Apple Unpatched VPN Bypass Bug Impacts iOS 13, Warn Researchers
The vulnerability can be exploited to reveal limited traffic data including a device’s IP address.
Encryption
Tokyo Olympics Postponed, But 5G Security Lessons Shine
Threatpost Senior Editor Tara Seals is joined by Russ Mohr, engineer and Apple evangelist at MobileIron along with Jerry Ray, COO at SecureAge, for a discussion about the now postponed Tokyo Games and its use of 5G and the myriad of security concerns J…
WildPressure targets industrial-related entities in the Middle East
Kaspersky discovered a malicious campaign distributing a fully fledged C++ Trojan that we call Milum. All the victims we registered were organizations from the Middle East. At least some of them are related to industrial sector.
Report calls for web pre-screening to end UK’s child abuse ‘explosion’
The IICSA report cited “unprecedented levels of depravity” and said that encryption is getting in the way of current screening.
The EARN-IT Act
Prepare for another attack on encryption in the U.S. The EARN-IT Act purports to be about protecting children from predation, but it’s really about forcing the tech companies to break their encryption schemes: The EARN IT Act would create a "National Commission on Online Child Sexual Exploitation Prevention" tasked with developing "best practices" for owners of Internet platforms to "prevent,…
Variant of Paradise Ransomware Targets Office IQY Files
Threat actors can easily infiltrate networks because attacks evade detection by typical security protections.
This Unpatchable Flaw Affects All Intel CPUs Released in Last 5 Years
All Intel processors released in the past 5 years contain an unpatchable vulnerability that could allow hackers to compromise almost every hardware-enabled security technology that are otherwise designed to shield sensitive data of users even when a sy…
Let’s Encrypt Vulnerability
The BBC is reporting a vulnerability in the Let’s Encrypt certificate service: In a notification email to its clients, the organisation said: "We recently discovered a bug in the Let’s Encrypt certificate authority code. "Unfortunately, this means we need to revoke the certificates that were affected by this bug, which includes one or more of your certificates. To avoid disruption,…
Wi-Fi Chip Vulnerability
There’s a vulnerability in Wi-Fi hardware that breaks the encryption: The vulnerability exists in Wi-Fi chips made by Cypress Semiconductor and Broadcom, the latter a chipmaker Cypress acquired in 2016. The affected devices include iPhones, iPads, Macs, Amazon Echos and Kindles, Android devices, and Wi-Fi routers from Asus and Huawei, as well as the Raspberry Pi 3. Eset, the security…
Billions of Devices Open to Wi-Fi Eavesdropping Attacks
The Kr00k bug arises from an all-zero encryption key in Wi-Fi chips that reveals communications from devices from Amazon, Apple, Google, Samsung and others.