Insurance Company says to the Mondelez customer that the NotPetya ransomware attack was an act of cyber war and therefore not covered by the policy.
Hackers breached Norway's Visma IT company to steal client secrets. Many large Norwegian companies are using Visma for accounting.
Attackers are attributed by Reuters sources as backed by the Chinese government.
Researchers demonstrated a new privacy attack against all variants of the Authentication and Key Agreement (AKA) protocol that impacts 5G, 4G, and 3G telephony protocols. The attack compromises users' privacy more than current known location privacy attacks do.
Looks like Go language had vulnerabilities in the Elliptic Curve Cryptography implementation which could allow attackers to cause a denial of service or possible private key recovery attacks.
It is possible to trick Evolution email application users into trusting a phished mail via adding a forged UID to a OpenPGP key that has a previously trusted UID. It's because Evolution extrapolates the trust of one of OpenPGP key UIDs into the key itself.
Good long-form story about the young cyber criminals and young girlfriend that followed their lies to her death. It does not have a happy ending.
Security researchers were assaulted by a casino technology vendor Atrient after responsibly disclosed critical vulnerabilities to them.
Article 13, the new European Union copyright law is back and it got worse, not better. https://juliareda.eu/2019/02/article-13-worse/
Researchers from Google Project Zero evaluated Apple's implementation of Pointer Authentication on the A12 SoC used in the iPhone XS. There are bypasses possible, but the conclusion says it is still a worthwhile exploitation mitigation technique.
There is a dangerous, remote code execution flaw in the LibreOffice and OpenOffice software.
Nadim Kobeissi is discontinuing his secure online chat Cryptocat. Thanks for service, it had nice user interface.
Malware For Humans is a conversation-led, independent documentary about fake news, big data, electoral interference, and hybrid warfare.
According to a Reuters investigation, United Arab Emirates used former U.S. intelligence operatives to hack into the iPhones of activists, diplomats and foreign politicians using so-called Karma spyware.
The Russia also has it's own Wikileaks. Called Distributed Denial of Secrets, the website aims to "bring into one place dozens of different archives of hacked material that, at best, have been difficult to locate, and in some cases appear to have disappeared entirely from the web."
The Japanese government will run penetration tests against all the IoT devices in the country in preparation for the Tokyo 2020 Summer Olympics. They want to map vulnerable devices and find out how to harden infrastructure.
Researchers analyzed 6000 router firmware images and the result is quite depressing. The home router software safety hygiene deteriorated over the past 15 years.
A Samsung Galaxy Apps Store bug allowed an attacker to inject arbitrary code through the interception of periodic update requests made by the Apps Store.
Vulnerable Cisco RV320/RV325 routers are being exploited in the wild. Thousands of routers are exposed on the internet with the web-based management interface vulnerability that could allow an unauthenticated, remote attacker to retrieve sensitive configuration information.
US National Institute of Standards and Technology (NIST) announced the second-round candidates for quantum resistant public-key encryption and key-establishment algorithms.
The vulnerability in the Apples' FaceTime application enables caller to hear called person without accepting a call. Apple decided to turn off FaceTime conference servers before the fix is released.
Luke Berner found out interesting method how to maintain persistence after a password change using the two-factor authentication (2FA) no mayor websites.
Purism project introduced their own security token called the Librem Key. They have partnered with the Nitrokey manufacturer, but the firmware provides additional functionality, like a challenge response mode where the key informs you if the bios running on a PC has validated itself to the key.
Google built a prototype of a censored search engine which should be used in China, that links users’ searches to their phone numbers.
According to a Swiss officials, two Russian spies caught in the Netherlands had been plotting a cyber attack on a Swiss defense lab analyzing the Novichok nerve agent used in the Salisbury poisoning.
Citizen Lab has published a new report about the Pegasus spyware created by Israeli cyber-security firm NSO Group.
The malware is operating on both Android and iOS devices, and the researchers identified 45 countries in which operators of NSO Group’s Pegasus spyware may be conducting operations.
Hackers were running cryptocurrency mining malware on the Indian government sites.
Every day this week, Cloudflare is announcing support for a new technology that uses cryptography.
They have introduced Onion service, BGP PKI (RPKI), IPFS node. Essentially, we can call them an active global adversary now.
The Western Digital My Cloud was affected by an authentication bypass vulnerability.
An unauthenticated attacker could exploit this vulnerability to authenticate as an admin user without needing to provide a password.
NSS Labs filed an antitrust suit against CrowdStrike, Symantec, ESET and the Anti-Malware Testing Standards Organization (AMTSO), because they found out that the "vendors have conspired to prevent testing of their products by placing clauses in their end user licensing agreements (EULA) that make testing of their products subject to their permission."
The new Necurs botnet spam campaign targets Banks with the malicious Wizard (.wiz) files used by Microsoft programs such as Word to guide users through complex or repetitive tasks.
Informative blog by the LineageOS engineers covering Qualcomm bootloader chain of trust to the point of Android OS being loaded.
GnuPG can now be used to perform notarial acts in the State of Washington.
A new CSS-based web attack will crash and restart your iPhone.
Interesting project - SlotBot: Hacking slot machines to win the jackpot with a buttonhole camera and brute-force search.
Wandera security researchers spotted a new sophisticated Android RedDrop malware hidden in at least 53 Android applications. It can intercept SMS, record audio and exfiltrate data to the remote server.
There is an experimental support for forward secure post-quantum Extended Hash-Based Signatures (XMSS) in the OpenSSH protocol.
