Serious vulnerabilities in Matrix’s end-to-end encryption are being patched
Previously overlooked flaws allow malicious homeservers to decrypt and spoof messages. Enlarge (credit: matrix.org) Developers of the open source Matrix messenger protocol are releasing an update on Thursday to fix critical en.....»»
Next-gen OSDP was supposed to make it harder to break in to secure facilities. It failed.
OSDP Secure Channel has yet to gain widespread usage, and it's already broken. Enlarge (credit: Getty Images) Researchers have discovered a suite of vulnerabilities that largely break a next-generation protocol that was.....»»
Researchers create high-performance aluminum matrix composites with asymmetric cryocooling
Our ongoing endeavor to venture into outer space demands substantial technological advances across various fields, including materials science. Materials used in the aerospace industry must be lightweight yet mechanically resistant, a combination tha.....»»
August 2023 Patch Tuesday forecast: Software security improvements
The continued onslaught of phishing attacks, ransomware deployment, and other exploitation is forcing the community to pay closer attention to early identification, as well as fast response, to vulnerabilities in their software. In July alone Microso.....»»
Top 12 vulnerabilities routinely exploited in 2022
Cybersecurity agencies from member countries of the Five Eyes intelligence alliance have released a list of the top 12 vulnerabilities routinely exploited in 2022, plus 30 additional ones also “popular” with attackers. The top 12 “I.....»»
Google’s AI Red Team: Advancing cybersecurity on the AI frontier
With the rise of ML, traditional red teams tasked with probing and exposing security vulnerabilities found themselves facing a new set of challenges that required a deep and comprehensive understanding of machine learning. Google’s recent announcem.....»»
Microsoft comes under blistering criticism for “grossly irresponsible” security
Azure looks like a house of cards collapsing due to exploits and vulnerabilities. Enlarge (credit: Drew Angerer | Getty Images) Microsoft has once again come under blistering criticism for the security practices of Azure.....»»
1 in 100 emails is malicious
BEC and phishing attacks soar by 20% and 41% respectively in H1 2023, according to Perception Point. Cyber attackers have continued to refine their methods, adopting more sophisticated techniques to exploit vulnerabilities across various sectors. Wit.....»»
It’s a hot 0-day summer for Apple, Google, and Microsoft security fixes
July saw two high-severity bugs in Firefox, while Oracle patched over 500 vulnerabilities. Enlarge (credit: WIRED staff) The summer patch cycle shows no signs of slowing down, with tech giants Apple, Google, and Microsof.....»»
Exploiting nonlinear scattering medium for optical encryption, computation and machine learning
Can one see through a scattering medium like ground glass? Conventionally, such a feat would be deemed impossible. As light travels through an opaque medium, the information contained in the light becomes "jumbled up," almost as if undergoes complex.....»»
Android n-day bugs pose zero-day threat
In the Android ecosystem, n-day vulnerabilities are almost as dangerous as zero-days, according to Google’s review of zero-days exploited in the wild in 2022. N-days functioning as zero-days Zero-days are software bugs that are unknown to the v.....»»
Baffle Advanced Encryption analyzes regulated data while meeting all compliance standards
Baffle unveiled Baffle Data Protection Services with Advanced Encryption, a privacy-enhanced technology solution that enables analytical and operational computations on protected, regulated data. Baffle’s no code, data-centric software protects dat.....»»
WhatsApp now lets you add short video messages to chats
WhatsApp now lets you add video messages of up to 60 seconds to a chat. The messages are protected with end-to-end encryption to keep them secure......»»
ZTNA can be more than a VPN replacement for application access
In the wake of increased workforce mobility, today’s organizations require more innovative, more flexible, and more secure methods of granting network and application access to their workers. ZTNA adoption The encryption-based security approach lev.....»»
Palo Alto Networks unveils CI/CD Security module to improve risk prevention
The attack surface of cloud-native applications continues to grow as adversaries look to exploit misconfigurations and vulnerabilities throughout the application life cycle. In response, the industry has turned to Cloud Native Application Protection.....»»
A step-by-step guide for patching software vulnerabilities
Coalition’s recent Cyber Threat Index 2023 predicts the average Common Vulnerabilities and Exposures (CVEs) rate will rise by 13% over 2022 to more than 1,900 per month in 2023. As thousands of patches and updates are released each month, organizat.....»»
Encryption-breaking, password-leaking bug in many AMD CPUs could take months to fix
"Zenbleed" bug affects all Zen 2-based Ryzen, Threadripper, and EPYC CPUs. Enlarge (credit: AMD) A recently disclosed bug in many of AMD's recent consumer, workstation, and server processors can cause the chips to leak d.....»»
Some top AMD chips have a major security flaw
AMD Zen 2 flaw allowed threat actors to exfiltrate encryption keys, giving access to sensitive information......»»
Researchers find deliberate backdoor in police radio encryption algorithm
Vendors knew all about it, but most customers were clueless. Enlarge (credit: Evgen_Prozhyrko via Getty) For more than 25 years, a technology used for critical data and voice radio communications around the world has bee.....»»
Apple fixes exploited zero-day in all of its OSes (CVE-2023-38606)
Apple has patched an exploited zero-day kernel vulnerability (CVE-2023-38606) in iOS, iPadOS, macOS, watchOS and tvOS. CVE-2023-38606 fix has been backported In early July, Apple fixed an actively exploited zero-day vulnerability (CVE-2023-37450) in.....»»
Apple fixes two exploited vulnerabilities in iOS 16.6 security update
Apple's security updates in iOS 16.6 and iPadOS 16.6 fix vulnerabilities and issues affecting the Neural Engine, WebKit, and Find My, along with two that are reportedly actively exploited.Just after releasing iOS 16.6 and iPadOS 16.6 to the public, A.....»»