Security News

Microsoft extends Office bug bounty program

zdnet 0 day - Mon, 09/18/2017 - 04:32
The company is offering up to $15,000 per bounty.
Categories: Security News

Friday Squid Blogging: Another Giant Squid Caught off the Coast of Kerry

Bruce Shneier's Blog - Fri, 09/15/2017 - 14:53
The Flannery family have caught four giant squid, two this year. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.... Bruce Schneier
Categories: Security News

Another iPhone Change to Frustrate the Police

Bruce Shneier's Blog - Fri, 09/15/2017 - 06:28
I recently wrote about the new ability to disable the Touch ID login on iPhones. This is important because of a weirdness in current US law that protects people's passcodes from forced disclosure in ways it does not protect actions: being forced to place a thumb on a fingerprint reader. There's another, more significant, change: iOS now requires a passcode... Bruce Schneier
Categories: Security News

Yet another trove of sensitive US voter records has leaked

zdnet 0 day - Thu, 09/14/2017 - 13:00
Each record contained details on voters, including names, addresses, dates of birth, their ethnic identity, whether an individual is married, and the individual's voting preferences.
Categories: Security News

AppGuard secures $30 million in Series B funding

zdnet 0 day - Thu, 09/14/2017 - 08:00
The cybersecurity firm will use the cash to complete the acquisition of KeepTree.
Categories: Security News

Hacking Robots

Bruce Shneier's Blog - Thu, 09/14/2017 - 06:17
Researchers have demonstrated hacks against robots, taking over and controlling their camera, speakers, and movements. News article.... Bruce Schneier
Categories: Security News

JPMorgan calls Bitcoin 'fraud' only for use by criminals and North Koreans

zdnet 0 day - Thu, 09/14/2017 - 05:05
JPMorgan boss Jamie Dimon has not minced his words when it comes to the cryptocurrency.
Categories: Security News

Samsung launches bug bounty program for mobile devices

zdnet 0 day - Thu, 09/14/2017 - 03:43
Researchers can earn up to $200,000 for disclosing bugs impacting the security of your handsets.
Categories: Security News

Zerodium lures researchers with $1 million payout for Tor Browser flaws

zdnet 0 day - Thu, 09/14/2017 - 02:57
The new bug bounty program only wants functional zero-day exploits.
Categories: Security News

Equifax confirms Apache Struts security flaw it failed to patch is to blame for hack

zdnet 0 day - Wed, 09/13/2017 - 20:27
The company said the March vulnerability was exploited by hackers.
Categories: Security News

On the Equifax Data Breach

Bruce Shneier's Blog - Wed, 09/13/2017 - 12:49
Last Thursday, Equifax reported a data breach that affects 143 million US customers, about 44% of the population. It's an extremely serious breach; hackers got access to full names, Social Security numbers, birth dates, addresses, driver's license numbers -- exactly the sort of information criminals can use to impersonate victims to banks, credit card companies, insurance companies, and other businesses... Bruce Schneier
Categories: Security News

Hacking Voice Assistant Systems with Inaudible Voice Commands

Bruce Shneier's Blog - Wed, 09/13/2017 - 06:03
Turns out that all the major voice assistants -- Siri, Google Now, Samsung S Voice, Huawei HiVoice, Cortana and Alexa -- listen at audio frequencies the human ear can't hear. Hackers can hijack those systems with inaudible commands that their owners can't hear. News articles.... Bruce Schneier
Categories: Security News

Does Face ID make the iPhone X more secure? Depends who's asking

zdnet 0 day - Tue, 09/12/2017 - 17:00
A brief lesson in threat models, and why you should care.
Categories: Security News

Microsoft patches Office zero-day used to spread FinSpy surveillance malware

zdnet 0 day - Tue, 09/12/2017 - 15:22
The malware, often used by nation states, exploits a flaw in Office, and it's known to have targeted Russians.
Categories: Security News

Security flaws put billions of Bluetooth phones, devices at risk

zdnet 0 day - Tue, 09/12/2017 - 08:00
It's thought to be the most widescale set of vulnerabilities based on the number of devices affected, hitting Windows desktops, Android devices, older iPhones and iPads, and smart devices.
Categories: Security News

Securing a Raspberry Pi

Bruce Shneier's Blog - Tue, 09/12/2017 - 06:12
A Raspberry Pi is a tiny computer designed for markers and all sorts of Internet-of-Things types of projects. Make magazine has an article about securing it. Reading it, I am struck by how much work it is to secure. I fear that this is beyond the capabilities of most tinkerers, and the result will be even more insecure IoT devices.... Bruce Schneier
Categories: Security News

Google reveals formal plan to distrust Symantec certificates in 2018

zdnet 0 day - Tue, 09/12/2017 - 05:53
The shift will begin with a new version of the Chrome web browser.
Categories: Security News

Equifax's credit report monitoring site is also vulnerable to hacking

zdnet 0 day - Mon, 09/11/2017 - 19:00
The site has at least one vulnerability that allows a hacker to trick users into turning over sensitive data.
Categories: Security News

A Hardware Privacy Monitor for iPhones

Bruce Shneier's Blog - Mon, 09/11/2017 - 06:12
Andrew "bunnie" Huang and Edward Snowden have designed a hardware device that attaches to an iPhone and monitors it for malicious surveillance activities, even in instances where the phone's operating system has been compromised. They call it an Introspection Engine, and their use model is a journalist who is concerned about government surveillance: Our introspection engine is designed with the... Bruce Schneier
Categories: Security News

Crackas With Attitude gov't data leaker sent behind bars

zdnet 0 day - Mon, 09/11/2017 - 03:46
The 25-year-old has been charged with leaking information belonging to thousands of FBI agents.
Categories: Security News