chicksdaddy writes: The Security Ledger reports that a flaw in Zoom’s Keybase secure chat application left copies of images contained in secure communications on Keybase users’ computers after they were supposedly deleted, according to researchers from the security research group Sakura Samurai. The flaw in the encrypted messaging application, CVE-2021-23827 does not expose Keybase users to remote compromise. However, it could…
Tag: security research
World’s Worst Internet Shutdowns Cost India $2.8 Billion in 2020
Internet shutdowns cost India $2.8 billion, putting the South Asian nation at the top of a list of 21 countries that curbed citizens’ web access in 2020. From a report: India — the second-worst-hit nation by the Covid-19 pandemic in terms of overall confirmed infections — accounted for about three-quarters of the $4 billion lost worldwide to internet curbs. Its losses…
Apple Loses Copyright Battle Against Security Startup Corellium
krakman writes: Corellium, a security research firm sued by Apple, has won a major legal victory against the iPhone maker. In a ruling that has wide-reaching implications for iPhone security research and copyright law, a federal judge in Florida threw out Apple’s claims that Corellium had violated copyright law with its software, which helps security researchers find bugs and security holes…
Microsoft: a Second, Different Threat Actor Had Also Infected SolarWinds With Malware
Reuters reports:
A second hacking group, different from the suspected Russian team now associated with the major SolarWinds data breach, also targeted the company’s products earlier this year, according to a security research blog by Microsoft. “The investigation of the whole SolarWinds compromise led to the discovery of an additional malware that also affects the SolarWinds Orion product but has been determined…
Ubuntu Patches Bug That Tricked Gnome Desktop Into Giving Root Access
“Ubuntu developers have fixed a series of vulnerabilities that made it easy for standard users to gain coveted root privileges,” reports Ars Technica: “This blog post is about an astonishingly straightforward way to escalate privileges on Ubuntu,” Kevin Backhouse, a researcher at GitHub, wrote in a post published on Tuesday. “With a few simple commands in the terminal, and a few…
235 Million Instagram, TikTok and YouTube User Profiles Exposed In Massive Data Leak
An anonymous reader quotes a report from Forbes: The security research team at Comparitech today disclosed how an unsecured database left almost 235 million Instagram, TikTok and YouTube user profiles exposed online in what can only be described as a massive data leak. The data was spread across several datasets; the most significant being two coming in at just under 100…
Researcher Discovers New ‘HTTP Request Smuggling Attack’ Variants
Some scary new variants of “HTTP request smuggling” have been discovered by Amit Klein, VP of security research at SafeBreach, reports Security Week:
Specifically, an HTTP request smuggling attack, which can be launched remotely over the internet, can allow a hacker to bypass security controls, gain access to sensitive data, and compromise other users of the targeted app. While the attack method…