Facebook's Voice Transcripts Were More Invasive Than Amazon's

Facebook's Voice Transcripts Were More Invasive Than Amazon's

Researchers from the security firm Pen Test Partners published findings this week that an attacker would just need a person's username to track them.A new vulnerability and corresponding exploit of Bluetooth could allow an attacker to determine the encryption keys used during device pairing and let themselves in on the party.

Hackers Can Turn Everyday Speakers Into Acoustic Cyberweapons

Hackers Can Turn Everyday Speakers Into Acoustic Cyberweapons

But Matt Wixey, cybersecurity research lead at the technology consulting firm PWC UK, says that it’s surprisingly easy to write custom malware that can induce all sorts of embedded speakers to emit inaudible frequencies at high intensity, or blast out audible sounds at high volume.

A Boeing Code Leak Exposes Security Flaws Deep in a 787's Guts

A Boeing Code Leak Exposes Security Flaws Deep in a 787's Guts

An attacker could potentially pivot, Santamarta says, from the in-flight entertainment system to the CIS/MS to send commands to far more sensitive components that control the plane's safety-critical systems, including its engine, brakes, and sensors.

How Apple Pay Buttons Can Make Websites Less Safe

How Apple Pay Buttons Can Make Websites Less Safe

Maddux has since noticed that Apple has revised its documentation for adding an Apple Pay button to make it less likely that sites will integrate it in this potentially vulnerable way.

How a 10-Year-Old Desk Phone Bug Came Back From the Dead

How a 10-Year-Old Desk Phone Bug Came Back From the Dead

Povolny says that with the Avaya desk phones, it took only basic hacking skills to gain access to the device's systems and firmware (the foundational code that coordinates a device's hardware and software) and analyze them for flaws.

Hackers Can Break Into an iPhone Just by Sending a Text

Hackers Can Break Into an iPhone Just by Sending a Text

Lily Hay Newman covers information security, digital privacy, and hacking for WIRED.Silvanovich, who worked on the research with fellow Project Zero member Samuel Groß, got interested in interaction-less bugs because of a recent, dramatic WhatsApp vulnerability that allowed nation-state spies to compromise a phone just by calling it—even if the recipient didn’t answer the call.

Hackers Made an App That Kills to Prove a Point

Hackers Made an App That Kills to Prove a Point

Two years ago, researchers Billy Rios and Jonathan Butts discovered disturbing vulnerabilities in Medtronic's popular MiniMed and MiniMed Paradigm insulin pump lines. Both Medtronic and regulators acknowledge that there is no way to patch the flaws on the affected insulin pump models, or to completely disable the remote feature.

A Zoom Flaw Gives Hackers Easy Access to Your Webcam

A Zoom Flaw Gives Hackers Easy Access to Your Webcam

Zoom patched this DoS issue in a May update but for now is only adjusting its auto-join video settings, giving users a more prominent way of choosing whether their video feed automatically launches when they click a Zoom call link.

Ransomware Hits Georgia Courts As Municipal Attacks Spread

Ransomware Hits Georgia Courts As Municipal Attacks Spread

And whether a local government is going to rebuild from an attack on its own or pay the ransom, money to respond comes from public funds or through a municipality's cybersecurity insurance.

How Hackers Turn Microsoft Excel's Own Features Against It

How Hackers Turn Microsoft Excel's Own Features Against It

On Thursday, researchers from the threat intelligence firm Mimecast are disclosing findings that an Excel feature called Power Query can be manipulated to facilitate established Office 365 system attacks.

I Scraped Millions of Venmo Payments. Your Data Is at Risk

I Scraped Millions of Venmo Payments. Your Data Is at Risk

I could see a public API endpoint that was returning the data for this feed, meaning that anyone could make a GET request (like a simple page load) to see the latest 20 transactions made on the app by anyone around the world.

A Plan to Stop Breaches With Dead Simple Database Encryption

A Plan to Stop Breaches With Dead Simple Database Encryption

That means MongoDB itself and cloud providers won't be able to access customer data, and a database's administrators or remote managers don't need to have access to everything either.

Apple Just Patched a Modem Bug That's Been in Macs Since 1999

Apple Just Patched a Modem Bug That's Been in Macs Since 1999

But 12-year-old Joshua Hill didn't have an iMac. To take advantage of all the new connectivity from his parents' mid-'90s Mac Performa, he needed a modem that would plug into the computer through one of its chunky "serial" ports.

The Tricky Shenanigans Behind a Stealthy Apple Keychain Attack

The Tricky Shenanigans Behind a Stealthy Apple Keychain Attack

In early February, an 18-year-old German security researcher named Linus Henze demonstrated a macOS attack that would allow a malicious application to grab passwords from Apple's protected keychain.

Political Parties Still Have Cybersecurity Hygiene Problems

Political Parties Still Have Cybersecurity Hygiene Problems

Issie Lapowsky covers the intersection of tech, politics, and national affairs for WIRED.In the US, both the DNC and the RNC have worked to fortify their technical infrastructure since 2016, and, based on SecurityScorecard's findings from 2016, it shows, Casey says.

Google Recalls Titan Security Key Over a Bluetooth Flaw

Google Recalls Titan Security Key Over a Bluetooth Flaw

With the right timing, she could trick the victim's laptop, for instance, into pairing with her own Bluetooth dongle rather than the Titan key, thus gaining access to both a user's Google account and that computer.

