The Chinese battery expert is charged with stealing trade secrets from US employer, as he prepared to return home. Forensics found deleted research materials not related to his contract on a USB voluntarily provided to a supervisor.
The New York Times published an article about the insecurity of the mobile networks' Signaling System 7 (SS7) and the unwillingness to address mobile network vulnerabilities in general.
Iraq government took down unlicensed towers used for illegal internet bandwidth smuggling operation in the disputed province of Kirkuk.
Indias' Ministry of Home Affairs has issued a notification authorizing 10 agencies to tap, intercept and decrypt all personal data on computers and networks.
Yet another article from NY Times, this time on how Facebook uses 7500 moderators around the world to keep content "normal".
Hackers are infecting Linux servers with JungleSec ransomware using IPMI remote console, manually running encryption program, then asking for ransom.
The beta version of the WireGuard next gen VPN for iOS was released into the App Store.
Someone from the France uploaded a new sample of Shamoon wiper malware to VirusTotal. The sample is signed with Baidu digital certificate expired back in 2016.
The Wired magazine published a list of articles they have published on a security topic in 2018. Some of them are really good.
Amazon sends 1700 Alexa voice recordings to a random person.
Sennheiser's HeadSetup software is installing a root certificate into the OS Trusted CA Certificate store.
They have also put a private key on a device, the same one for all users, which allows any user to perform a man-in-the-middle SSL attacks against SSL communication.
German chat platform Knuddels.de (Cuddles) has been fined 20k€ for storing user passwords in plain text.
What is interesting is that the regional GDPR data watchdog wanted to avoid bankrupting the company. "The overall financial burden on the company was taken into account in addition to other circumstances".
Crooks are using new attack vector to spread malware, they are requesting maintainer access to a widely-used open source projects on github, then pushing compromised version to millions of people.
Two international cybercriminal Rings dismantled and eight defendants indicted for causing tens of millions of dollars in losses in the digital advertising fraud.
They have produced Boaxxe/Miuref & Kovter malware.
Cisco Talos has discovered DNSpionage malware targeting governments and companies in the Middle East using phishing attack.
The U.S. Treasury Department has sanctioned two Iranians allegedly involved in Bitcoin ransomware scheme SamSam.
They have basically put Bitcoin addresses on the Office of Foreign Assets Control’s (OFAC) sanctions list.
Scammers are changing the contact details for banks on Google Maps.
Almost all VPN browser extensions are in fact just a proxy and are vulnerable to a different level of IP leaks and DNS leaks.
Google, Mozilla are working on letting web apps edit local user files despite warning it could be really dangerous.
The German Federal Office for Information Security, BSI, publishes Microsoft Windows 10 telemetry analysis.
BlackBerry purchased Cylance, the machine-learning based anti-malware company for $1.4 billion dollars.
They plans to integrate Cylance's anti-malware solution into the BlackBerry Spark platform.
The Sequoia team introduced the first release of a new Rust implementation of the OpenPGP licensed under GPL 3.0.
A default VirtualBox virtual network device has a vulnerability allowing an attacker with root privilege to escape guest OS, execute commands in ring3 on a host.
All operating systems affected.
Researchers at Radboud University in the Netherlands have revealed encryption vulnerabilities in the solid-state drives (SSD).
Samsung nor Crucial manufacturers are producing buggy firmware where anybody who steals your drive is able to decrypt it on their own.
Police in the Netherlands were able to decrypt more than 258,000 messages sent using proprietary IronChat end-to-end (probably not) encrypted messaging application.
Lessons learned: do not use custom, proprietary, "exclusive" application nobody else except your gang members have...
The first release of 5G (3GPP Release 15) includes protection against an active IMSI catching.
"But in a typical case where 5G UE also supports LTE, it is still vulnerable to LTE IMSI catchers."
New "PortSmash" CPU side channel vulnerability impacts all CPUs that use a Simultaneous Multithreading (SMT).
The vulnerability has been discovered by researchers from the Tampere University of Technology in Finland and Technical University of Havana, Cuba.
