vulnerabilities – Page 10 – SSL and internet security news

Vulnerability Finding Using Machine Learning

April 20, 2020 infossl

artificialintelligence, cloudcomputing, cybersecurity, machinelearning, microsoft, Security technology, securityengineering, vulnerabilities

Microsoft is training a machine-learning system to find software bugs: At Microsoft, 47,000 developers generate nearly 30 thousand bugs a month. These items get stored across over 100 AzureDevOps and GitHub repositories. To better label and prioritize bugs at that scale, we couldn’t just apply more people to the problem. However, large volumes of semi-curated … Read More “Vulnerability Finding Using Machine Learning” »

Security and Privacy Implications of Zoom

April 3, 2020 infossl

backdoors, datacollection, encryption, privacy, Security technology, vulnerabilities

Over the past few weeks, Zoom’s use has exploded since it became the video conferencing platform of choice in today’s COVID-19 world. (My own university, Harvard, uses it for all of its classes. Boris Johnson had a cabinet meeting over Zoom.) Over that same period, the company has been exposed for having both lousy privacy … Read More “Security and Privacy Implications of Zoom” »

Work-from-Home Security Advice

March 19, 2020 infossl

covid19, epidemiology, infrastructure, Security technology, securityawareness, vpn, vulnerabilities

SANS has made freely available its “Work-from-Home Awareness Kit.” When I think about how COVID-19’s security measures are affecting organizational networks, I see several interrelated problems: One, employees are working from their home networks and sometimes from their home computers. These systems are more likely to be out of date, unpatched, and unprotected. They are … Read More “Work-from-Home Security Advice” »

The Insecurity of WordPress and Apache Struts

March 18, 2020 infossl

apache, reports, Security technology, securityengineering, vulnerabilities

Interesting data: A study that analyzed all the vulnerability disclosures between 2010 and 2019 found that around 55% of all the security bugs that have been weaponized and exploited in the wild were for two major application frameworks, namely WordPress and Apache Struts. The Drupal content management system ranked third, followed by Ruby on Rails … Read More “The Insecurity of WordPress and Apache Struts” »

LA Covers Up Bad Cybersecurity

March 11, 2020 infossl

coverups, cybersecurity, Security technology, utilities, vulnerabilities

This is bad in several dimensions. The Los Angeles Department of Water and Power has been accused of deliberately keeping widespread gaps in its cybersecurity a secret from regulators in a large-scale coverup involving the city’s mayor. Powered by WPeMatico

Security of Health Information

March 5, 2020 infossl

cybersecurity, epidemiology, essays, medicine, nationalsecuritypolicy, privacy, Security technology, securitypolicies, vulnerabilities

The world is racing to contain the new COVID-19 virus that is spreading around the globe with alarming speed. Right now, pandemic disease experts at the World Health Organization (WHO), the US Centers for Disease Control and Prevention (CDC), and other public-health agencies are gathering information to learn how and where the virus is spreading. … Read More “Security of Health Information” »

Let’s Encrypt Vulnerability

March 4, 2020 infossl

certificates, encryption, Security technology, vulnerabilities

The BBC is reporting a vulnerability in the Let’s Encrypt certificate service: In a notification email to its clients, the organisation said: “We recently discovered a bug in the Let’s Encrypt certificate authority code. “Unfortunately, this means we need to revoke the certificates that were affected by this bug, which includes one or more of … Read More “Let’s Encrypt Vulnerability” »

Wi-Fi Chip Vulnerability

March 3, 2020 infossl

encryption, hacking, hardware, patching, Security technology, vulnerabilities, wifi

There’s a vulnerability in Wi-Fi hardware that breaks the encryption: The vulnerability exists in Wi-Fi chips made by Cypress Semiconductor and Broadcom, the latter a chipmaker Cypress acquired in 2016. The affected devices include iPhones, iPads, Macs, Amazon Echos and Kindles, Android devices, and Wi-Fi routers from Asus and Huawei, as well as the Raspberry … Read More “Wi-Fi Chip Vulnerability” »

Hacking McDonald’s for Free Food

February 18, 2020 infossl

authentication, hacking, Security technology, vulnerabilities

This hack was possible because the McDonald’s app didn’t authenticate the server, and just did whatever the server told it to do: McDonald’s receipts in Germany end with a link to a survey page. Once you take the survey, you receive a coupon code for a free small beverage, redeemable within a month. One day, … Read More “Hacking McDonald’s for Free Food” »

Voatz Internet Voting App Is Insecure

February 17, 2020 infossl

academicpapers, android, blockchain, Security technology, voting, vulnerabilities

This paper describes the flaws in the Voatz Internet voting app: “The Ballot is Busted Before the Blockchain: A Security Analysis of Voatz, the First Internet Voting Application Used in U.S. Federal Elections.” Abstract: In the 2018 midterm elections, West Virginia became the first state in the U.S. to allow select voters to cast their … Read More “Voatz Internet Voting App Is Insecure” »