Collaborate Disseminate
Researchers shared the data to provide a more complete context about the data and questions surrounding it, they said.
The post Hunter Biden emails that Trump allies shared contain signs of possible ‘tampering,’ analysis suggests appeared first on CyberScoop.
Virtually all compilers — programs that transform human-readable source code into computer-executable machine code — are vulnerable to an insidious attack in which an adversary can introduce targeted vulnerabilities into any software without being detected, new research released today warns. The vulnerability disclosure was coordinated with multiple organizations, some of whom are now releasing updates to address the security weakness. Continue reading ‘Trojan Source’ Bug Threatens the Security of All Code
Rare attack on cellular protocol exploits an encryption-implementation flaw at base stations to record voice calls. Continue reading ReVoLTE Attack Allows Hackers to Listen in on Mobile Calls
Microsoft today released updates to plug 50 security holes in various flavors of Windows and related software. The patch batch includes a fix for a flaw in Windows 10 and server equivalents of this operating system that prompted an unprecedented public warning from the U.S. National Security Agency. This month also marks the end of mainstream support for Windows 7, a still broadly-used operating system that will no longer be supplied with security updates. Continue reading Patch Tuesday, January 2020 Edition
The company acknowledged it’s using ‘safe browsing’ technology from Tencent, which has ties to the Chinese government. Continue reading Apple Shares Some Browsing History with Chinese Company
Chrome users are now automatically signed into the browser if they’re signed into any other Google service, such as Gmail. Continue reading Google’s Forced Sign-in to Chrome Raises Privacy Red Flags
The tech and financial industries are butting heads over the latter’s push to intentionally weaken a security protocol that underlies how the public securely accesses the vast majority of the internet. Critics are charging that the financial industry is pushing for a weakness in the new version of the Transport Layer Security (TLS) protocol, all for the sake of avoiding the time, effort and resources needs to adapt to the new standard. TLS is a bedrock internet security protocol used to secure everything from web browsing and email to instant messaging, voice, video and the internet of things. A new version, known as TLS 1.3, will usher in the largest changes in the protocol’s history. Contributors are hammering out the details before the update is likely finalized at the March meeting of the Internet Engineering Task Force (IETF), an independent group that designs internet standards. Heading into the meeting, the financial […]
The post Big banks want to weaken the internet’s underlying security protocol appeared first on Cyberscoop.
Continue reading Big banks want to weaken the internet’s underlying security protocol
The DUHK Attack leverages a 20-year-old random number generator flaw to recover private keys. More pertinent, researchers said, is that the flaw exposes gaps in the FIPS certification process. Continue reading DUHK Attack Exposes Gaps in FIPS Certification
The results of two audits of the open source software OpenVPN were shared late last week. One found two legitimate vulnerabilities, the other said the service is cryptographically “solid.” Continue reading OpenVPN Audits Yield Mixed Bag
A coalition of researchers and cryptographers are urging the Guardian to retract a story it published last week which suggested the encrypted messaging app WhatsApp contained a backdoor. Continue reading Coalition of Cryptographers, Researchers Urge Guardian to Retract WhatsApp Story