Wednesday, December 11, 2019

What the newly released Checkra1n jailbreak means for iDevice security

Enlarge (credit: @Checkra1n) It has been a week since the release of Checkra1n, the world’s first jailbreak for devices running Apple’s iOS 13. Because jailbreaks are so powerful and by definition disable a host of protections built into...

Republicans storm ultra-secure “SCIF,” some with cell phones blazing

Enlarge / The US House of Representatives. (credit: Wally Gobetz / Flickr) On Wednesday, Republican lawmakers committed a major breach of security when they carried cell phones as they tried to storm a secure room where a closed-door...

ISPs worry a new Chrome feature will stop them from spying on you

Enlarge (credit: Thomas Trutschel/Photothek via Getty Images) When you visit a new website, your computer probably submits a request to the domain name system (DNS) to translate the domain name (like arstechnica.com) to an IP address. Currently, most DNS...

New clues show how Russia’s grid hackers aimed for physical destruction

Enlarge (credit: Joshua Lott/Bloomberg via Getty Images) For nearly three years, the December 2016 cyberattack on the Ukrainian power grid has presented a menacing puzzle. Two days before Christmas that year, Russian hackers planted a unique specimen of...

600,000 GPS trackers for people and pets are using 123456 as a password

Enlarge (credit: Shenzhen i365 Tech) An estimated 600,000 GPS trackers for monitoring the location of kids, seniors, and pets contain vulnerabilities that open users up to a host of creepy attacks, researchers from security firm Avast have found. The...

Google Play app with 100 million downloads executed secret payloads

Enlarge (credit: NurPhoto | Getty Images) The perils of Google Play are once again on display with the discovery of an app with 100 million downloads that contained a malicious component that downloaded secret payloads onto infected Android...

Self-driving car service open sources new tool for securing firmware

Enlarge (credit: Collin Mulliner) Developing and maintaining secure firmware for tablets, cars, and IoT devices is hard. Often, the firmware is initially developed by a third party rather than in-house. And it can be tough as projects move...

Judge allows suit against AT&T after $24 million cryptocurrency theft

Enlarge / An AT&T store in New Jersey. (credit: Michael Brochstein/SOPA Images/LightRocket via Getty Images) When Michael Terpin's smartphone suddenly stopped working in June 2017, he knew it wasn't a good sign. He called his cellular provider, AT&T,...

Tech firms “can and must” put backdoors in encryption, AG Barr says

Enlarge / Graffiti urging people to use Signal, a highly encrypted messaging app, is spray-painted on a wall during a protest on February 1, 2017 in Berkeley, California. (credit: Elijah Nouvelage | Getty Images) US Attorney General William...

Silent Mac update nukes dangerous webserver installed by Zoom

Enlarge (credit: Kena Betancur/Getty Images) Apple said it has pushed a silent macOS update that removes the undocumented webserver that was installed by the Zoom conferencing app for Mac. The webserver accepts connections from any device connected to the...

Microsoft OneDrive gets a more secure Personal Vault, plus additional storage options

Enlarge / Microsoft at a trade show. (credit: Getty Images | Justin Sullivan) Microsoft is launching a new layer of security for users of its OneDrive cloud storage service. OneDrive Personal Vault is a new section of your storage...

The clever cryptography behind Apple’s “Find My” feature

Enlarge / The 2018 15-inch Apple MacBook Pro with Touch Bar. (credit: Samuel Axon) When Apple executive Craig Federighi described a new location-tracking feature for Apple devices at the company's Worldwide Developer Conference keynote on Monday, it sounded—to...

Windows 10 May 2019 Update now rolling out to everyone… slowly

Enlarge (credit: David Holt / Flickr) To avoid a replay of the problems faced by the Windows 10 October 2018 Update, version 1809, Microsoft has taken a very measured approach to the release of the May 2019 Update,...

33 Linksys router models leak full historic record of every device ever connected

(credit: US Navy) More than 20,000 Linksys wireless routers are regularly leaking full historic records of every device that has ever connected to them, including devices' unique identifiers, names, and the operating systems they use. The data can...

The radio-navigation planes use to land safely is insecure and can be hacked

Enlarge / A plane in the researchers' demonstration attack as spoofed ILS signals induce a pilot to land to the right of the runway. (credit: Sathaye et al.) Just about every aircraft that has flown over the past...
SC Magazine

Pensacola confirms ransomware attack

Pensacola officials confirmed that an ongoing cyberattack that began early Saturday morning is a ransomware attack. While the city did not release any additional details, the Pensacola News Journal said city spokeswoman Kaycee Lagarde confirmed the attack included a ransom, something that...

Trickbot Operators Now Selling Attack Tools to APT Actors

North Korea's Lazarus Group - of Sony breach and WannaCry fame - is among the first customers.
Brian Krebs

The Great $50M African IP Address Heist

A top executive at the nonprofit entity responsible for doling out chunks of Internet addresses to businesses and other organizations in Africa has resigned his post following accusations that he secretly operated several companies which sold tens of millions...

Intel Issues Fix for ‘Plundervolt’ SGX Flaw

Researchers were able to extract AES encryption key using SGX's voltage-tuning function.
TechRepublic

How to stop spam calls right now

Spam calls drive us all crazy. Here are four ways to stop robocalls and other unsolicited phone calls.