Blog by Matthew Green on the probable encryption key handling by Apple in the China mandated cloud. Not really satisfied explanation, only guesses, as Apple is silent about the exact key handling methodology.
Cloudflare detected new Memcached based amplification DDoS attack vector. The attacker just implants a large payload on an exposed memcached server, then, the attacker spoofs the "get" request message with target Source IP address. The memcached server could be really huge - around 1MB.
A group of computer scientists from the US and China published a paper proposing the first-ever trojan for a neural network. It's called PoTrojan and is triggered by special network input. After that, the network start to work differently.
The Cisco Talos team analyzed attribution claims around Olympic Destroyer malware. The result is to not imply blindly to Russia. Attribution is hard.
New KeePassXC version 2.3.0 was released. There are lots of new features, like new Argon2 key derivation function, SSH agent integration, browser plugin.
Trustico SSL certificate reseller revoked 23000 customer certificates by sending private keys(?!) over email to the Digicert certification authority.
There are rumors that major U.S. government contractor Cellebrite is able to unlock all current iPhone models.
An advertising network has been using a well-known malware trick, a Domain Generation Algorithm (DGA), to bypass ad blockers and deploy in-browser cryptocurrency miners since December 2017.
A novel technique is using hardware branch predictor side channel attack to bypass ASLR protection:
"Jump Over ASLR: Attacking Branch Predictors to Bypass ASLR"
A buffer overflow vulnerability in older Starcraft version enabled modders to create new maps, so Blizzard tasked reverse engineer to safely emulate the bug in the newer, fixed version.
The author says it all: "This is a tale about what dedication to backward compatibility implies."
A bug in the Grammarly chrome extension (approx ~22M users) exposes user authentication token to all websites, so everybody collecting user data can access their cloud data at grammarly.com.
With the release of Google Chrome 68, Chrome will mark all HTTP sites as a “not secure” in the status bar.
Article about the Australian startup Azimuth Security which sells hacking software to the "Five Eyes" police and intelligence agencies.
Rumors are that they are able to remotely hack Android devices and iPhones.
SEC Consult researchers found multiple vulnerabilities in their smart sex toys security review. Customer database, clear passwords, vulnerable remote controllers...
Metasploit integrated EternalRomance, EternalSynergy, and EternalChampion Windows (MS17-010) vulnerabilities leaked from the NSA by Shadow Brokers.
Someone leaked the source code of Apples' iBoot iOS trusted boot program on GitHub. It is a critical part of iOS system. Meanwhile, Apple filed a copyright takedown request with GitHub.
Hackers infected water utility SCADA systems in Europe with the cryptocurrency mining software.
Security researchers discovered vulnerabilities in an automated gas management system that allowed them to hijack credit card payments, steal card numbers and more.
APT Simulator is a Windows Batch script that uses a set of tools and output files to make a system look as if it was the victim of an APT attack.
Researchers exploited antivirus software quarantine mechanism to gain privileges by manipulating the restore process from the virus quarantine. By abusing NTFS directory junctions, the AV quarantine restore process can be manipulated, so that previously quarantined files can be written to arbitrary file system locations.
Wikileaks released source code of leaked CIA hacking tools and it indicates that the CIA used fake certificates attributed to Kaspersky Labs for signing their malware.
A security researcher has discovered factory application in OnePlus devices. It can be used to gain root privileges, dump photos, collect WiFi & GPS information.
Researchers from the Princeton university have been studying third-party trackers that record sensitive personal data that users type into websites, and the results are not good.
iPhone X's Face ID facial recognition security mechanism system was circumvented by Vietnam experts using a 3D mask.
Security researcher Maxim Goryachy reports being able to execute unsigned code on computers running the Intel Management Engine through USB.
Deep dive into the Facebook sextorcism scheme using fake young girls profiles by the guys from Marseille.
Long read about how the security breaches by the Shadow Brokers damaged the US National Security Agency.
Analysis of a low cost Chinese GSM listening and location device hidden inside the plug of a standard USB data/charging cable.
Privacy Pass is a browser extension for Chrome and Firefox, which uses privacy-preserving cryptography to allow users to authenticate to the services without compromising their anonymity. It uses blind signature schemes.
Security researcher Gal Beniamini from Google has discovered a security vulnerability (CVE-2017-11120) in Apple's iPhone and other devices that use Broadcom Wi-Fi chips and published working exploit after notifying affected parties.
Google engineers also found multiple flaws and vulnerabilities in the popular DNS software package - Dnsmasq. The patches are now committed to the project’s git repository. Make sure to upgrade to v2.78.
Arbor Networks researchers attributed Flusihoc DDoS botnet to the Chinese origins. More than 154 different command and control servers were used during the years, with over 48 still active right now.
HP Enterprise shared ArcSight source code with the Russians.
The vulnerability in Siemens industrial switches allows an unauthenticated attacker who has access to the network to remotely perform administrative actions.
Computer manufacturer company Purism is currently running crowdfunding campaign to finance Librem 5 – A Security and Privacy Focused Phone.
From the campaign webpage:
"Librem 5, the phone that focuses on security by design and privacy protection by default. Running Free/Libre and Open Source software and a GNU+Linux Operating System designed to create an open development utopia, rather than the walled gardens from all other phone providers."
Microsoft announced new cloud-based memory corruption bug detector with the codename Project Springfield.
Super-Stealthy Droppers - Linux "Diskless" binary execution by example.