Meltdown Redux: Intel Flaw Lets Hackers Siphon Secrets from Millions of PCs

Meltdown Redux: Intel Flaw Lets Hackers Siphon Secrets from Millions of PCs

Like Meltdown and Spectre, the new MDS attack takes advantage of security flaws in how Intel's chips perform speculative execution, a feature in which a processor guesses at what operations and data it will be asked to execute or access ahead of time to speed up the chip's performance.

A Cisco Router Bug Has Massive Global Implications

A Cisco Router Bug Has Massive Global Implications

But the Red Balloon researchers found that the way the FPGA was implemented for Cisco’s Trust Anchor, they didn’t need to map the whole bitstream.

HTTPS Isn't Always As Secure As It Seems

HTTPS Isn't Always As Secure As It Seems

Vulnerabilities that are full-on "leaky" involve more deeply flawed encryption channels between browsers and web servers that would enable an attacker to decrypt all the traffic passing through them.

An Android Vulnerability Went Unfixed for Over Five Years

An Android Vulnerability Went Unfixed for Over Five Years

But Toshin points out that attackers could also use the bug to gain inappropriate device access by tricking users into clicking a malicious link that would then open through Android's Instant App feature.

When Facebook Goes Down, Don't Blame Hackers

When Facebook Goes Down, Don't Blame Hackers

“If you’re a DDoS attacker and you’re trying for a big target, and you want to have a big impact, you would probably look for an organization or a brand that doesn’t have as much connectivity to begin with,” says Alex Henthorn-Iwane, vice president at network security firm ThousandEyes.

The Overlooked Security Threat of Sign-In Kiosks

The Overlooked Security Threat of Sign-In Kiosks

But X-Force interns Hannah Robbins and Scott Brink found flaws—now mostly patched—in all five mainstream systems they looked at from the visitor management companies Jolly Technologies, HID Global, Threshold Security, Envoy, and The Receptionist.

Holes in 4G and 5G Networks Could Let Hackers Track Your Location

Holes in 4G and 5G Networks Could Let Hackers Track Your Location

"Average consumers are at the risk of exposing their privacy to malicious third parties who sell location data and other private information." With the exception of the Piercer flaws, the vulnerabilities the researchers discovered would need to be fixed above the individual carrier level by the industry group GSMA, which oversees development of mobile data standards including 4G and 5G.

A 'Fortnite' Vulnerability Exposed Accounts to Takeover

A 'Fortnite' Vulnerability Exposed Accounts to Takeover

Now, new research from the IT security firm Check Point reveals a trio of vulnerabilities in Fortnite 's web infrastructure that could have allowed an attacker to take over user accounts.

How a Dorm Room Minecraft Scam Brought Down the Internet

How a Dorm Room Minecraft Scam Brought Down the Internet

In fact, according to court documents, the primary driver behind the original creation of Mirai was creating "a weapon capable of initiating powerful denial-of-service attacks against business competitors and others against whom White and his coconspirators held grudges.” Once investigators knew what to look for, they found Minecraft links all over Mirai: In an less-noticed attack just after the OVH incident, the botnet had targeted ProxyPipe.com, a company in San Francisco that specializes in protecting Minecraft servers from DDoS attacks.

The Worst Hacks of 2018

The Worst Hacks of 2018

But between the company's increasingly dismal track record on third-party access limits and a recent incident in which a bug exposed 6.8 million users' photos to third-party developers, it's hard to feel like things are going as well as they could on the user privacy and data management front.Atlanta RansomwareIn March, a ransomware attack locked down the City of Atlanta's digital systems, destabilizing municipal operations.

The Year Cryptojacking Ate the Web

The Year Cryptojacking Ate the Web

For example, the cloud monitoring and defense firm RedLock said in February that Tesla's Amazon Web Services cloud infrastructure was running mining malware thanks to an inconspicuous, but extensive cryptojacking campaign.

How to Protect Yourself From the Giant Marriott Hack

How to Protect Yourself From the Giant Marriott Hack

But the bulk of the victims—currently thought to be 327 million people—had different combinations of name, address, phone number, email address, date of birth, gender, trip and reservation information, passport number, and Starwood Preferred Guest account information all stolen."Four years is an eternity when it comes to breaches."David Kennedy, TrustedSecSome credit card numbers were also stolen as part of the breach, Marriott says, but the company did not provide an initial estimate of how many were taken.

An Ingenious Data Hack Is More Dangerous Than Anyone Feared

An Ingenious Data Hack Is More Dangerous Than Anyone Feared

The researchers say such an attack could even be down remotely, without physical access to the target system.Both in terms of the attack and possible defenses, the researchers say there is still a lot that is unknown, because ECC chips, their implementation, and the devices they work in are all generally proprietary.

A Decade-Old Attack Can Break the Encryption of Most PCs

A Decade-Old Attack Can Break the Encryption of Most PCs

It's not super technically challenging."Segerdahl notes that the findings have particular implications for corporations and other institutions that manage a large number of computers, and could have their whole network compromised off of one lost or stolen laptop.'It's pretty quick and very doable for a knowledgable hacker.'Olle Segerdahl, F-SecureTo carry out the attack, the F-Secure researchers first sought a way to defeat the the industry-standard cold boot mitigation.

More