vulnerabilities – Valerian's Realm

Apple Is Going To Make It Harder to Hack iPhones With Zero-Click Attacks

Apple is going to make one of the most powerful types of attacks on iPhones much harder to pull off in an upcoming update of iOS. From a report: The company quietly made a new change in the way it secures the code running in its mobile operating system. The change is in the beta version of the next iOS version,…

Are Texas Blackouts a Warning About the Follow-on Effects of Climate Change?

This week in America, “continent-spanning winter storms triggered blackouts in Texas, Oklahoma, Mississippi and several other states,” reports the New York Times. But that was just the beginning… One-third of oil production in the nation was halted. Drinking-water systems in Ohio were knocked offline. Road networks nationwide were paralyzed and vaccination efforts in 20 states were disrupted. The crisis carries a…

After Researchers Raise Spying Concerns, Clubhouse Promises Blocks on Transmitting to Chinese Servers

“The developers of audio chat room app Clubhouse plan to add additional encryption to prevent it from transmitting pings to servers in China,” reports The Verge, “after Stanford researchers said they found vulnerabilities in its infrastructure.” In a new report, the Stanford Internet Observatory (SIO) said it confirmed that Shanghai-based company Agora Inc., which makes real-time engagement software, “supplies back-end infrastructure…

Swiss Company Claims Weakness Found in Post-Quantum Encryption, Touts Its New Encryption Protocol

“A Swiss technology company says it has made a breakthrough by using quantum computers to uncover vulnerabilities in commonly used encryption,” reports Bloomberg: Terra Quantum AG said its discovery “upends the current understanding of what constitutes unbreakable” encryption… Terra Quantum AG has a team of about 80 quantum physicists, cryptographers and mathematicians, who are based in Switzerland, Russia, Finland and the…

Suspected Russian Hack Extends Far Beyond SolarWinds Software, Investigators Say

Investigators probing a massive hack of the U.S. government and businesses say they have found concrete evidence the suspected Russian espionage operation went far beyond the compromise of the small software vendor publicly linked to the attack. From a report: Close to a third of the victims didn’t run the SolarWinds software initially considered the main avenue of attack for the…

How DNSpooq Attacks Could Poison DNS Cache Records

Earlier this week security experts disclosed details on seven vulnerabilities impacting Dnsmasq, “a popular DNS software package that is commonly deployed in networking equipment, such as routers and access points,” reports ZDNet. “The vulnerabilities tracked as DNSpooq, impact Dnsmasq, a DNS forwarding client for *NIX-based operating systems.” Slashdot reader Joe2020 shared Help Net Security’s quote from Shlomi Oberman, CEO and researcher…

Wasmer 1.0 Can Run WebAssembly ‘Universal Binaries’ on Linux, MacOS, Windows, Android, and iOS

The WebAssembly portable binary format will now have wider support from Wasmer, the server-side runtime which “allows universal binaries compiled from C++, Rust, Go, Python, and other languages to run on different operating systems and in web browsers without modification,” reports InfoWorld: Wasmer can run lightweight containers based on WebAssembly on a variety of platforms — Linux, MacOS, Windows, Android, iOS…

NVIDIA Fixes High Severity Flaws Affecting Windows, Linux devices

Bleeping Computer reports: NVIDIA has released security updates to address six security vulnerabilities found in Windows and Linux GPU display drivers, as well as ten additional flaws affecting the NVIDIA Virtual GPU (vGPU) management software. The vulnerabilities expose Windows and Linux machines to attacks leading to denial of service, escalation of privileges, data tampering, or information disclosure. All these security bugs…

Sealed US Court Records Exposed In SolarWinds Breach

An anonymous reader quotes a report from Krebs On Security: The ongoing breach affecting thousands of organizations that relied on backdoored products by network software firm SolarWinds may have jeopardized the privacy of countless sealed court documents on file with the U.S. federal court system, according to a memo released Wednesday by the Administrative Office (AO) of the U.S. Courts. The…

Is the US Government’s Cybersecurity Agency Up to the Job?

CNN reports that some critics are now questioning whether America’s Cybersecurity and Infrastructure Security Agency (CISA) is equipped to protect the integrity of government systems from adversaries: Some of the nearly half-dozen government agencies affected by the hack have recently reached out to CISA for help with addressing the known vulnerabilities that were exploited in the attack but were told the…