Matthew Green, a cryptographer and professor at Johns Hopkins University, shares in a series of tweets: My students Max and Tushar Jois spent most of the summer going through every piece of public documentation, forensics report, and legal document we could find to figure out how police were “breaking phone encryption.” This was prompted by a claim from someone knowledgeable, who…
Tag: exploit
China Accused of Spying On Americans Via Caribbean Phone Networks
“A mobile security expert has accused China of exploiting cellphone networks in the Caribbean to conduct ‘mass surveillance’ on Americans,” reports Newsweek: Gary Miller, a former vice president of network security at California-based analytics company Mobileum, told The Guardian he had amassed evidence of espionage conducted via “decades-old vulnerabilities” in the global telecommunications system. While not explicitly mentioned in the report,…
Raspberry Pi Used To Hack Tesla Model X SUV Key Fob
Pig Hogger (Slashdot reader #10,379) writes: According to this Tom’s Hardware story, a Belgian PhD student managed to wrest full control of a Tesla Model X SUV, by way of hijacking the Bluetooth keyfob and reprogramming it, using a Raspberry Pi. Tesla has since issued a software update to protect against that kind of attack Since the attack is done via…
A Hacker is Selling Access To the Email Accounts of Hundreds of C-Level Executives
A threat actor is currently selling passwords for the email accounts of hundreds of C-level executives at companies across the world. From a report: The data is being sold on a closed-access underground forum for Russian-speaking hackers named Exploit.in, ZDNet has learned this week. The threat actor is selling email and password combinations for Office 365 and Microsoft accounts, which he…
Apple Lets Some Network Traffic Bypass Firewalls on MacOS Big Sur
“Security researchers are blasting Apple for a feature in the latest Big Sur release of macOS that allows some Apple apps to bypass content filters and VPNs…” reports Threatpost. “While users assumed Apple would fix the flaw before the OS emerged from beta into full release, this doesn’t appear to have happened.” “Beginning with macOS Catalina released last year, Apple added…
Maze, a Notorious Ransomware Group, Says It’s Shutting Down
One of the most active and notorious data-stealing ransomware groups, Maze, says it is “officially closed.” From a report: The announcement came as a waffling statement, riddled with spelling mistakes, and published on its website on the dark web, which for the past year has published vast troves of stolen internal documents and files from the companies it targeted, including Cognizant,…
Hackers Can Now Reverse Engineer Intel Updates Or Write Their Own Custom Firmware
An anonymous reader quotes a report from Ars Technica: Researchers have extracted the secret key that encrypts updates to an assortment of Intel CPUs, a feat that could have wide-ranging consequences for the way the chips are used and, possibly, the way they’re secured. The key makes it possible to decrypt the microcode updates Intel provides to fix security vulnerabilities and…
The Battle Over Chips is About to Get Uglier
“We’re in a new world where governments are more concerned about the security of their digital infrastructure and the resiliency of their supply chains,” Jimmy Goodrich, vice president of global policy with the Washington-based Semiconductor Industry Association, tells Bloomberg. “The techno-nationalist trends gaining traction in multiple capitals around the world are a challenge to the semiconductor industry.” At once highly globalized…
Google Patched an Actively-Exploited Zero-Day Bug in Chrome
“Google released an update to its Chrome browser that patches a zero-day vulnerability in the software’s FreeType font rendering library that was actively being exploited in the wild, Threatpost reported this week: Security researcher Sergei Glazunov of Google Project Zero discovered the bug which is classified as a type of memory-corruption flaw called a heap buffer overflow in FreeType. Glazunov informed…
America’s FBI Warns of Security Risks in Using Hotel Wi-Fi
“Most users don’t seem to realize the severity of the risks they’re subjecting themselves to while using hotel Wi-Fi networks,” writes Windows Report, noting that America’s FBI “issued a Public Service Announcement concerning the risks of using hotel Wi-Fi networks while teleworking.” Apparently, more and more U.S. hotels started advertising room reservations during the daytime for those who seek a distraction-free…