Informations about SSL certificates and networks security
Auto Added by WPeMatico
TechCrunch is reporting — but not describing in detail — a vulnerability in a series of stalkerware apps that exposes personal information of the victims. The vulnerability isn’t in the apps installed on the victims’ phones, but in the website the stalker goes to view the information the app collects. The article is worth reading, … Read More “Vulnerability in Stalkerware Apps” »
The Open Source Security Foundation announced $10 million in funding from a pool of tech and financial companies, including $5 million from Microsoft and Google, to find vulnerabilities in open source projects: The “Alpha” side will emphasize vulnerability testing by hand in the most popular open-source projects, developing close working relationships with a handful of … Read More “Finding Vulnerabilities in Open Source Projects” »
It’s a privilege escalation vulnerability: Linux users on Tuesday got a major dose of bad news — a 12-year-old vulnerability in a system tool called Polkit gives attackers unfettered root privileges on machines running most major distributions of the open source operating system. Previously called PolicyKit, Polkit manages system-wide privileges in Unix-like OSes. It provides … Read More “Twelve-Year-Old Linux Vulnerability Discovered and Patched” »
Log4j is being exploited by all sorts of attackers, all over the Internet: At that point it was reported that there were over 100 attempts to exploit the vulnerability every minute. “Since we started to implement our protection we prevented over 1,272,000 attempts to allocate the vulnerability, over 46% of those attempts were made by … Read More “More Log4j News” »
Really interesting research demonstrating how to hide vulnerabilities in source code by manipulating how Unicode text is displayed. It’s really clever, and not the sort of attack one would normally think about. From Ross Anderson’s blog: We have discovered ways of manipulating the encoding of source code files so that human viewers and compilers see … Read More “Hiding Vulnerabilities in Source Code” »
The Missouri governor wants to prosecute the reporter who discovered a security vulnerability in a state’s website, and then reported it to the state. The newspaper agreed to hold off publishing any story while the department fixed the problem and protected the private information of teachers around the state. […] According to the Post-Dispatch, one … Read More “The Missouri Governor Doesn’t Understand Responsible Disclosure” »
Citizen Lab released a report on a zero-click iMessage exploit that is used in NSO Group’s Pegasus spyware. Apple patched the vulnerability; everyone needs to update their OS immediately. News articles on the exploit. Powered by WPeMatico
Yet another article on the privacy risks of static MAC addresses and always-on Bluetooth connections. This one is about wireless headphones. The good news is that product vendors are fixing this: Several of the headphones which could be tracked over time are for sale in electronics stores, but according to two of the manufacturers NRK … Read More “Tracking People by their MAC Addresses” »
If you plug a Razer peripheral (mouse or keyboard, I think) into a Windows 10 or 11 machine, you can use a vulnerability in the Razer Synapse software — which automatically downloads — to gain SYSTEM privileges. It should be noted that this is a local privilege escalation (LPE) vulnerability, which means that you need … Read More “Interesting Privilege Escalation Vulnerability” »
Cobolt Strike is a security tool, used by penetration testers to simulate network attackers. But it’s also used by attackers — from criminals to governments — to automate their own attacks. Researchers have found a vulnerability in the product. The main components of the security tool are the Cobalt Strike client — also known as … Read More “Cobolt Strike Vulnerability Affects Botnet Servers” »