Unpatched bug in iOS 13.3.1 and later stops VPNs from encrypting all connections

Unpatched bug in iOS 13.3.1 and later stops VPNs from encrypting all connections

The VPN bypass bug in iOS 13.3.1 and later causes some internet connections to continue with their original, unencrypted connection – which is a security and privacy concern.Caleb Chen is a digital currency and privacy advocate who believes we must #KeepOurNetFree, preferably through decentralization.

Microsoft discloses new Windows vulnerability that’s being actively exploited

Microsoft discloses new Windows vulnerability that’s being actively exploited

Microsoft disclosed a new remote code execution vulnerability today that can be found in all supported versions of Windows and is currently being exploited in “limited targeted attacks” (via TechCrunch).Microsoft patches Windows 10 security flaw discovered by the NSA.

KrØØk WiFi vulnerability affected WiFi encryption on over a billion devices

KrØØk WiFi vulnerability affected WiFi encryption on over a billion devices

A vulnerability in Broadcom and Cypress WiFi chips makes it possible for attackers on your local WiFi network to decrypt your WPA2 encrypted internet traffic.

5 years of Intel CPUs and chipsets have a concerning flaw that’s unfixable

5 years of Intel CPUs and chipsets have a concerning flaw that’s unfixable

While Intel has issued patches to lessen the damage of exploits and make them harder, security firm Positive Technologies said the mitigations may not be enough to fully protect systems.

Critical Bluetooth Vulnerability in Android (CVE-2020-0022)

Critical Bluetooth Vulnerability in Android (CVE-2020-0022)

If you have no patch available yet or your device is not supported anymore, you can try to mitigate the impact by some generic behavior rules: Only enable Bluetooth if strictly necessary.

Telegram Founder on WhatsApp Hacks: Backdoors Are Camouflaged as Security Flaws

Telegram Founder on WhatsApp Hacks: Backdoors Are Camouflaged as Security Flaws

Durov says that despite iOS devices having “loads of privacy-related issues,”, WhatsApp is the culprit here, as the corrupt video vulnerability exposes not only iPhones, but also Android and Windows Phone devices.

More Details On Intel's CVE-2019-14615 Graphics Vulnerability, a.k.a. iGPU Leak

More Details On Intel's CVE-2019-14615 Graphics Vulnerability, a.k.a. iGPU Leak

As for CVE-2019-14615 the Intel graphics vulnerability disclosed this week affecting Gen7 through Gen9 graphics architectures, it's been dubbed "iGPU Leak" by the researchers involved.They dub this vulnerability "iGPU Leak" and describe it as an information leakage vulnerability on the Intel integrated GPU architecture.

US government urges everyone to update Mozilla Firefox to v72.0.1 because of an active exploit that allows remote code execution

US government urges everyone to update Mozilla Firefox to v72.0.1 because of an active exploit that allows remote code execution

Remote code execution is the holy grail of zero day vulnerabilities, and the fact that one of the most popular privacy and security focused browsers in the world had such a flaw should be a massive wake up call to internet browser users around the world.

Release v1.3.2 & v1.2.2 - Fix for persistent XSS vulnerability in filenames of attached files

Release v1.3.2 & v1.2.2 - Fix for persistent XSS vulnerability in filenames of attached files

This release includes an improved solution, which addresses the issue on a broader scope, avoiding this to reoccur in other areas of the code in the future.

Firefox attacks: Homeland Security urges all users to update browsers immediately in rare warning

Firefox attacks: Homeland Security urges all users to update browsers immediately in rare warning

The issue is this: Firefox versions for desktop older than the just-patched version contain a critical vulnerability that could allow an attacker to take control of a user’s entire operating system—whether they use Windows or Mac. More alarming, the vulnerability is already being exploited in the wild, thus Homeland Security stepping in with the urgent plea for users to upgrade.

Firefox gets patch for critical 0-day that’s being actively exploited

Firefox gets patch for critical 0-day that’s being actively exploited

Mozilla has released a new version of Firefox that fixes an actively exploited zero-day that could allow attackers to take control of users' computers.In an advisory, Mozilla rated the vulnerability critical and said it was "aware of targeted attacks in the wild abusing this flaw."

TikTok on the clock, and the hacking won't stop: SMS spoofing vuln let baddies twiddle teens' social media videos

TikTok on the clock, and the hacking won't stop: SMS spoofing vuln let baddies twiddle teens' social media videos

TikTok, a mobile video app popular with teens, was vulnerable to SMS spoofing attacks that could have led to the extraction of private information, according to infosec researchers.Research from Israeli outfit Check Point found that an attacker could send a spoofed SMS message to a user containing a malicious link.

New Intel CPU Vulnerability Puts Protected Data At Risk

New Intel CPU Vulnerability Puts Protected Data At Risk

Intel CPUs are at the center of controversy once again as yet another vulnerability is discovered by Cybersecurity researchers.According to their findings, the security vulnerability can compromise SGX (software guard extensions) protected by undervolting the CPU when executing protected computations, to the degree that the SGX memory encryption failed to protect data.

Private Internet Access updates Linux desktop client to prevent against [CVE-2019-14899]

Private Internet Access updates Linux desktop client to prevent against [CVE-2019-14899]

[CVE-2019-14899] affects many different types of VPN protocols including OpenVPN, WireGuard, and IKEv2/IPSec. Private Internet Access has released an update to its Linux client that mitigates [CVE-2019-14899] from being used to infer any information about our users’ VPN connections.

