Microsoft's mobile Edge browser begins issuing fake news warnings. It is powered by news rating company NewsGuard. It gives you fake news warning for Wikileaks, so decide for yourself.
A vulnerability in the apt package allows a network man-in-the-middle or malicious mirror to execute arbitrary code as root on a machine installing any packages.
Encryption mode in the well-known compression software 7-Zip uses poor randomness when generating AES initialization vectors.
Turns out that the MySQL server has access to all client local files. Patched server can upload clients' files like SSH keys.
Daniel Miessler published a short blog about the reasons why software remains insecure.
TLDR: "Basically, software remains vulnerable because the benefits created by insecure products far outweigh the downsides. Once that changes, software security will improve—but not a moment before."
Trend Micro engineers found applications in the Google Play store that drop Anubis banking malware after the device motion sensors are activated to evade initial detection.
Interesting Twitter bug was filled via HackerOne platform - changing email address on Twitter for Android unsets “Protect your Tweets” flag and make protected tweets public.
Great in-depth blog about the finding and exploiting bugs in Marvell Avastar Wi-Fi.
WPintel - Chrome extension designed For WordPress vulnerability scanning and information gathering.
Linux had officially committed to implementing and obeying the Code of Conduct — which is immediately misused to remove top Linux coders.
Some of the Linux developers are now threatening to withdraw the license to all of their code.
Bug in Twitter sent users' private direct messages to third-party developers who were not authorized to receive them. Some brand accounts should be affected.
Qualcomm accuses Apple of stealing chip secrets for the purpose of helping Intel overcome engineering flaws in its chips.
Australian government pushes for the smartphone spyware implanted by Telco vendors, manufacturers.
At least the sixth backdoor account was removed from Cisco devices this year.
This time it's "hardcoded credentials" in the Cisco Video Surveillance Manager (VSM) Software.
ESET researchers discovered, that the Kodi Media Player add-ons are misused for the cryptocurrency mining malware distribution.
According to a stackexchange post, "the Chinese police is forcing whole cities to install an Android spyware app Jingwang Weishi.
They are stopping people in the street and detaining those who refuse to install it."
Researchers proved that the security of PKCS #1 Digital Signatures is as secure as any of its successors like RSA-PSS and RSA Full-Domain.
There is a novel cache poisoning attack on WiFi by a remote off-path mitm attack vector.
Takes only 30 seconds and is using interesting multi-packet injection for timing side channel inference for injection. Works on Windows, OSX and Linux.
There is a first ransomware which is taking advantage of a new Process Doppelgänging fileless code injection technique. Working on all modern versions of Microsoft Windows, since Vista. This variant of a known SynAck ransomware is using NTFS transactions to launch a malicious process by replacing the memory of a legitimate process.
Security researchers from the Dutch information security company Computes has found that some Volkswagen and Audi cars are vulnerable to remote hacking. They were able to exploit vehicle infotainment systems. The possible attackers could track car location as well as listen to the conversations in a car.
Twitter found a bug that stored user passwords unmasked in an internal log, there is no indication of a breach, but all Twitter users should change their passwords.
There is a breakthrough cryptographic attack on 5-round AES using only 2^22 (previous best was 2^32) presented at CRYPTO 2018. It is joint work of Nathan Keller, Achiya Bar On, Orr Dunkelman, Eyal Ronen and Adi Shamir. This kind of attack is good when evaluating the security of a cipher, it does not have any real world implication as the AES is using at least 10 rounds in production implementations.
Bug hunter which found multiple vulnerabilities in the 7-zip software used by anti-virus vendors wrote an blog on how to exploit one of such bugs. Interesting read.
The 360 Core Security Division response team detected an APT attack exploiting a 0-day vulnerability and captured the world’s first malicious sample that uses a browser 0-day vulnerability (CVE-2018-8174). It is a remote code execution vulnerability of Windows VBScript engine and affects the latest version of Internet Explorer.
Microsoft patched this vulnerability few days ago and credited Chinese researchers.
Source code of TreasureHunter Point-of-Sale malware leaks online.
The ssh-decorator package from Python pip had an obvious backdoor (sending ip+login+password to ssh-decorate[.]cf in cleartext HTTP).
Luke Picciau wrote about his experience with Matrix and it's Riot messenger for one year.
There is a first official version 1.0 RC of Briar for Android.
Briar is an open-source End-to-end encrypted Bluetooth / WiFi / Tor based mesh-networking (decentralized) messaging application.
The Infection Monkey is an open source security tool for testing a data center's resiliency to perimeter breaches and internal server infection.
Porn spam botnet consisting of more than 80,000 automated female Twitter accounts has been prompting millions of clicks from Twitter users to the various affiliate dating schemes (known as "partnerka").
Two malware families, NemucodAES ransomware and Kovter trojan are being distributed via email, pretending to be a delivery notice from the United Parcel Service.
Reyptson ransomware is using victim’s configured Thunderbird email account to execute spam distribution campaign against its contacts.
Android spyware targeting Iranians is using Telegram bot API to exfiltrate data to the remote server.
Trustwave SpiderLabs researchers discovered a zero-day vulnerability in Humax HG-100R WiFi Router, that could be exploited by attackers to compromise the WiFi credentials and obtain the router console administrative password.
Proofpoint analyzed Ovidiy Stealer, undocumented credential stealer, which is sold on the Russian-speaking forums.
Guido Vranken fuzzed FreeRADIUS source code and found 15 issues, four exploitable, and one of which is a remote code execution bug (RCE). Compile and upgrade now.
Humble Bundle is selling for next 12 days a lots of DRM-free cybersecurity books very cheaply.
WireGuard, fast, modern, secure VPN tunnel is now formally verified with the Tamarin equational theorem prover. Really powerful software.
Interesting USENIX paper on the security (and analysis) of bootloaders in mobile devices:
BootStomp: On the Security of Bootloaders in Mobile Devices
PyREBox is a Python scriptable Reverse Engineering sandbox developed by Cisco Talos. It is based on QEMU, and its goal is to aid reverse engineering by providing dynamic analysis and debugging capabilities from a different perspective.