hacking, locks, Security technology, sidechannelattacks, vulnerabilities
Several high-security electronic locks are vulnerable to side-channel attacks involving power monitoring. Powered by WPeMatico
Category: vulnerabilities
Auto Added by WPeMatico
backdoors, Security technology, securityengineering, supplychain, vulnerabilities
Electron is a cross-platform development system for many popular communications apps, including Skype, Slack, and WhatsApp. Security vulnerabilities in the update system allows someone to silently inject malicious code into applications. From a news article: At the BSides LV security conference on Tuesday, Pavel Tsakalidis demonstrated a tool he created called BEEMKA, a Python-based tool … Read More “Supply-Chain Attack against the Electron Development Platform” »
Security technology, securityengineering, softwareliability, vulnerabilities
According to a survey: “68% of the security professionals surveyed believe it’s a programmer’s job to write secure code, but they also think less than half of developers can spot security holes.” And that’s a problem. Nearly half of security pros surveyed, 49%, said they struggle to get developers to make remediation of vulnerabilities a … Read More “Software Developers and Security” »
cameras, disclosure, exploits, patching, Security technology, vulnerabilities
The Zoom conferencing app has a vulnerability that allows someone to remotely take over the computer’s camera. It’s a bad vulnerability, made worse by the fact that it remains even if you uninstall the Zoom app: This vulnerability allows any website to forcibly join a user to a Zoom call, with their video camera activated, … Read More “Zoom Vulnerability” »
attribution, cellphones, datacollection, espionage, hacking, metadata, Security technology, vulnerabilities
A sophisticated attacker has successfuly infiltrated cell providers to collect information on specific users: The hackers have systematically broken in to more than 10 cell networks around the world to date over the past seven years to obtain massive amounts of call records — including times and dates of calls, and their cell-based locations — … Read More “Cell Networks Hacked by (Probable) Nation-State Attackers” »
cisco, hardware, Security technology, vulnerabilities
Summary: Thangrycat is caused by a series of hardware design flaws within Cisco’s Trust Anchor module. First commercially introduced in 2013, Cisco Trust Anchor module (TAm) is a proprietary hardware security module used in a wide range of Cisco products, including enterprise routers, switches and firewalls. TAm is the root of trust that underpins all … Read More “Thangrycat: A Serious Cisco Vulnerability” »
hardware, intel, Security technology, vulnerabilities
Remember the Spectre and Meltdown attacks from last year? They were a new class of attacks against complex CPUs, finding subliminal channels in optimization techniques that allow hackers to steal information. Since their discovery, researchers have found additional similar vulnerabilities. A whole bunch more have just been discovered. I don’t think we’re finished yet. A … Read More “Another Intel Chip Flaw” »
attribution, exploits, patching, Security technology, vulnerabilities, whatsapp
WhatsApp fixed a devastating vulnerability that allowed someone to remotely hack a phone by initiating a WhatsApp voice call. The recipient didn’t even have to answer the call. The Israeli cyber-arms manufacturer NSO Group is believed to be behind the exploit, but of course there is no definitive proof. If you use WhatsApp, update your … Read More “WhatsApp Vulnerability Fixed” »
china, disclosure, hacking, nsa, russia, Security technology, vulnerabilities, zeroday
In 2016, a hacker group calling itself the Shadow Brokers released a trove of 2013 NSA hacking tools and related documents. Most people believe it is a front for the Russian government. Since, then the vulnerabilities and tools have been used by both government and criminals, and put the NSA’s ability to secure its own … Read More “Leaked NSA Hacking Tools” »
backdoors, france, Security technology, vulnerabilities
A researcher found a vulnerability in the French government WhatsApp replacement app: Tchap. The vulnerability allows anyone to surreptitiously join any conversation. Of course the developers will fix this vulnerability. But it is amusing to point out that this is exactly the backdoor that GCHQ is proposing. Powered by WPeMatico