Troy Hunt published blog on how passwords are superior to many alternative methods, primarily because "everyone understands how to use it".
US Cyber Command (USCYBERCOM) starts uploading unclassified foreign APT malware samples to VirusTotal.
Iran found CIA spies by Googling their online communication channels after double agent told them modus operandi.
Some explanation by Doug Madory of Oracle on how and when China Telecom hijacked BGP routing to send US-to-US traffic via mainland China.
Early version of an open source, free WireGuard for iOS VPN tunneling implementation is in public testing.
Microsoft releases a Linux version of their ProcDump Sysinternals Tool.
A zero-day vulnerability in the jQuery File Upload plugin is actively exploited for at least three years. Patch now!
A massive ad fraud scheme involving more than 125 Android apps and websites exploited Android Phones to steal millions.
Literally, almost everybody is doing this scheme against the smartphone users these days.
Kaspersky Lab analyzed complex DarkPulsar backdoor administrative module for a malware leaked by the ShadowBrokers.
They have found around 50 victims located in Russia, Iran and Egypt, mostly companies working in the nuclear energy, telecommunications, IT, aerospace and R&D.
Haaretz investigation reveals Israel has become a leading exporter of tools for spying on civilians.
Dictators around the world use them eavesdrop on human rights activists, monitor emails, hack into apps and record conversations.
The consultancy firm McKinsey helping Saudi Arabia identify influential Saudis who opposed the government's line on Twitter.
Some of those individuals were later imprisoned & targeted with sophisticated spyware.
Companies building "Smart home" products refuse to say whether law enforcement is using their products to spy on citizens.
Mozilla announces experimental partnership with the ProtonVPN.
They will offer a virtual private network (VPN) service to a small group of Firefox users.
The UK grassroots internet provider is testing a data only SIM card that blocks any non-Tor traffic from leaving the phone.
That feeling when you can steal a Tesla by relay attack (or key cloning?), but you have to Google how to unplug the charger.
An insightful review of Android's secure backup practices published by NCC Group.
Endpoint security pioneer Joanna Rutkowska leaves Qubes OS, joins the Golem project.
Matthew Green wrote a post on password-based authenticated key exchange (PAKE )and the new OPAQUE protocol.
Quite useful techniques more people should know about.
Signal Desktop leaves message decryption key in the plain text.
Trail of Bits published a useful guide to the post-quantum cryptography.
Google started selling their Titan Security Key bundle that support FIDO standards for secure authentication. They have written the firmware by themselves, but the price should be lower for this kind of hardware.
Interesting three month research on hacking Australian law firms by registering expired domain names. Thousands of emails received with sensitive material.
Researchers systematically retrieved 3500 AT controlling commands from over 2000 Android smartphone firmware images across 11 vendors and "demonstrated that the AT command interface contains an alarming amount of unconstrained functionality and represents a broad attack surface on Android devices."
Fortnite Installer created by Epic Games allowed to install anything on the customer Android phone. An Epic security engineer requested Google to delay public disclosure for the 90 days period, to allow time for the update, but Google refused.
US T-Mobile Database was breached, 2 millions of customers' data exposed.
Ars Technica published a good introductory review of the WireGuard next generation VPN software.
WhatsApp has warned users that by using a free backup service offered by Google, messages will no longer be protected by end-to-end encryption.
Assured researchers published an article which provides a brief overview of the new TLS 1.3.
If you wanted to know how to use PGP in an organization of 200 people, read this blog about OpenPGP key distribution.
They are now turning the lessons learned into an Internet standard.
Mozilla Firefox 62 and newer support a new TLS API for WebExtensions.
There is now a certificate viewer leveraging new API called Certainly Something (Certificate Viewer).
In-depth blog spot by voidsecurity about the VirtualBox code execution vulnerability.
Mark Ermolov and Maxim Goryachy researchers have published a detailed walk-through for accessing an Intel's Management Engine (IME) JTAG feature, which provides debugging access to the processor.
If you are running Linux machines in Microsoft Azure, you should disable built-in wa-linux-agent backdoor that enable root access from Azure console.
