security

  1. U

    Zooms end to end encryption, not really end to end.

    UPDATE 2020-04-17: Zoom hires a bunch of security experts to help fix zero day exploits. https://www.thefpsreview.com/2020/04/17/zoom-invests-into-hiring-outside-security-experts-to-fix-exploits-as-hackers-are-selling-them-online/ UPDATE 2020-04-09: US Senate tells members to not use Zoom...
  2. C

    PC Security (UEFI / Secure Boot / TPM / Drive encryption)

    Hi - I'm very old skool and updating my approach to security because despite good basic habits, I still ended up with 2 rootkits. My work computers have all used these features (managed by IT) but I've neglected learning about them for personal use. What elements of PC configuration should I...
  3. C

    The best business VPN?

    Currently I'm looking for a trustable VPN for business. I was doing a research and found an article about 5 best VPN providers this year, but I want to hear feedback about them if you know one. Looks like the best deals has NordVPN Teams and Zscaler. How they work and which one you already have...
  4. GDI Lord

    Intel’s New Spectre-Like Flaw Affects Chips Made Since 2008

    Unless I missed it, this hasn't been posted here yet. #YAIF - Yet Another Intel Flaw. AMD once again not affected. https://www.tomshardware.com/news/intel-disable-hyper-threading-spectre-attack,39333.html https://www.amd.com/en/corporate/product-security
  5. Zarathustra[H]

    Monitor IoT Activity on your Network (by giving up privacy to Princeton Researchers)

    So, Many of us have been curious about what the hell our IoT is doing on our networks, how often it dials the mother ship and what it is sending. Researchers at Princeton University want to know too, and have started a project to collect data from IoT devices on your network to inform you, and...
  6. AlphaAtlas

    Ransomware Encourages Victims to Subscribe to PewDiePie

    PewDiePie's battle with Bollywood star T-Series has pushed some of his more enthusiastic fans to extremes. A group of hackers used printers to promote their favorite YouTuber last year, and more recently, they hacked their way into Smart TVs, Chromecasts, and Google Home devices. Now, recent...
  7. AlphaAtlas

    Logitech M185 and Other Mice are Vulnerable to Keystroke Injection

    According to a recent post on David Sopas' security blog, the very popular, and very cheap, Logitech M185 is vulnerable to a keystroke injection attack. Using a recent version of the "Bettercap" hacking toolkit and a 2.4ghz USB dongle, the security researcher used the mouse to open a script...
  8. AlphaAtlas

    DroneClash Turns Counter Drone Research Into a Sport

    As drones get cheaper and easier to control, security and safety issues related to their operation are becoming more important than ever. While governments are working on drone regulations, and some companies are already selling countermeasures to large organizations, a group of enthusiasts and...
  9. AlphaAtlas

    Study Claims 39% of Counter-Strike Servers are Infected With Malware

    In spite of the battle royale craze and a more modern sequel, the original Counter-Strike is still a massively popular game. The FPS had nearly 15,000 concurrent players at the time of this writing, and there are still thousands of registered 3rd party servers. However, a recent study from Dr...
  10. AlphaAtlas

    Citrix Hacked by a Cyberespionage Group

    Cloud service, VoIP and remote management software provider Citrix has reportedly been hit by an Irianian-linked hacker group. A little less than week ago, Citrix posted a notice on their website saying the FBI believed "international cyber criminals gained access to the internal Citrix...
  11. AlphaAtlas

    The Web's Creator Comments on Its Future

    The internet turned 30 this year, and CERN celebrated it with a long (and if I'm being honest, not particularly exciting) webcast featuring its creator, Sir Tim Berners-Lee. However, after the recent Cambridge Analytica data scandal and what seems like a new privacy/security related scandal...
  12. cageymaru

    Careless Employees Expose Sensitive Data as Public on the Cloud

    Adversis has discovered employees at numerous companies are sharing files by enabling public file sharing in Box Enterprise. This combined with the ability to brute force the the sub-domain, URL, and folder names of Box Enterprise accounts means that these sensitive files, documents, and more...
  13. AlphaAtlas

    Hackers Can Hijack Cars with Alarm Apps

    Security researchers from Pen Test Partners claim they've found serious security vulnerabilities in high end car alarm services from Viper and Pandora. In a quick demonstration, the researchers showed an potential attacker could pull up behind a moving vehicle with one of the commercial security...
  14. AlphaAtlas

