Google says it will remove Showcase.apk from Pixel devices “out of an abundance of precaution”, after iVerify said hackers could use the dormant app to spy
'Dangerous' New Spyware Warning Issued Vinayak Guha / Android Authority : Flaw in Verizon Pixel's firmware poses serious security threat (Update: Google statement) Threads: Lauren Goode / @laurengoode...
Researchers detail the Blast-RADIUS MD5-based vulnerability affecting RADIUS, a widely used network access authentication protocol first developed in 1991
AWAITING ANALYSIS — This vulnerability is currently awaiting analysis. Microsoft Support : KB5040268: How to manage the Access-Request packets attack vulnerability associated with CVE-2024-3596 Conn...
Researchers detail a MITM attack on SSH that can break the integrity of the protocol, the first “practical attack of its kind”; fixes face compatibility issues
SSH is an internet standard that provides secure access to network services … Connor Jones / The Register : SSH shaken, not stirred by Terrapin vulnerability Terrapin Attack : Terrapin Attack: Breakin...
Twitter rolls out encrypted DMs, but both sender and recipient must be Blue subscribers, group messages are not supported, and message metadata is not encrypted
Starting with Verified Users Jay Peters / The Verge : Twitter launches encrypted DMs behind a paywall Geoff Desreumaux / WeRSM : Twitter Launches Encrypted DMs, But Only For Paid Subscribers Tweets: E...
Microsoft launches Xbox bug bounty program, will pay rewards up to $20K for vulnerabilities found in the Xbox Live network and services
The Xbox Bounty Program invites gamers … Ethan Gach / Kotaku : Microsoft's Bug Bounty Program Will Pay Players To Find Security Flaws In Xbox Live Anthony Spadafora / TechRadar.com : Microsoft to pay ...
Microsoft pushes a fix for a critical flaw in a cryptographic component present in all versions of Windows; NSA says it alerted Microsoft to the bug
rather than weaponizing it Robert Hackett / Fortune : The NSA patches up its reputation with a gift to Microsoft Mark Wyciślik-Wilson / BetaNews : Microsoft turns the screws on Windows 7 users with fu...
Sennheiser's HeadSetup software makes PCs and Macs vulnerable to MITM attacks due to flawed self-signed TLS certificate, which users should now manually remove
Poorly secured certificate lets hackers impersonate any website on the Internet. — Audio device maker Sennheiser has issued …
AirDroid, a remote management app with 10M+ Play Store downloads, uses a static and easily detectable encryption key leaving users vulnerable to MITM attacks
Dan Goodin / Ars Technica :
AirDroid, a remote management app with 10M+ Play Store downloads, uses a static and easily detectable encryption key leaving users vulnerable to MITM attacks
For six months, the remote management app has opened users to code-execution attacks. — For at least the past six months …
Researchers demo new attack technique, HEIST, that lets hackers steal sensitive data like SSNs and e-mail addresses from HTTPS pages without a MITM position
Approach exploits how HTTPS responses are delivered over transmission control protocol. — The HTTPS cryptographic scheme protecting millions …