Sunday, September 19, 2021

A new app helps Iranians hide messages in plain sight

Enlarge / An anti-government graffiti that reads in Farsi "Death to the dictator" is sprayed at a wall north of Tehran on September 30, 2009. (credit: Getty Images) Amid ever-increasing government Internet control, surveillance, and censorship in...

SpaceX Starlink will come out of beta next month, Elon Musk says

Enlarge / Screenshot from the Starlink order page, with the street address blotted out. (credit: SpaceX Starlink) SpaceX's Starlink satellite-broadband service will emerge from beta in October, CEO Elon Musk said last night. Musk provided the answer of...

Cryptocurrency launchpad hit by $3 million supply chain attack

Enlarge (credit: Austin Distel) SushiSwap's chief technology officer says the company's MISO platform has been hit by a software supply chain attack. SushiSwap is a community-driven decentralized finance (DeFi) platform that lets users swap, earn, lend, borrow, and leverage cryptocurrency assets...

Telegram emerges as new dark web for cyber criminals

Enlarge (credit: Carl Court / Getty Images) Telegram has exploded as a hub for cybercriminals looking to buy, sell, and share stolen data and hacking tools, new research shows, as the messaging app emerges as an alternative to...

Office 2021 will be available for non-Microsoft 365 subscribers on October 5

Enlarge (credit: Microsoft) New versions of Microsoft Office aren't as big a deal as they used to be, thanks to the continuously updated (and continuously paid for) versions of the apps that come with a Microsoft 365 subscription....

Anonymous leaks gigabytes of data from Epik, web host of Gab and Parler

Enlarge (credit: Tom Roberts) Hacktivist collective Anonymous claims to have obtained gigabytes of data from Epik, the web host for the Texas GOP, Gab, Parler, and 8chan, among other right-wing sites. The stolen data has been released as...

Microsoft accounts can go passwordless, making “password123” a thing of the past

Enlarge (credit: Getty Images) Microsoft has been working to make passwordless sign-in for Windows and Microsoft accounts a reality for years now, and today those efforts come to fruition: The Verge reports that starting today, users can completely...

Travis CI flaw exposed secrets for thousands of open source projects

Enlarge (credit: Getty Images) A security flaw in Travis CI potentially exposed secrets for thousands of open source projects that rely on the hosted continuous integration service. Travis CI is a software-testing solution used by over 900,000 open...

Apple fixes iMessage zero-day exploited by Pegasus spyware

Enlarge (credit: Aurich Lawson | Getty Images) Apple has released several security updates this week to patch a "FORCEDENTRY" vulnerability on iOS devices. The "zero-click, zero-day" vulnerability has been actively exploited by Pegasus, a spyware app developed by...

Security researchers at Wiz discover another major Azure vulnerability

Enlarge / This isn't how the OMIGOD vulnerability works, of course—but lightning is much more photogenic than maliciously crafted XML. (credit: Aurich Lawson | Getty Images) Cloud security vendor Wiz—which recently made news by discovering a massive vulnerability in...

Infosec researchers say Apple’s bug-bounty program needs work

Enlarge / If you don't maintain good relationships with bug reporters, you may not get to control the disclosure timeline. (credit: mhatzapa via Getty Images / Jim Salter) The Washington Post reported earlier today that Apple's relationship with third-party...

WhatsApp “end-to-end encrypted” messages aren’t that private after all

Enlarge / The security of Facebook's popular messaging app leaves several rather important devils in its details. (credit: WhatsApp) Yesterday, independent newsroom ProPublica published a detailed piece examining the popular WhatsApp messaging platform's privacy claims. The service famously offers...

Privacy-focused ProtonMail provided a user’s IP address to authorities

Enlarge / ProtonMail offers end-to-end encryption and a stated focus on privacy for its email service—which offers a user interface quite similar to those of more mainstream services such as Gmail. (credit: Jim Salter) This weekend, news broke that...

Microsoft Outlook shows real person’s contact info for IDN phishing emails

Enlarge (credit: Drew Angerer | Getty Images) If you receive an email from someone@arstechnіca.com, is it really from someone at Ars? Most definitely not—the domain in that email address is not the same arstechnica.com that you know. The 'і'...

Why ransomware hackers love a holiday weekend

Enlarge / Gah, don't you miss unstressed travel? (credit: Klaus Vedfelt / Getty Images) On the Friday heading into Memorial Day weekend this year, it was meat processing giant JBS. On the Friday before the Fourth of...
Security Affairs

The Biden administration plans to target exchanges supporting ransomware operations with sanctions

US Government is expected to issue sanctions against crypto exchanges, wallets, and traders used by ransomware operations to cash out ransom payments. The Biden administration is putting in place all the strategies to disrupt the operations of the ransomware...

Former US Intelligence Operatives Admit They Hacked for UAE

Plus: Remote learning spyware, an AT&T bribery scandal, and more of the week's top security news.
Security Affairs

Expert discloses details and PoC code for Netgear Seventh Inferno bug

A new critical vulnerability in Netgear smart switches can be exploited by an attacker to potentially execute malicious code and take over impacted devices. Researchers provided technical details about a recently addressed critical vulnerability, dubbed Seventh Inferno, in Netgear smart...

A new app helps Iranians hide messages in plain sight

Enlarge / An anti-government graffiti that reads in Farsi "Death to the dictator" is sprayed at a wall north of Tehran on September 30, 2009. (credit: Getty Images) Amid ever-increasing government Internet control, surveillance, and censorship in...

Forget iPhone 13–Apple Suddenly Has A Critical New iPhone 14 Problem

How does Apple resolve the nightmare now awaiting its next iPhone...