Collaborate Disseminate
The White House is asking the technical community to switch to using memory-safe programming languages – such as Rust, Python, Swift, C#, Java, and Go – to prevent memory corruption vulnerabilities from entering the digital ecosystem. Accor… Continue reading White House: Use memory-safe programming languages to protect the nation
Security researchers from Trail of Bits identified a GPU memory vulnerability they called LeftoverLocals. Some affected GPU vendors have issued fixes. Continue reading Attackers Could Eavesdrop on AI Conversations on Apple, AMD, Imagination and Qualcomm GPUs
Recently patched vulnerabilities in MatrixSSL and wolfSSL, two open-source TLS/SSL implementations / libraries for embedded environments, have emphasized the great potential of using fuzzing to uncover security holes in implementations of cryptographic… Continue reading Vulnerabilities in cryptographic libraries found through modern fuzzing
A common adage in information security is that most startups don’t hire their first full-time security engineer until they’ve got around 300 employees. If an app only stores public data and has no need to authenticate users, that might not present much of a problem. But when an app needs to be trusted to protect the confidentiality of a person’s political preference, it’s something else entirely. It’s why Tusk Philanthropies — an organization devoted to bringing mobile voting to the masses — is playing matchmaker between a half-dozen mobile voting startups and the security experts that can help bring them up to snuff. The team at Trail of Bits — a boutique software security firm based in New York — was commissioned by Tusk in late 2019 to conduct a thorough ‘white box’ security test of mobile voting app Voatz, an app used in five states. The testers would have […]
The post Why you can’t trust your vote to the internet appeared first on CyberScoop.
Continue reading Why you can’t trust your vote to the internet
Cybersecurity research and consulting firm Trail of Bits released iVerify, a user-friendly iPhone security toolkit, on the iOS App Store. iVerify makes it easy for users to manage the security of their accounts and online presence with simple instructi… Continue reading Trail of Bits iVerify: A user-friendly iPhone security toolkit now available on the iOS App Store
GitHub, the world’s largest open source code repository and leading software development platform, has launched GitHub Security Lab. “Our team will lead by example, dedicating full-time resources to finding and reporting vulnerabilities in … Continue reading GitHub Security Lab aims to make open source software more secure
A new program in the App Store is promising to help users detect if outsiders are lurking on their device. The consulting firm Trail of Bits on Thursday announced iVerify, a toolkit meant to help users secure their accounts with a series of instructional guides. If the app works as intended, it also will scan iPhones for odd behavior that could prove its been hacked, like if other apps are transferring data in a way they shouldn’t be authorized. It’s available for $4.99 in the App Store, and is one of the first apps ever released in the marketplace meant to catch iPhone hacks, Motherboard reported. “It’s normally almost impossible to tell if your iPhone has been hacked, but our app gives you a heads-up,” the company said in a blog post. “iVerify periodically scans your device for anomalies that might indicate it’s been compromised, gives you a detailed report […]
The post As iOS vulnerabilities emerge, a new app promises to detect hacked iPhones appeared first on CyberScoop.
Continue reading As iOS vulnerabilities emerge, a new app promises to detect hacked iPhones
Facebook finished porting its SQL-powered detection tool, osquery, to Windows this week. Continue reading Facebook Debuts Open Source Detection Tool for Windows