InfoSec Week 44, 2018
The US federal prosecutors say that Chinese spies hacked dozen firms to steal aviation engineering secrets for the Chinese aerospace company.
Posted
#Weekly-News
DevOps, Security, Whatewer
The US federal prosecutors say that Chinese spies hacked dozen firms to steal aviation engineering secrets for the Chinese aerospace company.
Posted
#Weekly-News
A zero-day vulnerability in the jQuery File Upload plugin is actively exploited for at least three years. Patch now!
Posted
#Weekly-News
The Czech Security Intelligence Service (BIS) shuts down Hezbollah servers in the Hezbollah hacking operation. Hackers used female Facebook profiles to trick victims into installing spyware.
Posted
#Weekly-News
Memory corruption bug in WhatsApp's non-WebRTC video conferencing implementation can screw you. Just answering a call from an attacker could completely compromise WhatsApp.
Posted
#Weekly-News
Estonia sues Gemalto for €152M over ID card flaws. According to an article, some keys were NOT generated on a smartcard due to a scaling issue. Well, looks like they are not affected by ROCA vulnerability, just compromised by Gemalto:)
Posted
#Weekly-News
Linux had officially committed to implementing and obeying the Code of Conduct — which is immediately misused to remove top Linux coders. Some of the Linux developers are now threatening to withdraw the license to all of their code.
Posted
#Weekly-News
Purism project introduced their own security token called the Librem Key. They have partnered with the Nitrokey manufacturer, but the firmware provides additional functionality, like a challenge response mode where the key informs you if the bios running on a PC has validated itself to the key.
Posted
#Weekly-News
Tesla model S is using a 40bit challenge response scheme broken back in 2005. Researchers stole a car in ~6 seconds with precomputed tables.
Posted
#Weekly-News