This Week in Security: Tegra Bootjacking, Leaking SSH, and StrandHogg

CVE-2019-5700 is a vulnerability in the Nvidia Tegra bootloader, discovered by [Ryan Grachek], and breaking first here at Hackaday. To understand the vulnerability, one first has to understand a bit about the Tegra boot process. When the device is powered on, a irom firmware loads the next stage of the …read more

Continue reading This Week in Security: Tegra Bootjacking, Leaking SSH, and StrandHogg

‘Critical’ flaw in apps for Sennheiser headphones allows certificate access

Two applications developed by German electronics company Sennheiser contain vulnerabilities that could make it possible for hackers to forge digital certificates and impersonate legitimate websites. Sennheiser’s two apps, HeadSetup and HeadSetup Pro, installed certificates on users’ computers then failed to secure the key, according to a vulnerability report published Wednesday by the German security consulting firm Secorvo. The mistake means that hackers could decrypt the key and use the certificate, a means of digital authentication, to monitor victims’ traffic and launch main-in-the-middle attacks. “We found — caused by a critical implementation flaw — the secret signing key of one of the clandestine planted root certificates can be easily obtained by an attacker,” the Secorvo report states. “This allows him or her to sign up and issue technically trustworthy certificates. Users affected by this implementation bug can become victim of such a certificate forgery, allowing an attacker to send e.g. trustworthy signed […]

The post ‘Critical’ flaw in apps for Sennheiser headphones allows certificate access appeared first on Cyberscoop.

Continue reading ‘Critical’ flaw in apps for Sennheiser headphones allows certificate access

Lenovo to pay $7.3m for installing adware in 750,000 laptops

By Waqas
In 2015, Beijing based laptop manufacturer and seemingly reliable technology company Lenovo made headlines that its 750,000 laptops had pre-installed adware called VisualDiscovery developed by Superfish. The adware played a vital role in compr… Continue reading Lenovo to pay $7.3m for installing adware in 750,000 laptops

When three isn’t a crowd: Man-in-the-Middle (MitM) attacks explained

Maybe it’s the quirky way some tech writers abbreviate it, or the surreal way it reminded you of that popular Michael Jackson song. Whatever triggers you to remember the term, for most of us, man-in-the-middle embodies something both familia… Continue reading When three isn’t a crowd: Man-in-the-Middle (MitM) attacks explained

Bloatware Insecurity Continues to Haunt Consumer, Business Laptops

High-severity vulnerabilities were found in pre-installed software updaters present in consumer and business laptops from vendors such as Dell, HP, Lenovo, Asus and Acer. Continue reading Bloatware Insecurity Continues to Haunt Consumer, Business Laptops