Apple accidentally reopens security flaw in latest iOS version

Apple accidentally reopens security flaw in latest iOS version

Stefan Esser, an iPhone security expert, tweeted an additional warning: “I hope people are aware that with a public jailbreak being available for the latest iOS 12.4 people must be very careful what apps they download from the Apple AppStore.

How safe are school records? Not very, says student security researcher

How safe are school records? Not very, says student security researcher

Among one of the more damaging issues Demirkapi found in Follett’s student information system was an improper access control vulnerability, which if exploited could have allowed an attacker to read and write to the central Aspen database and obtain any student’s data.

WhatsApp security flaws can fake messages from you

WhatsApp security flaws can fake messages from you

Check Point Research says that it found three different ways to exploit the vulnerability, including the ability to put words in your mouth.

Just Opening A Document in LibreOffice Can Hack Your Computer (Unpatched)

Just Opening A Document in LibreOffice Can Hack Your Computer (Unpatched)

CVE-2019-9849 : This vulnerability, which you can fix by installing the latest available update, could allow the inclusion of remote arbitrary content within a document even when 'stealth mode' is enabled.

Opinion | The Spy Business Is Booming and We Should Be Worried

Opinion | The Spy Business Is Booming and We Should Be Worried

Simply put, counterintelligence is about protecting something valuable — an asset, a system, a process, a way of life — from an adversary.

Report: Israeli surveillance tool can silently collect all iCloud data for a targeted user

Report: Israeli surveillance tool can silently collect all iCloud data for a targeted user

Apple is facing a new security threat, thanks to developments in the spyware/surveillance tool sold by the Israeli firm NSO Group. Via the Financial Times, the Pegasus phone software now not only harvests data from the user’s onboard storage, but also all communications with the connected cloud.

Agent Smith Malware jeopardizes 25 million android devices

Agent Smith Malware jeopardizes 25 million android devices

Agent smith malware The malware would be hidden inside “barely functioning photo utility, games, or sex-related apps,” Check Point writes. After the user downloads one, the malware masquerades as an app related to Google with a title such as “Google Updater” and starts replacing code.

Zoom Zero Day: 4+ Million Webcams & maybe an RCE? Just get them to visit your website!

Zoom Zero Day: 4+ Million Webcams & maybe an RCE? Just get them to visit your website!

On June 24th after 90 days of waiting, the last day before the public disclosure deadline, I discovered that Zoom had only implemented the ‘quick fix’ solution originally suggested.

Tails - Tails 3.14.2 is out

Tails - Tails 3.14.2 is out

Changes and upgrades Fixed problems Known issues Get Tails 3.14.2 What's coming up? To fix this issue: Reinstall your USB stick using the same installation method.

Firefox 67.0.4 Released — Mozilla Patches Second 0-Day Flaw This Week

Firefox 67.0.4 Released — Mozilla Patches Second 0-Day Flaw This Week

After patching a critical actively-exploited vulnerability in Firefox 67.0.3 earlier this week, Mozilla is now warning millions of its users about a second zero-day vulnerability that attackers have been found exploiting in the wild.

Tails - Tails 3.14.1 is out

Tails - Tails 3.14.1 is out

Fixed arbitrary code execution in Tor Browser Upgrades and changes Known issues Tails fails to start a second time on some computers (#16389) Get Tails 3.14.1 To upgrade your Tails USB stick and keep your persistent storage To install Tails on a new USB stick To download only What's coming up?

How Hackers Broke WhatsApp With Just a Phone Call

How Hackers Broke WhatsApp With Just a Phone Call

But a new Financial Times report alleges that the notorious Israeli spy firm NSO Group developed a WhatsApp exploit that could inject malware onto targeted phones—and steal data from them—simply by calling them.

WhatsApp urges users to update app after discovering spyware vulnerability

WhatsApp urges users to update app after discovering spyware vulnerability

WhatsApp is encouraging users to update to the latest version of the app after discovering a vulnerability that allowed spyware to be injected into a user’s phone through the app’s phone call function.

WhatsApp exploit let attackers install government-grade spyware on phones

WhatsApp exploit let attackers install government-grade spyware on phones

“WhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date, to protect against potential targeted exploits designed to compromise information stored on mobile devices,” the company said in a statement.

The Challenges of Ethical Hacking – A Minefield of Legal and Ethical Woes

The Challenges of Ethical Hacking – A Minefield of Legal and Ethical Woes

Depending on the organization that you’re dealing with, responses can be as positive as interested engagement and proactively fixing an issue, to dismissive and uninterested, to actively hostile and ready to pursue legal action.

Razer issues fix for well-known Intel ME firmware vulnerability

Razer issues fix for well-known Intel ME firmware vulnerability

"All current Razer laptops are shipped in Intel Manufacturing Mode, and have full R/W on the SPI flash. “To address this issue, Razer laptops will ship from the factory with an update to remove these vulnerabilities.

Protect yourself against a pure CSS data stealing attack called Exfil

Protect yourself against a pure CSS data stealing attack called Exfil

Mike Gualtieri, the researcher who discovered the vulnerability, published several proof of concept attacks designed to steal usernames, passwords, and other data on web pages it is used on. Just install the extension in a supported web browser to protect your data against attacks exploiting the issue.

