exploit – Valerian's Realm

Hackers Exploit Websites To Give Them Excellent SEO Before Deploying Malware

schwit1 shares a report from ZDNet: Cyberattackers have turned to search engine optimization (SEO) techniques to deploy malware payloads to as many victims as possible. According to Sophos, the so-called search engine “deoptimization” method includes both SEO tricks and the abuse of human psychology to push websites that have been compromised up Google’s rankings. SEO optimization is used by webmasters to…

Hackers Release a New Jailbreak Tool For Almost Every iPhone

An iPhone hacking team has released a new jailbreak tool for almost every iPhone, including the most recent models, by using the same vulnerability that Apple last month said was under active attack by hackers. TechCrunch reports: The Unc0ver team released its latest jailbreak this weekend, and says it works on iOS 11 (iPhone 5s and later) to iOS 14.3, which…

Apple Is Going To Make It Harder to Hack iPhones With Zero-Click Attacks

Apple is going to make one of the most powerful types of attacks on iPhones much harder to pull off in an upcoming update of iOS. From a report: The company quietly made a new change in the way it secures the code running in its mobile operating system. The change is in the beta version of the next iOS version,…

Quantum computing: When ignorance is wanted

Quantum computers promise not only to outperform classical machines in certain important tasks, but also to maintain the privacy of data processing. The secure delegation of computations has been an increasingly important issue since the possibility of utilizing cloud computing and cloud networks. Of particular interest is the ability to exploit quantum technology that allows for unconditional security, meaning that no…

Sennheiser Says It’s Open To Selling Its Consumer Audio Business

Sennheiser announced on Tuesday it’s looking for a new partner to buy its consumer audio business, which consists of headphones and soundbars. From a report: It’s going to shift its focus entirely to professional audio, including its Neumann microphone division and what Sennheiser calls business communications. In a press release, Sennheiser says it wants to increase visibility in the competitive headphone…

US Intelligence Officials Say Chinese Government Is Collecting Americans’ DNA

schwit1 shares a report from CBS News: The largest biotech firm in the world wasted no time in offering to build and run COVID testing labs in Washington, contacting its governor right after the first major COVID outbreak in the U.S. occurred there. The Chinese company, the BGI Group, made the same offer to at least five other states, including New…

After SolarWinds Breach, Lawmakers Ask NSA for Help in Cracking Juniper Cold Case

As the U.S. investigation into the SolarWinds hacking campaign grinds on, lawmakers are demanding answers from the National Security Agency about another troubling supply chain breach that was disclosed five years ago. From a report: A group of lawmakers led by Sen. Ron Wyden, D-Ore., are asking the NSA what steps it took to secure defense networks following a years-old breach…

Apple Adds ‘BlastDoor’ To Secure iOS From Zero-Click Attacks

wiredmikey shares a report from SecurityWeek.com: Apple has quietly added several anti-exploit mitigations into iOS in what appears to be a specific response to zero-click iMessage attacks observed in the wild. The new mitigations were discovered by Samuel Grob, a Google Project Zero security researcher, [with the first big addition being] a new, tightly sandboxed “BlastDoor” service that is now responsible…

Rediscovering RISC-V: Apple M1 Sparks Renewed Interest in Non-x86 Architecture

“With the runaway success of the new ARM-based M1 Macs, non-x86 architectures are getting their closeup,” explains a new article at ZDNet. “RISC-V is getting the most attention from system designers looking to horn-in on Apple’s recipe for high performance. Here’s why…” RISC-V is, like x86 and ARM, an instruction set architecture (ISA). Unlike x86 and ARM, it is a free…

New Side-Channel Attack Can Recover Encryption Keys From Google Titan Security Keys

A duo of French security researchers has discovered a vulnerability impacting chips used inside Google Titan and YubiKey hardware security keys. From a report: The vulnerability allows threat actors to recover the primary encryption key used by the hardware security key to generate cryptographic tokens for two-factor authentication (2FA) operations. Once obtained, the two security researchers say the encryption key, an…