
The new WebAuthentication as implemented supports USB-based CTAP2 devices.
Critical Kubernetes privilege escalation bug (CVE-2018-1002105) was found and patched during this week. When exploited, the bug allows anonymous users as well a authenticated one to use admin privileges over the cluster API.
There is an exploit published on a GitHub already.
British Telecom will not use Huawei's 5G kit within the core of the network due to security concerns.
Security agencies in Australia will gain greater access to encrypted messages due to a new legislative.
US National Security Archive published a complete index of all 1504 items in the declassified collection of NSA internal Cryptolog periodical.
Security researchers released attacks on 7 TLS implementations, making use of Bleichenbacher and Manger's attack.
The research with a name "The 9 Lives of Bleichenbacher’s CAT: New Cache ATtacks on TLS Implementations" also includes a TLS 1.3 downgrade attack.
Ransomware Infected 100k computers in China then demands WeChat Payment and is using XOR as an "encryption". Author was probably identified because he registered domain to his own name.
It looks like 13 years old Virut botnet is resurrected in the wild.
Great blog on how guy scammed the scammer to send him photo of his ID.
Nearly 250 Pages of internal Facebook documents, emails and statistics were posted online by the UK Parliament.
A User Data of the question-and-answer website Quora were compromised.
The records of 500 million customers of the Marriott International hotel group were compromised.
Interesting revisited paper: "From Keys to Databases -- Real-World Applications of Secure Multi-Party Computation."
GTRS - is a tool that uses Google Translator as a proxy to send arbitrary commands to an infected machine.
The German government-issued identity card (nPA) SDK had a critical security vulnerability allowing an attacker to impersonate arbitrary users against affected web applications.
One of the largest dark Web hosting service providers was hacked using the PHP vulnerability we wrote a week ago and taken offline by deleting the whole database.
More than 6500 Dark Web services were hosted there which means that literally one third of the publicly facing dark web is gone.
For 30 months, internet traffic going to Australian Defense websites flowed through the China Telecom's data centers due to BGP hijacking.
"How the strange routing occurred is known. But the reasons why it persisted for so long aren't, and many involved in the situation aren't eager to directly comment."
The Computer Emergency Response Team of Ukraine (CERT-UA) and the Foreign Intelligence Service of Ukraine detected a new malware Pterodo Windows backdoor that was targeting computers at Ukrainian government agencies.
The US government is persuading wireless and internet providers in allied countries to avoid telecommunications equipment from Chinese company Huawei.
Mozilla published a blog post about their concern regarding the EU Terrorist Content Regulation.
TinkerSec security researchers published on a Twitter a great story about his insider penetration testing assignment. Really good read, he got busted.
The VUSec security group published ECCploit paper and an article demonstrating Rowhammer bitflip exploits on the Error-correcting Code (ECC) enabled systems.
The Crypto.cat author, security researcher Nadim Kobeissi published ProtonMail encryption paper, "An Analysis of the ProtonMail Cryptographic Architecture".
MiSafes' Kids Watcher child-tracking smartwatches can be compromised, children can be tracked.
Zydis is the ultimate, open-source X86 & X86-64 decoder/disassembler library.