There is a good blog post by Stuart Schechter about the dark side of the two factor authentication. Highly recommended reading.
Great research by Eyal Ronen, Kenneth G. Paterson and Adi Shamir demonstrate that adopting pseudo constant time implementations of TLS are not secure against the modified Lucky 13 attack on encryption in CBC-mode. Tested against four fully patched implementations of TLS - Amazon's s2n, GnuTLS, mbed TLS and wolfSSL.
Traefik, popular open source reverse proxy and load balancing solution is leaking (CVE-2018-15598) TLS certificate private keys via API.
Google enrolled Hardware Secure Module to their Cloud Key Management Service. The customers can use it to store their encryption keys with FIPS 140-2 Level 3 security certified devices from now on.
Microsoft Corp said that Russian hackers are targeting U.S. political groups ahead of November’s congressional elections.
The WIRED cover story on how Russian NotPetya malware took down Maersk, the world’s largest shipping firm.
Kaspersky Lab published analysis of a sophisticated "Dark Tequila" banking malware which is targeting customers in Mexico and other Latin American nations.
NSA successfully cracked and listened for years to encrypted networks of Russian Airlines, Al Jazeera, and other “High Potential” targets.
Anonymous targeted Spanish Constitutional Court, economy and foreign ministry websites to support Catalonia separatist drive.
Red Teaming/Adversary Simulation Toolkit is a collection of open source and commercial tools that aid in red team operations.
The Fidelis Cybersecurity researcher Jason Reaves demonstrated how covertly exchange data using X.509 digital certificates. The proof of concept code is using SubjectKeyIdentifier and generating certificates on the fly.
The "UDPoS" Point of Sale malware is using DNS traffic to exfiltrate stolen credit card data.
Talos analyzed malware threat targeting Olympic computer systems during the opening ceremony. The main purpose was information gathering and destroying the system.
Zero-day vulnerability in the Bitmessage messaging client was exploited to steal Electrum cryptocurrency wallet keys.
Trustwave analyzed multi-stage Microsoft Word attack which is NOT using macros. Really creative technique.
Microsoft can't fix Skype privilege escalation bug without the massive code rewrite, so they postponed it for a while.
Facebook is advertising their Onavo VPN application, but there are a few reasons why it is really not a good idea to use it.
Facebook is spamming users via SMS registered for two factor authentication (2FA). Then posts their responses on a wall.
(Not only) Performance analysis of a Retpoline mitigation for Spectre vulnerability.
A guide on how to brutefoce Linux Full Disk Encryption (LUKS) volumes using Hashcat software.
Proof of concept of LibreOffice remote arbitrary file disclosure vulnerability. It is possible to silently send any files. All operating systems affected before 5.4.5/6.0.1 versions.
Interesting research on the possibility of a cheap online surveillance.
"In this work we examine the capability of [..] an individual with a modest budget -- to access the data collected by the advertising ecosystem. Specifically, we find that an individual can use the targeted advertising system to conduct physical and digital surveillance on targets that use smartphone apps with ads."
Mnemonic company together with the Norwegian Consumer Council tested several smartwatches for children and found numerous security vulnerabilities that allows child tracking, etc.
The Cisco Talos team discovered an e-mail campaign spreading malicious Visual Basic inserted in a Cyber Conflict U.S. conference flyer, targeting cyber warfare conference participants.
SfyLabs security researchers have spotted a new Android banking trojan named LokiBot. It has banking trojan functionality, but turns into ransomware and locks users out of their phones if they try to remove its admin privileges.
There is a newly published cryptographic attack on some legacy systems like Fortinet FortiGate VPN, which uses ANSI X9.31 random number generator with a hardcoded seed key.
Nice explanation of a remote code execution vulnerability (CVE-2017-13772) on a TP-Link WR940N home WiFi router.
Purism’s Librem Laptops running open-source coreboot firmware are now available with completely disabled Intel Management Engine.
Wire, open source end-to-end encrypted messenger is now open for corporate clients. It offers secure chats, calls and file sharing while following strict European data protection laws.