    Google Discovers Vulnerabilities in Chrome and Windows 7

    Google just publicized a combination of zero-day exploits for Windows 7 and Chrome that are reportedly being exploited together in the wild. The bug in Chrome allegedly involved the browser's file reader, while the vulnerability in Windows "is a NULL pointer dereference in...
  15. AlphaAtlas

    New Speculative Execution Bug Allegedly Affects Intel CPUs

    Back in 2018, when the Spectre and Meltdown vulnerabilities were first publicized, many security experts feared that they opened a figurative Pandora's box. Those two exploits are part of a wider class of potential speculative execution flaws, and this week, those fears were realized, as...
  16. AlphaAtlas

    Windows 10 Update Mitigates Spectre Related Performance Slowdown

    A big Linux release over the weekend added the "Retpoline" Spectre mitigation to the Linux kernel, but BleepingComputer reports that Windows got the same treatment. Google shared the Retpoline software mitigation technique last year, shortly after they publicly revealed Spectre and Meltdown...
  17. cageymaru

    Comcast Sets Default Xfinity Mobile PIN to 0000 and Fraudsters Jump for Joy

    According to the Washington Post, Comcast extolled the advantages of setting the default PIN on Xfinity Mobile phone service accounts to 0000 as a convenience for its customers. "Comcast's help site for switching carriers suggests this is to make things easier: 'We don't require you to create an...
  18. AlphaAtlas

    Samsung Loads McAfee Antivirus Onto Smart TVs

    TechSpot reports that Samsung is pre-installing Mcafee Security on its 2019 TVs because McAfee is paying them to do it. As the publication points out, Samsung TVs run the partially open source, largely Samsung developed Tizen OS, so whatever software McAfee installs won't have much in common...
  19. AlphaAtlas

    PubG Corporation Patches Vulnerabilities and Arrests Hackers

    While Fortnite is the current king of the hill in the PC gaming world, and Apex Legends is one of the hottest new releases, PlayerUnknown's Battlegrounds is still immensely popular. The game still regularly has hundreds of thousands of concurrent players on Steam alone, and according to a recent...
  20. AlphaAtlas

    Malspam Exploits a WinRAR Security Hole

    Last week, researchers unveiled a 19 year old bug in an ancient ACE archive decompresser that, up until recently, shipped with modern builds of WinRAR. WinRAR's own website suggests that the software has a userbase of over 500 million, and while the latest beta versions of the software have...
  21. AlphaAtlas

    Latest Nvidia Drivers Patch Security Vulnerabilities

    Nvidia released the 419.17 drivers a few days ago, and as we noted, they featured a number of new SLI profiles, GPU video encoding improvements, and the usual round of bug fixes and enhancements. But yesterday, BleepingComputer found that the new drivers also came with fixes to a number of...
  22. cageymaru

    Android Receives FIDO2 Certification to Usher in a World Without Passwords

    The FIDO Alliance has announced that compatible devices running Android 7.0+ are now FIDO2 certified. FIDO2 certification allows these devices to have simpler, stronger authentication capabilities as users can utilize the device's built-in fingerprint sensor and/or FIDO security keys for secure...
  23. AlphaAtlas

    Researchers Find a 19 Year Old Bug In WinRAR

    Security researchers from Checkpoint have reportedly discovered a bug in WinRAR that just might be older than you. According to their bug report, recent version of WinRAR shipped with an ancient "unacev2.dll" file designed to decompress the equally ancient ACE archive format. A bug in the .dll...
  24. cageymaru

    Tesla Demonstrates Its New Security System Called Sentry Mode

    As we reported before, Tesla has added a new security feature to its cars called Sentry Mode. Sentry Mode uses the car's cameras to monitor its environment to detect potential threats. It will display a message on the touchscreen and record the encounter if the threat is minimal. But if it...
  25. cageymaru

    Password Manager Vulnerabilities Exposed

    A report from Independent Security Evaluators (ISE) showed that password manager security is acceptable in non-running states, but are vulnerable to memory attacks when in running states. Products from 1Password4, 1Password7, Dashlane, KeePass, and LastPass were tested in the report. For...
  26. AlphaAtlas

    Japanese Government Will Hack Their Citizen's IoT Devices

    Numerous security experts have (justifiably) expressed concern with the security of IoT devices that enter the market every day, But today, the Japanese government is doing something about it, as they will start testing the security of their own citizen's IoT devices. "NOTICE," as they call it...
  27. AlphaAtlas