Intel Chipsets' Undocumented Feature Can Help Hackers Steal Data

Intel Chipsets' Undocumented Feature Can Help Hackers Steal Data

The feature, Intel Visualization of Internal Signals Architecture (VISA), could allow attackers to gain the lowest-levels of access to Intel CPUs and any data being processed by those CPUs. Intel VISA Unveiled. The bad news is that the Positive Technologies researchers found a way to disable VISA using an older Intel ME vulnerability.

Microsoft researchers spot NSA style backdoor in Huawei laptops

Microsoft researchers spot NSA style backdoor in Huawei laptops

The Microsoft Defender Advanced Threat Protection (ATP) service featured in Windows 10 version 1809 alerted researchers to an NSA-inspired backdoor vulnerability in Huawei laptops. The PCManager software included in some Huawei’s Matebook systems allows unprivileged users to create processes with superuser privileges, according to a March 25 Microsoft security post.

Researchers discover and abuse new undocumented feature in Intel chipsets

Researchers discover and abuse new undocumented feature in Intel chipsets

Called Intel Visualization of Internal Signals Architecture (Intel VISA), Positive Technologies researchers Maxim Goryachy and Mark Ermolov said this is a new utility included in modern Intel chipsets to help with testing and debugging on manufacturing lines.

Google browser vulnerability could have let hackers steal personal data

Google browser vulnerability could have let hackers steal personal data

The bug was briefly disclosed in Google’s patch notes from January , described only as a high-severity vulnerability with “insufficient policy enforcement.” After a new report from Positive Technologies, we now know that the bug affected Android’s WebView component, which is commonly used to display pages inside Android apps.

A “serious” Windows 0-day is being actively exploited in the wild

A “serious” Windows 0-day is being actively exploited in the wild

with 80 posters participating Share this story Google security officials are advising Windows users to ensure they’re using the latest version 10 of the Microsoft operating system to protect themselves against a “serious” unpatched vulnerability that attackers have been actively exploiting in the wild.

Warning over 'high severity' security flaw in Google's Chrome web browser being exploited in the wild

Warning over 'high severity' security flaw in Google's Chrome web browser being exploited in the wild

Users of Google's Chrome web browser have been advised to update it as a matter of urgency following the discovery of exploits in the wild for a ‘high severity' security flaw publicised in February.

Serious Amazon Ring vulnerability leaves audio and video feeds open to interception and spoofing

Serious Amazon Ring vulnerability leaves audio and video feeds open to interception and spoofing

As well as enabling a hacker to access audio and video feeds in a severe violation of both privacy and security, the vulnerability also means that an attacker could replace a feed with footage of their own.

High-Severity SHAREit App Flaws Open Files for the Taking

High-Severity SHAREit App Flaws Open Files for the Taking

“We wanted to give as many people as we can the time to update and patch their devices before disclosing such critical vulnerability.” The flaws, which could be exploited by an attacker on a shared WiFi network, have a CVSS 3.0 score of 8.2, meaning they are high-severity, researchers told Threatpost.

Microsoft Edge lets Facebook run Flash code behind users' backs

Microsoft Edge lets Facebook run Flash code behind users' backs

Ivan Fratric, the Google Project Zero security researcher who found the this whitelist, described the security flaws he found as follows: - An XSS vulnerability on any of the domains would allow bypassing click2play policy [and running malicious Flash code on these domains].

SS7 Cellular Network Flaw Nobody Wants To Fix Now Being Exploited To Drain Bank Accounts

SS7 Cellular Network Flaw Nobody Wants To Fix Now Being Exploited To Drain Bank Accounts

SS7 Cellular Network Flaw Nobody Wants To Fix Now Being Exploited To Drain Bank Accounts (Mis)Uses of Technology from the whoops-a-daisy dept Karl Bode Back in 2017, you might recall how hackers and security researchers highlighted long-standing vulnerabilities in Signaling System 7 (SS7, or Common Channel Signalling System 7 in the US), a series of protocols first built in 1975 to help connect phone carriers around the world.

Apple temporarily disables group FaceTime to fix a bug that lets you eavesdrop on your contacts

Apple temporarily disables group FaceTime to fix a bug that lets you eavesdrop on your contacts

CLICK IT Apple has now disabled the group FaceTime feature and said it’ll issue a fix later this week. Apple disables group facetime feature The issue was so serious that Twitter CEO Jack Dorsey, and even Andrew Cuomo, governor of the state of New York, weighed in and urged their followers to disable FaceTime.

The 5G Protocol May Still Be Vulnerable to IMSI Catchers

The 5G Protocol May Still Be Vulnerable to IMSI Catchers

A number of fantastic papers explore vulnerabilities in 2G , 3G , and 4G which are potentially the same ones exploited by commercial CSSs. The upcoming 5G protocol for cellular communications promised many improvements over the current 4G standard, including a claim that it would protect mobile users from cell-site simulators.

A major privacy flaw in Apple's FaceTime lets others listen in on you before you answer the call

A major privacy flaw in Apple's FaceTime lets others listen in on you before you answer the call

A major privacy flaw in Apple's FaceTime video chat product has been discovered allowing someone to secretly eavesdrop on another user before they answer the call.

More