Collaborate Disseminate
Yahoo on Tuesday released an update to its 2013 breach, notifying users that all 3 billion accounts in existence at the time were compromised. Continue reading 2013 Yahoo Breach Affected All 3 Billion Accounts
ICANN, the overseer of the Internet’s namespace, announced this week that it was postponing a scheduled change to the cryptographic key that protects the Domain Name System. Continue reading ICANN Postpones Scheduled DNS Crypto Key Rollover
Researchers at Duo Security are expected today at Ekoparty to reveal data and a paper that shows Mac users are not receiving EFI firmware updates at expected. Continue reading Macs Not Receiving EFI Firmware Security Updates as Expected
Google, through Google Domains, operates many TLDs, and this week said it would begin enforcing HSTS on those TLDs. HSTS forces secure client connections over HTTPS. Continue reading Google to Enforce HSTS on TLDs it Operates
Researchers at CyberArk have devised a Windows Defender bypass that tricks the operating system into executing malicious code while Defender scans a benign file. Continue reading Windows Defender Bypass Tricks OS into Running Malicious Code
Apple said that macOS’ native Gatekeeper security feature would protect against a Keychain attack disclosed this week, but researcher Patrick Wardle said that won’t help against Mac malware signed with an Apple certificate. Continue reading Gatekeeper Alone Won’t Mitigate Apple Keychain Attack
Google’s Project Zero released a proof-of-concept attack against a Wi-Fi firmware vulnerability in Broadcom chips that backdoors the iPhone 7. The flaw was patched in iOS 11. Continue reading Remote Wi-Fi Attack Backdoors iPhone 7
Researcher Patrick Wardle has discovered a critical vulnerability that allows an attacker to dump passwords in plaintext from the macOS Keychain. The vulnerability is in macOS High Sierra, Sierra and El Capitan, and has yet to be patched. Continue reading macOS High Sierra Available—And Vulnerable to Keychain Attack
IOActive analyzed 21 mobile stock trading platforms and found vulnerabilities that put transactions and personal information at risk. Of the 13 firms notified, only two acknowledged the disclosure. Continue reading Mobile Stock Trading App Providers Unresponsive to Glaring Vulnerabilities
Adobe suffered at a minimum a PR black eye on Friday when one of its private PGP keys was inadvertently published to its Product Incident Security Response Team (PSIRT) blog. Continue reading Adobe Private PGP Key Leak a Blunder, But It Could Have Been Worse