Hope no one's created guest networks called '%Free %Coffee at %Starbucks' Joining a Wi-Fi network with a specific sequence of characters in its SSID name will break wireless connectivity for iOS devices. Thankfully the bug looks to be little more than an embarrassment and inconvenience.... [...]
Try it with phish'n'chips Google has proposed a framework called SLSA for dealing with supply chain attacks, a security risk exemplified by the recent compromise of the SolarWinds Orion IT monitoring platform.... [...]
One of six guys charged over Infinera, Fortinet securities A teacher who knew too much about some of Silicon Valley's financial figures has been charged with insider dealing by the US Securities and Exchange Commission, along with five alleged accomplices.... [...]
Error handling? Nah, let's just unlock everything and be done with it A seven-year-old privilege escalation vulnerability that's been lurking in several Linux distributions was patched last week in a coordinated disclosure.... [...]
Boffins find flaw in web security that enables certificate confusion Academics from three German universities have found a vulnerability in the Transport Layer Security (TLS) protocol that under limited circumstances allows the theft of session cookies and enables cross-site scripting attacks.... [...]
Feds, facing pushback over constitutional concerns, say they no longer need the data after all The FBI on Saturday withdrew a subpoena issued to USA Today's parent company Gannett in April to find out who read an online news story published in February about a shootout that led to …
No new hardware though loads of bits and bytes for software makers WWDC Apple on Monday opened its 2021 Worldwide Developer Conference by promising a raft of operating system and privacy improvements – including a relay system to anonymize Safari connections, and randomized email addresses for online account signups.... [...]
No new hardware though loads of bits and bytes for software makers WWDC Apple on Monday opened its 2021 Worldwide Developer Conference by promising a raft of operating system and privacy improvements – including a Tor-like relay system to anonymize Safari connections, and randomized email addresses for online account signups …
We'll explain everything for you The US Supreme Court on Thursday limited the scope of the 1986 Computer Fraud and Abuse Act (CFAA) in a ruling that found a former sergeant did not violate the law by misusing his access to a police database.... [...]
Info-stealing scheme, attributed to Russia-affiliated crew, relied on spoof USAID marketing messages Uncle Sam on Tuesday said it had seized two web domains used to foist malware on victims using spoofed emails from the US Agency for International Development (USAID).... [...]
M1RACLES flaw looks more embarrassing than dangerous Apple's Arm-based M1 chip, much ballyhooed for its performance, contains a design flaw that can be exploited to allow different processes to quietly communicate with one another, in violation of operating system security principles.... [...]
Brit thrown in the clink for 13 years after 'palm-print' lifted from internet photo A drug dealer's ham-handed OPSEC allowed British police to identify him from a picture of him holding a block of cheese, which led to his arrest, guilty plea, and a sentence of 13 years and …
Boffins find increasing MAC address randomization protection with mobiles In 2017, US Naval Academy researchers found that MAC address randomization in mobile devices was largely worthless as a privacy defense. Three years later, the same research group took another look and found that while there's been meaningful improvement, many …
By probing for installed apps with custom URL schemes, it's possible to build a 32-bit unique fingerprint FingerprintJS, maker of a browser-fingerprinting library for fraud prevention, on Thursday said it has identified a more dubious fingerprinting technique capable of generating a consistent identifier across different desktop browsers, including the …
You gotta work hard for those three-bytes-a-second transfers, though Apple's Find My network, used to locate iOS and macOS devices – and more recently AirTags and other kit – also turns out to be a potential espionage tool.... [...]
Dozen design, implementation blunders date back 24 years A dozen Wi-Fi design and implementation flaws make it possible for miscreants to steal transmitted data and bypass firewalls to attack devices on home networks, according to security researcher Mathy Vanhoef.... [...]
Plus: Grab your updates for Adobe, SAP, Android, Intel Patch Tuesday Microsoft's May Patch Tuesday brought a lighter-than-usual load of 55 fixes for 32 of the Windows giant's applications and services, which is about half what was served up in April.... [...]
World Password Day returns to remind us how much passwords suck Google has marked World Password Day by declaring "passwords are the single biggest threat to your online security," and announcing plans to automatically add multi-step authentication to its users' accounts.... [...]
Terms and conditions apply Version 90 of Google's Chrome browser includes a bit of extra security for users of recent versions of Windows and the latest x86 processors, in the form of hardware-enforced stack protection.... [...]
'RotaJakiro' now on infosec world's radar, its impact has yet to be determined Chinese security outfit Qihoo 360 Netlab on Wednesday said it has identified Linux backdoor malware that has remained undetected for a number of years.... [...]
No, not the US government's task force... the other one The Institute for Security and Technology's Ransomware Task Force (RTF) on Thursday published an 81-page report presenting policy makers with 48 recommendations to disrupt the ransomware business and mitigate the effect of such attacks.... [...]
Crucial flaw won't be fixed until next month Dozens of defense companies, government agencies, and financial organizations in America and abroad appear to have been compromised by China via vulnerabilities in their Pulse Connect Secure VPN appliances – including a zero-day flaw that won't be patched until next month.... [...]
Lessons learned and mission accomplished, apparently The US government's response groups for dealing with recent SolarWinds and Microsoft Exchange vulnerabilities have reached the end of the road.... [...]
ioXt Alliance aims to bring 'transparency and visibility' On Thursday the ioXt Alliance, an Internet of Things (IoT) security trade group backed by some of the biggest names in the business, introduced a set of baseline standards for mobile apps, in the hope that IoT security may someday be …
Firefox 'fully compromised' in 15 minutes via SMASH attack Boffins from Vrije Universiteit in Amsterdam and ETH in Zurich have bypassed memory chip defenses to execute a successful browser-based Rowhammer side-channel attack dubbed SMASH.... [...]