Tuesday, February 18, 2020

Signal is finally bringing its secure messaging to the masses

Enlarge (credit: Getty Images) Last month, the cryptographer and coder known as Moxie Marlinspike was getting settled on an airplane when his seatmate, a midwestern-looking man in his 60s, asked for help. He couldn't figure out how to...

US government exposes malware used in North Korean-sponsored hacking ops

Enlarge (credit: Jung Yeon-Je/Getty Images) The US Pentagon, the FBI, and the Department of Homeland Security on Friday exposed a North Korean hacking operation and provided technical details for seven pieces of malware used in the campaign. The US...

500 Chrome extensions secretly uploaded private data from millions of users

Enlarge More than 500 browser extensions downloaded millions of times from Google’s Chrome Web Store surreptitiously uploaded private browsing data to attacker-controlled servers, researchers said on Thursday. The extensions were part of a long-running malvertising and ad-fraud scheme...

Scythe prepares to launch marketplace of pwns for security testing platform

Enlarge / Imagine a supermarket full of advanced persistent threats for your security team to throw at you. That's what Scythe is aiming to be. (credit: DigitalVision / Getty Images) As we noted earlier this week, there's...

Amazon wins court injunction on controversial JEDI contract

Enlarge Cloud-computing and retail behemoth Amazon won a legal victory today against rival Microsoft, as a federal judge agreed to order a hold on a massive federal contract Microsoft was awarded late last year. Amazon late last year...

Nasty Android malware reinfects its targets, and no one knows how

Enlarge A widely circulating piece of Android malware primarily targeting US-based phones used a clever trick to reinfect one of its targets in a feat that stumped researchers as to precisely how it was pulled off. xHelper came...

Ars Technicast special edition, part 1: Machine learning assimilates athletics

Enlarge / Artist's impression of AI playing sports. (credit: Pali Rao / Getty Images) Artificial Intelligence, machine learning, and other technologies are changing the world in which we live and work in some subtle, and not-so-subtle, ways. And...

Huawei fires back, points to US’ history of spying on phone networks

Enlarge / Huawei sign displayed at CES 2020 in Las Vegas on Wednesday, Jan. 8, 2020. (credit: Getty Images | Bloomberg) Chinese vendor Huawei has provided a longer response to US allegations of spying, claiming that it doesn't...

Rental car agency continues to give remote control long after cars are returned

Enlarge / The screen displayed by FordPass four days after an Enterprise Rent-A-Car customer returned his Ford Mustang. (credit: Masamba Sinclair) In October, Ars chronicled the story of a man who was able to remotely start, stop, lock,...

One of the most destructive botnets can now spread to nearby Wi-Fi networks

Enlarge (credit: Marco Verch / Flickr) Over the past half decade, the Emotet malware has emerged as a top Internet threat that pillages people’s bank accounts and installs other types of malware. The sophistication of its code base...

Office365 Pro Plus won’t hijack your search engine after all

Before we can apologize for trying to forcibly Bing you, we need to let you know how excited you really were about it. (credit: Microsoft) In late January, Microsoft announced that a near-future Office 365 update would roll out a...

US, German intel owned Swiss crypto used by dozens of countries

Enlarge / Boris Hagelin's mechanical crypto gear, like the CX-52 first introduced in 1952, gave US intelligence fits. So they cut deals with Hagelin and eventually bought the company. (credit: Rama , Wikimedia Commons, Cc-by-sa-2.0-fr) Crypto AG,...

New “red team as a service” platform aims to automate hacking tests for company networks

Enlarge / Randori's Attack platform aims to automate the "red team" adversarial security role so that more companies can afford to constantly check their security. (credit: CSA Images via Getty Images) Attack simulation and "red teaming as a...

The Iowa caucuses were a comedy of tech errors and poor planning

Enlarge / The Iowa Democratic Party caucus app displayed on an iPhone outside Iowa Democratic Party headquarters in Des Moines, Iowa, on Tuesday, Feb. 4, 2020. (credit: Getty Images | Bloomberg) The disastrous Iowa Democratic caucuses were hampered...

Why is the healthcare industry still so bad at cybersecurity?

A medical (cyber)simulation from the 2018 CyberMed Summit (credit:University of Arizona / CyberMed Summit) Many articles about cybersecurity risks in healthcare begin with descriptions of live simulations (so when in Rome). Imagine a doctor completely unaware of what they’re...

Sensitive plastic surgery images exposed online

Researchers at VPN advisory company vpnMentor have found yet another online data exposure caused by a misconfigured cloud database.

Lenovo, HP, Dell Peripherals Face Unpatched Firmware Bugs

A lack of proper code-signing verification and authentication for firmware updates opens the door to information disclosure, remote code execution, denial of service and more.

12 hottest new cybersecurity startups at RSA 2020

Starting on February 24, the RSA Conference (RSAC) 2020 gives security vendors old and new a chance to demonstrate their capabilities. The event has become an attractive venue for startups to make their debut. This year’s crop will be...

Hundreds of Millions of PC Components Still Have Hackable Firmware

The lax security of supply chain firmware has been a known concern for years—with precious little progress being made.

Remote Wipe Plugin Bug Hits 200,000+ WordPress Sites

Remote Wipe Plugin Bug Hits 200,000+ WordPress SitesSecurity researchers are warning of a new plugin vulnerability which is exposing over 200,000 WordPress sites to the risk of being remotely wiped by an attacker. The problem lies with versions 1.3.4 and...