Personal information of many German politicans were published online. Since then, Police arrested 20 years old suspect.
Qualys has sent out a security advisory describing three stack-overrun vulnerabilities in systemd-journald. They have two working exploits already.
Samsung Phone Users Perturbed to Find They Can't Delete Facebook.
According to a Hacker News comment (2nd link), it should be possible to delete application via cable using ADB. I didn't try it.
Australian government issued a warning regarding WhatsApp hoax that is promoting installation of a ‘gold’ version of the application. Installation leads to a malware infection.
After Motherboard's article about US carriers selling customers location data, senators call on FCC to investigate T-Mobile, AT&T, and Sprint.
Trial of a Mexican drug lord Joaquín "El Chapo" Guzmán started and it looks like his IT security guy gave encryption keys for a SIP communication service to investigators long time ago.
El Chapo also spyied on his wife and fiancées using Flexi-spy spyware which provider was subpoenaed by FBI.
Singapore's ministry of communications and information published "Public Report of the Committee of Inquiry (COI) into the cyber attack on Singapore Health Services Private Limited Patient Database".
If you are into incident response, this report is really great source.
Back in 2015, Facebook filed patent request describing how to track user relations using the dust on camera lens.
If your computer rely on BitLocker in TPM mode (boot without PIN), it is possible to extract cryptographic material data out of your computer and decrypt the hard drive.
Zerodium platform wants to pay you $2,000,000 for remote iOS jailbreaks, $1,000,000 for WhatsApp / iMessage / SMS / MMS remote code execution exploit, and $500,000 for Chrome remote exploit.
Security engineer Chris Palmer published blog about the state of software security in 2019.
The NSA has so far open-sourced 32 projects on Github, as part of its Technology Transfer Program.
Research paper on a new hardware-agnostic side-channel attack which is targeting the operating system page cache was published.
Interesting paper from the last October a long-term secure storage proposal:
"ELSA: Efficient Long-Term Secure Storage of Large Datasets".
According to the New York Times sources, Marriott customers' data were breached by Chinese hackers.
Attribution is hard, especially when investigating government related hacks. We have to wait for more information.
A Google+ API software update introduced in November had caused the Google+ API to broadcast user profiles to third-party developers, exposing the personal information of more than 52 million users.
Excellent journalistic piece about the location data industry. It's impossible to anonymize this kind of datasets. Really recommended!
Check Point researchers found 53 critical bugs in Adobe Reader and Adobe Pro by using WinAFL fuzzer.
The Cisco Talos team wrote about the various practical side-channel attack scenarios against the encrypted messaging apps like WhatsApp, Telegram, and Signal.
Study finds 5 out of 17 tested certification authorities are vulnerable to spoofing domain validation by using the IP fragmentation attack.
A team behind the open source automation tool Jenkins published a patch for a critical vulnerability that could allow permission checks to be bypassed through the use of specially-crafted URLs.
Microsoft took the first step in advocacy for the regulation of a facial recognition technology.
A recent variant of a Shamoon malware wiped around ten percent PCs of the Italian oil and gas company Saipem.
Russian State Duma is going to prohibit Russian servicemen from publishing personal information online.
Researcher Natalie Silvanovich from the Google Project Zero fuzzed WhatsApp application and (surprisingly) didn't find exploitable bugs, just a heap corruption.
Australian guys, there is a GitHub repository where you can ask legal questions about the terrible Assistance and Access Bill. The questions are answered by lawyers.