    Rice Researchers Reveal Silicon Based Security Keys

    Integrated circuit designers from Rice University claim they've developed a digital fingerprint technology that is "10 times more reliable than current methods" used in IoT devices. Their "physically unclonable function," or PUF, supposedly uses physical imperfections in the security device's...
  28. AlphaAtlas

    Facebook Bug Would've Allowed for One Click Account Takeovers

    A security researcher spotted a bug in Facebook that would've allowed attackers to take over accounts from users that clicked on a single link. According to Youssef Sammouda, a vulnerable endpoint easily allowed him to makes posts on a user's timeline, delete profile picture, or delete accounts...
  29. AlphaAtlas

    Millions of Sensitive Swedish Medical Calls Leak Out

    According to a recent BBC report, about 2.7 million calls made to a Swedish national health service telephone line have been "exposed." The calls date back to 2013, and supposedly contain sensitive medical information and social security numbers, while Martin Svensson says that there was no...
  30. AlphaAtlas

    NATO Experiment Manipulated Soldiers Through Facebook

    The NATO Strategic Communications Centre of Excellence published a report on the challenges governments face with online security, and Wired managed to spot a particular interesting experiment within the multi-section report. As part of an experiment, the independent NATO organization used...
  31. AlphaAtlas

    Software Pirates are Allegedly Hijacking Apple's Enterprise Developer Certificates

    Apple's Developer Enterprise Program has gotten quite a bit of scrutiny after both Facebook and Google seemingly violated the program's guidelines. Now, Reuters reports that "software pirates" are abusing the program to distribute modified versions of apps that enable users to "stream music...
  32. AlphaAtlas

    Researchers Show Malicious Code Can Escape Intel SGX Enclaves

    Today, security researchers published a paper on techniques that can be used to "escape" an Intel Software Guard Extension enclave on modern CPUs. Sample code for the exploit has already been published on Github, and the researchers note that it was successfully tested on an i7-6700K and an...
  33. AlphaAtlas

    Criminals Are Still Exploiting SS7 Cellular Network Flaws

    Back in 2017, we posted several articles on how SS7 cellular network vulnerabilities are being exploited around the world. Back then, they were using exploits to intercept 2 factor authentication requests and location data. Now, according to a recent Motherboard report, hackers are commonly...
  34. cageymaru

    Google Launches Password Checkup Extension

    Google has announced a new extension for Google Chrome called Password Checkup that will monitor the passwords that you type into websites to see if they have been compromised in a third-party data breach. Google says it has access to over 4 billion credentials that have been compromised and...
  35. AlphaAtlas

    New Data Dump Contains Billions of Email and Password Pairs

    Following the leak of 773 million records from what security researchers call "Collection #1" earlier this month, experts are now saying that Collections #2 - #5" contain even more information. The Hasso Plattner Institute says that "around 2.2 billion e-mail addresses and the associated...
  36. AlphaAtlas

    Locking Out Law Enforcement Is an 'Unintended Side Effect' of New Android Security

    Apple has received both praise and criticism for their efforts to secure iDevices from everyone and everything, including law enforcement. Now, Motherboard reports that Rene Mayrhofer, Google's Director of Android Platform Security, is saying that Google is following in Apple's footsteps with...
  37. AlphaAtlas

    Engineers Automate Software Exploitation and Patching

    IEEE Spectrum reports that engineers from Carnegie Mellon University won a DARPA challenge to develop a machine that finds, and fixes, software exploits in bytecode all by itself. "Mayhem," as they call it, reportedly found over 14,000 unique vulnerabilities within the entire Debian Linux...
  38. AlphaAtlas

    Echodyne Wants to Test a Drone Tracking System at the Superbowl

    Citing an FCC application on Sunday, The Guardian reports that Echodyne, a company based out of Seattle, wants to operate experimental radar "'in the immediate vicinity' of Mercedes-Benz Stadium to 'alert security personnel, including federal officers, of any unidentified drone activity during...
  39. AlphaAtlas

    Facetime Bug Let Others Hear Audio Before Picking Up

    9to5Mac reports that a major bug in FaceTime allowed anyone with an iDevice running iOS 12.1 or latter to call someone else with FaceTime, and hear audio from their end without the other person ever picking up. Apparently, all you have to do is type your own phone number to the "add person"...
  40. AlphaAtlas

    Nest Users Are Getting Hacked Again

    AFP reports that Nest, a smart camera manufacturer founded by former Apple engineers and owned by Alphabet, is urging customers to use two factor authentication for their home systems. The plea comes after local media near San Francisco reported on a couple's trouble with a Nest camera mounted...
Top