Serious vulnerabilities in Matrix’s end-to-end encryption are being patched
Previously overlooked flaws allow malicious homeservers to decrypt and spoof messages. Enlarge (credit: matrix.org) Developers of the open source Matrix messenger protocol are releasing an update on Thursday to fix critical en.....»»
Apple"s private Wi-Fi MAC addresses were security theater until iOS 17.1
Apple introduced a feature that would hide a user's permanent MAC address in 2020, but it's been virtually useless until iOS 17.1 thanks to a now patched vulnerability.Private Wi-Fi addressWhen a device connects to a network, it performs a necessary.....»»
Adtran tackles GPS vulnerabilities with Satellite Time and Location technology
Adtran launched new synchronization solutions featuring Satellite Time and Location (STL) technology to address the growing vulnerabilities of GPS and other GNSS systems to jamming and spoofing attacks. Alongside GNSS-based timing, the OSA 5405-S PTP.....»»
Raven: Open-source CI/CD pipeline security scanner
Raven (Risk Analysis and Vulnerability Enumeration for CI/CD) is an open-source CI/CD pipeline security scanner that makes hidden risks visible by connecting the dots across vulnerabilities woven throughout the pipeline that, when viewed collectively.....»»
Quishing: Tricks to look out for
QR code phishing – aka “quishing” – is on the rise, according to HP, Darktrace, Malwarebytes, AusCERT, and many others. What are QR codes? QR codes are two-dimensional matrix barcodes used for tracking products, identifying it.....»»
Apple patched several security vulnerabilities in iOS 17.1 and the rest
The latest security patches in iOS 17.1, iPadOS 17.1, macOS Sonoma 14.1 and the other operating system updates cover a range of potential exploits and vulnerabilities.iOS 17.1 has several security patchesApple has shared the security patch notes for.....»»
Do we live in a computer simulation like in The Matrix? Proposed new law of physics backs up the idea
The simulated universe theory implies that our universe, with all its galaxies, planets and life forms, is a meticulously programmed computer simulation. In this scenario, the physical laws governing our reality are simply algorithms. The experiences.....»»
The Encryption Summit: all the news and updates as they happen
The Encryption Summit: all the news and updates as they happen.....»»
The Encryption Summit: all the news and updates as they happened
The Encryption Summit: all the news and updates as they happened.....»»
Citrix NetScaler bug exploited in the wild since August (CVE-2023-4966)
A recently patched Citrix NetScaler ADC/Gateway information disclosure vulnerability (CVE-2023-4966) has been exploited by attackers in the wild since late August 2023, Mandiant researchers have revealed. About CVE-2023-4966 Citrix’s security a.....»»
State-sponsored APTs are leveraging WinRAR bug
A number of government-backed APTs are exploiting CVE-2023-38831, a file extension spoofing vulnerability in WinRAR, a widely used file archiver utility for Windows. CVE-2023-38831 has been patched in August 2023, along with another high-severity RCE.....»»
Meta"s AI messages on Instagram don"t seem to be encrypted
Meta's new AI personas on Instagram can only be accessed when end-to-end encryption is turned off. Before you go pouring your heart out to Billie, "your ride-or-die older sister" played by Kendall Jenner, or an AI grandpa named Brian on Instagr.....»»
Microsoft announces AI bug bounty program
Microsoft is offering up to $15,000 to bug hunters that pinpoint vulnerabilities of Critical or Important severity in its AI-powered “Bing experience”. “The new Microsoft AI bounty program comes as a result of key investments and le.....»»
Week in review: Patched curl and libcurl vulnerability, 15 free M365 security training modules
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Turning military veterans into cybersecurity experts In this Help Net Security interview, James Murphy, the Director of the TechVets Programme at th.....»»
Saturday Citations: Gravitational waves, time travel and the simulated universe hypothesis
This week, researchers proved empirically that life isn't fair. Also, you'll notice that, in a superhuman display of restraint, I managed to write a paragraph about the simulated universe hypothesis without once referencing "The Matrix." (Except for.....»»
New easy-to-use optical chip can self-configure to perform various functions
Researchers have developed an easy-to-use optical chip that can configure itself to achieve various functions. The positive real-valued matrix computation they have achieved gives the chip the potential to be used in applications requiring optical ne.....»»
Be prepared to patch high-severity vulnerability in curl and libcurl
Details about two vulnerabilities (CVE-2023-38545, CVE-2023-38546) in curl, a foundational and widely used open-source software for data transfer via URLs, are to be released on Wednesday, October 11. Daniel Stenberg, the original author and lead dev.....»»
Vulnerabilities in Supermicro BMCs could allow for unkillable server rootkits
With the ability to manage huge fleets of servers, BMCs are ideal places to stash malware. Enlarge (credit: Getty Images) If your organization uses servers that are equipped with baseboard management controllers from Sup.....»»
Qualcomm patches 3 actively exploited zero-days
Qualcomm has fixed three actively exploited vulnerabilities (CVE-2023-33106, CVE-2023-33107, CVE-2023-33063) in its Adreno GPU and Compute DSP drivers. Vulnerabilities exploited in Qualcomm GPU and DSP drivers The US-based semiconductor company has b.....»»
They’ve begun: Attacks exploiting vulnerability with maximum 10 severity rating
Will attacks be as big as those targeting MOVEit? Maybe not, but they still can be plenty bad. Enlarge (credit: Getty Images) Ransomware hackers have started exploiting one or more recently fixed vulnerabilities that pos.....»»
"Climate vulnerability index" shows where action, resources are needed to address climate change threats
Dr. Weihsueh Chiu, a professor at the Texas A&M School of Veterinary Medicine and Biomedical Sciences, helped create a new tool that provides communities and policymakers with actionable data about long-term vulnerabilities tied to climate change......»»