Insurance Company says to the Mondelez customer that the NotPetya ransomware attack was an act of cyber war and therefore not covered by the policy.
Hackers breached Norway's Visma IT company to steal client secrets. Many large Norwegian companies are using Visma for accounting.
Attackers are attributed by Reuters sources as backed by the Chinese government.
Researchers demonstrated a new privacy attack against all variants of the Authentication and Key Agreement (AKA) protocol that impacts 5G, 4G, and 3G telephony protocols. The attack compromises users' privacy more than current known location privacy attacks do.
Looks like Go language had vulnerabilities in the Elliptic Curve Cryptography implementation which could allow attackers to cause a denial of service or possible private key recovery attacks.
It is possible to trick Evolution email application users into trusting a phished mail via adding a forged UID to a OpenPGP key that has a previously trusted UID. It's because Evolution extrapolates the trust of one of OpenPGP key UIDs into the key itself.
Good long-form story about the young cyber criminals and young girlfriend that followed their lies to her death. It does not have a happy ending.
Security researchers were assaulted by a casino technology vendor Atrient after responsibly disclosed critical vulnerabilities to them.
Article 13, the new European Union copyright law is back and it got worse, not better. https://juliareda.eu/2019/02/article-13-worse/
Researchers from Google Project Zero evaluated Apple's implementation of Pointer Authentication on the A12 SoC used in the iPhone XS. There are bypasses possible, but the conclusion says it is still a worthwhile exploitation mitigation technique.
There is a dangerous, remote code execution flaw in the LibreOffice and OpenOffice software.
Nadim Kobeissi is discontinuing his secure online chat Cryptocat. Thanks for service, it had nice user interface.
Malware For Humans is a conversation-led, independent documentary about fake news, big data, electoral interference, and hybrid warfare.
35-year-old vulnerability has been discovered in the SCP file transfer utility. According to the advisory impact section, "Malicious scp server can write arbitrary files to scp target directory, change the target directory permissions and to spoof the client output."
Multiple U.S. government websites SSL certificates have expired and some sites are inaccessible due to properly used HTTP Strict Transport Security.
There's nobody there to renew them due to a government shutdown.
Researchers found a new kind of Windows malware using encrypted messaging app Telegram to receive "encrypted" instructions. Nothing innovative with the malware sample, but what is really interesting is, that telegram messages are coupled with unique IDs and malware analysts from the Forcepoint Labs were able to retroactively scrape all the messages issued by the malware operator.
Not sure what kind of channel was used by the bot, but it looks really suspicious to be able to scrape old messages.
The researchers at the CanSecWest Vancouver conference will be able to participate in the annual Pwn2Own challenge. This year also in car hacking as Tesla Model 3 will be available.
One of last surviving Navajo code talkers, Alfred Newman, has passed away at 94. Newman, with many others, developed during World War II an unbreakable code for military transmissions using the unwritten Navajo language.
Security researcher Troy Hunt updated his service Have I Been Pwn with 772,904,991 new email addresses and lots of passwords after finding 87GB of leaked passwords and email addresses by the MEGA cloud storage provider.
There was a massive data breach at the Oklahoma Securities Commission with millions of files containing decades worth of confidential case file intelligence from the agency and sensitive FBI investigation source materials leaked.
Hackers broke into an SEC database and made millions from inside info.
Malicious former employee installed Raspberry Pi in the company network closet, but the Reddit crowd helped with the investigation.
Great blog post about the factors in authentication. The more factors to be used, the bigger headache from the enrollment procedures.
Noise Protocol Framework Explorer created by Nadim Kobeissi now supports generating secure implementations in Go for any arbitrary Noise Handshake Pattern.
CERT Poland (CERT Polska) opens access to its malware database (MWDB).