vulnerabilities

A Matrix Update Will Patch Serious End-to-End Encryption Flaws

A Matrix Update Will Patch Serious End-to-End Encryption Flaws

Developers of the open source Matrix messenger protocol are releasing an update to fix critical end-to-end encryption vulnerabilities that subvert the confidentiality and authentication guarantees that have been key to the platform’s meteoric rise. Matrix is ​​a sprawling ecosystem of open source and proprietary chat and collaboration clients and servers that are fully interoperable. The …

A Matrix Update Will Patch Serious End-to-End Encryption Flaws Read More »

Mystery Hackers Are 'Hyperjacking' Targets for Insidious Spying

Mystery Hackers Are ‘Hyperjacking’ Targets for Insidious Spying

For decades, virtualization software has offered a way to vastly multiply computers’ efficiency, hosting entire collections of computers as “virtual machines” on just one physical computer. And for almost as long, security researchers have warned about the potential dark side of that technology: theoretical “hyperjacking” and “Blue Pill” attacks, where hackers hijack virtualization to spy …

Mystery Hackers Are ‘Hyperjacking’ Targets for Insidious Spying Read More »

Slack and Teams' Lax App Security Raises Alarms

Slack and Teams’ Lax App Security Raises Alarms

Collaboration apps like Slack and Microsoft Teams have become the connective tissue of the modern workplace, tying together users with everything from messaging to scheduling to video conference tools. But as Slack and Teams become full-blown, app-enabled operating systems of corporate productivity, one group of researchers has pointed to serious risks in what they expose …

Slack and Teams’ Lax App Security Raises Alarms Read More »

A New Linux Tool Aims to Guard Against Supply Chain Attacks

A New Linux Tool Aims to Guard Against Supply Chain Attacks

In the wake of alarming incidents like Russia’s massive 2017 NotPetya malware attack and the Kremlin’s 2020 SolarWinds cyberespionage campaign—both pulled off by poisoning wells for software distribution—organizations around the world have been scrambling to get a handle on software supply chain security. In general, and for open source software in particular, stronger defense rests …

A New Linux Tool Aims to Guard Against Supply Chain Attacks Read More »

The Uber Hack's Devastation Is Just Starting to Reveal Itself

The Uber Hack’s Devastation Is Just Starting to Reveal Itself

On Thursday evening, ride-share giant Uber confirmed that it was responding to “a cybersecurity incident” and was contacting law enforcement about the breach. An entity that claims to be an individual 18-year-old hacker took responsibility for the attack, bragging to multiple security researchers about the steps they took to breach the company. The attacker reportedly …

The Uber Hack’s Devastation Is Just Starting to Reveal Itself Read More »

Careless Errors in Hundreds of Apps Could Expose Troves of Data

Careless Errors in Hundreds of Apps Could Expose Troves of Data

As with any piece of software, mobile apps can create an array of security issues and exposures, from rogue programs that are intentionally malicious to apps that contain an obscure but significant flaw. Now, new research is shedding light on systemic oversights in mobile app cloud infrastructure that are all too common and create the …

Careless Errors in Hundreds of Apps Could Expose Troves of Data Read More »

Janet Jackson's 'Rhythm Nation' Can Crash Old Hard Drives

Janet Jackson’s ‘Rhythm Nation’ Can Crash Old Hard Drives

A new jailbreak for John Deere tractors, demonstrated at the Defcon security conference in Las Vegas last Saturday, put a spotlight on the strength of the right-to-repair movement as it continues to gain momentum in the United States. Meanwhile, researchers are developing expanded tools for detecting spyware on Windows, Mac, and Linux computers as the …

Janet Jackson’s ‘Rhythm Nation’ Can Crash Old Hard Drives Read More »

Spyware Hunters Are Expanding Their Toolset

Spyware Hunters Are Expanding Their Toolset

The surveillance-for-hire industry’s powerful mobile spyware tools have gotten increasing attention lately as tech companies and governments grapple with the scale of the threat. But spyware that targets laptops and desktop PCs is extremely common in an array of cyberattacks, from state-backed espionage to financially motivated scams. Due to this growing threat, researchers from the …

Spyware Hunters Are Expanding Their Toolset Read More »