The Long Path out of the Vulnerability Disclosure Dark Ages

The Long Path out of the Vulnerability Disclosure Dark Ages

In 2003 security researcher Katie Moussouris was working at the enterprise security firm @stake —which would later be acquired by Symantec—when she spotted a bad flaw in an encrypted flash drive from Lexar.

Cisco Flaws Put Millions of Workplace Devices at Risk

Cisco Flaws Put Millions of Workplace Devices at Risk

Attackers could use related flaws, also disclosed by Armis, to attack batches of Cisco devices at once—like all the desk phones or all the webcams—to shut them down or turn them into eyes and ears inside a target organization.

Windows 10 Has a Security Flaw So Severe the NSA Disclosed It

Windows 10 Has a Security Flaw So Severe the NSA Disclosed It

In fact, Neuberger said that disclosing the code verification bug to Microsoft and the public is part of a new NSA initiative in which the agency will share its vulnerability findings more quickly and more often.

Huge Data Leak Doxes Members of Notorious Neo-Nazi Forum

Huge Data Leak Doxes Members of Notorious Neo-Nazi Forum

Like, say, the revelation that you can hack Alexa, Google Assistant, and Siri with lasers .Take the two former Twitter employees who allegedly used their insider access to spy on behalf of Saudi Arabia —a stark reminder of how ill prepared even the biggest companies are to protect consumer data from the people who work there.

The First BlueKeep Mass Hacking Is Finally Here—but Don't Panic

The First BlueKeep Mass Hacking Is Finally Here—but Don't Panic

But this is the first instance where I’ve seen it being used on a mass scale," says Marcus Hutchins, a malware researcher for security firm Kryptos Logic who was one of the first to build a working proof-of-concept for the BlueKeep vulnerability.

FAO - News Article: New pathway for food systems development

FAO - News Article: New pathway for food systems development

FAO’s leader points to the need to turn food systems into accelerators of the SDGs. 25 September, 2019, New York - Food systems are huge economic, social and environmental drivers of transformational change, FAO Director-General Qu Dongyusaid today.

A Password-Exposing Bug Was Purged From LastPass

A Password-Exposing Bug Was Purged From LastPass

Developers of the LastPass password manager have patched a vulnerability that made it possible for websites to steal credentials for the last account the user logged into using the Chrome or Opera extension.

Why 'Zero Day' Android Hacking Now Costs More Than iOS Attacks

Why 'Zero Day' Android Hacking Now Costs More Than iOS Attacks

Shwartz says that a web-based attack that targets a high-end Android phone can now sell for more than $2 million non-exclusively, meaning that the researcher can sell it for that price to multiple buyers.

An Operating System Bug Exposes 200 Million Critical Devices

An Operating System Bug Exposes 200 Million Critical Devices

But the Armis researchers, who first disclosed their findings to Wind River in March, say that the patching process will be long and difficult, as is often the case with IoT and critical infrastructure updates .

China Distributes Spyware at Its Border and Beyond

China Distributes Spyware at Its Border and Beyond

Though they are developed by well-known companies and the location sharing is advertised for accepted uses, these apps also have the potential to be exploited by attackers who have access to victim devices.

Hackers Are Poking at a MacOS Flaw Apple Left Unfixed

Hackers Are Poking at a MacOS Flaw Apple Left Unfixed

According to Cavallarin, Apple said it would fix the problem by mid-May. When the company still hadn’t done so by the time a standard 90-day disclosure deadline had passed, Cavallarin went public, publishing a full description and proof-of-concept code on May 24.

Microsoft's BlueKeep Bug Isn't Getting Patched Fast Enough

Microsoft's BlueKeep Bug Isn't Getting Patched Fast Enough

When security researcher Rob Graham scanned the entire public internet for BlueKeep-vulnerable machines on Monday, using a tool he built, he found that 923,671 machines hadn't been patched, and were thus still exposed to any potential worm.

Microsoft’s First Windows XP Patch in Years Is a Very Bad Sign

Microsoft’s First Windows XP Patch in Years Is a Very Bad Sign

There’s maybe no better sign of a vulnerability’s severity; the last time Microsoft bothered to make a Windows XP fix publicly available was a little over two years ago, in the months before the WannaCry ransomware attack swept the globe .

How Hackers Broke WhatsApp With Just a Phone Call

How Hackers Broke WhatsApp With Just a Phone Call

But a new Financial Times report alleges that the notorious Israeli spy firm NSO Group developed a WhatsApp exploit that could inject malware onto targeted phones—and steal data from them—simply by calling them.

A Cisco Router Bug Has Massive Global Implications

A Cisco Router Bug Has Massive Global Implications

But the Red Balloon researchers found that the way the FPGA was implemented for Cisco’s Trust Anchor, they didn’t need to map the whole bitstream.

The Strange Journey of an NSA Zero-Day Vulnerability—Into Multiple Enemies' Hands

The Strange Journey of an NSA Zero-Day Vulnerability—Into Multiple Enemies' Hands

Most notably, Symantec says the Chinese group's hacking had planted an NSA backdoor on the network of its victims using a zero-day vulnerability in Microsoft's Server Message Block or SMB software, also seemingly learned by studying the NSA's hacking tools.

How can Bhutan better prepare for earthquakes?

How can Bhutan better prepare for earthquakes?

To that end, Bhutan embarked on the $1.29 million Improving Resilience to Seismic Risk project funded by the Japan Policy and Human Resources Development (PHRD) Technical Assistance Program to Support Disaster Reduction and Recovery.

Machine Learning Can Use Tweets To Spot Critical Security Flaws

Machine Learning Can Use Tweets To Spot Critical Security Flaws

Researchers at Ohio State University, the security company FireEye, and research firm Leidos last week published a paper describing a new system that reads millions of tweets for mentions of software security vulnerabilities, and then, using their machine-learning-trained algorithm, assessed how much of a threat they represent based on how they're described.

Hack Brief: Google Reveals 'BuggyCow,' a Rare MacOS Zero-Day Vulnerability

Hack Brief: Google Reveals 'BuggyCow,' a Rare MacOS Zero-Day Vulnerability

So like clockwork, 94 days after Google alerted Apple to a bug in its MacOS operating system that could allow malware to inject data into the most privileged code running on its computers, Mountain View's hackers are revealing that fresh zero-day vulnerability to the world.