‘Delete WhatsApp unless you're OK with surveillance,’ founder of rival Telegram messenger warns

‘Delete WhatsApp unless you're OK with surveillance,’ founder of rival Telegram messenger warns

WhatsApp is a “Trojan horse” exploited to snoop on millions of users naive enough to believe that the Facebook-owned messenger differs from its parent company, long beset by privacy scandals, Telegram founder Pavel Durov said.

Google Confirms Android Camera Security Threat: ‘Hundreds Of Millions’ Of Users Affected

Google Confirms Android Camera Security Threat: ‘Hundreds Of Millions’ Of Users Affected

“Our team found a way of manipulating specific actions and intents,” Erez Yalon, director of security research at Checkmarx said, “making it possible for any application, without specific permissions, to control the Google Camera app.

Vulnerability In Ring Doorbells Left the Door Open for Hackers to Open the Door

Vulnerability In Ring Doorbells Left the Door Open for Hackers to Open the Door

Bitdefender–the tireless actuary of the Internet of Things–were able to crack into homeowner’s personal WiFi networks via Amazon’s Ring doorbells, the video-enabled auto-locks that allow homeowners to remotely open the door.Balan told us that the vulnerability was discovered following a request from PCMag to look into the device and that it’s now been patched.

Amazon Ring doorbells exposed home Wi-Fi passwords to hackers

Amazon Ring doorbells exposed home Wi-Fi passwords to hackers

Bitdefender said the Amazon-owned doorbell was sending owners’ Wi-Fi passwords in cleartext as the doorbell joins the local network, allowing nearby hackers to intercept the Wi-Fi password and gain access to the network to launch larger attacks or conduct surveillance.

Many Popular Smartphones Vulnerable to Actively Exploited Zero-Day Android Flaw

Many Popular Smartphones Vulnerable to Actively Exploited Zero-Day Android Flaw

A zero-day flaw in the Android operating system used by some of the most popular mobile phones on the market is being exploited in real-world attacks.Since malicious apps can find their way into the Google Play Store, app downloads should be limited as far as possible until the flaw has been patched.

Sudo Flaw Lets Linux Users Run Commands As Root Even When They're Restricted

Sudo Flaw Lets Linux Users Run Commands As Root Even When They're Restricted

The vulnerability in question is a sudo security policy bypass issue that could allow a malicious user or a program to execute arbitrary commands as root on a targeted Linux system even when the "sudoers configuration" explicitly disallows the root access.

D-Link Home Routers Open to Remote Takeover Will Remain Unpatched

D-Link Home Routers Open to Remote Takeover Will Remain Unpatched

D-Link won’t patch a critical unauthenticated command-injection vulnerability in its routers that could allow an attacker to remotely take over the devices and execute code.

Vulnerability in WebEx and Zoom allows hackers to access their sessions

Vulnerability in WebEx and Zoom allows hackers to access their sessions

Vulnerability testing specialists point out that any web application that uses numeric or alphanumeric identifiers is exposed to enumeration attacks.

Google Warns LastPass Users Were Exposed To ‘Last Password’ Credential Leak

Google Warns LastPass Users Were Exposed To ‘Last Password’ Credential Leak

Project Zero has just disclosed that a security vulnerability left some of those 16 million users exposed to the risk of credential compromise as, in an ironic twist, LastPass could leak the last password used to any website visited.

Weakness in Intel chips lets researchers steal encrypted SSH keystrokes

Weakness in Intel chips lets researchers steal encrypted SSH keystrokes

Now, researchers are warning that, in certain scenarios, attackers can abuse DDIO to obtain keystrokes and possibly other types of sensitive data that flow through the memory of vulnerable servers.

Instagram’s own posts are not as private as you think

Instagram’s own posts are not as private as you think

This is done from a series of mouse clicks on any web browser to reveal the static URL of posts and private stories cached on servers.

Google Finally Confirms Security Problem For 1.5 Billion Gmail And Calendar Users

Google Finally Confirms Security Problem For 1.5 Billion Gmail And Calendar Users

Google is finally working on a fix for a security problem that leaves more than a billion Calendar users exposed to attack.The threat actors craft their messages to include a malicious link, leveraging the trust that user familiarity with calendar notifications brings with it.

Google Will Now Pay Anyone Who Reports Apps Abusing Users' Data

Google Will Now Pay Anyone Who Reports Apps Abusing Users' Data

In the wake of data abuse scandals and several instances of malware app being discovered on the Play Store, Google today expanded its bug bounty program to beef up the security of Android apps and Chrome extensions distributed through its platform.

Chinese Agencies 'Crack Telegram': A Timely Warning For End-To-End Encryption

Chinese Agencies 'Crack Telegram': A Timely Warning For End-To-End Encryption

Telegram, the secure messaging platform, is used by pro-democracy campaigners in Hong Kong as a means of keeping communications away from the prying eyes of the Chinese authorities.

A Third of Known Computer Security Flaws Have No Solution

A Third of Known Computer Security Flaws Have No Solution

In the first half of 2019, analysts at computer security firm Risk Based Security (RBS) enumerated a total of 11,092 flaws in computer systems (known as vulnerabilities) that could be exploited by a hacker to take unauthorized actions in another person’s or organization’s system.

Apple accidentally reopens security flaw in latest iOS version

Apple accidentally reopens security flaw in latest iOS version

Stefan Esser, an iPhone security expert, tweeted an additional warning: “I hope people are aware that with a public jailbreak being available for the latest iOS 12.4 people must be very careful what apps they download from the Apple AppStore.