Researchers have disclosed a serious weakness in the WPA2 protocol that allows attackers within range of vulnerable device or access point to intercept passwords, e-mails, and other data presumed to be encrypted, and in some cases, to inject ransomware or other malicious content into a website a client is visiting.
L33tdawg: If you like travel hacking, you'll enjoy this talk at #HITB2018AMS next month.
Travel booking website Orbitz has been hacked, the company said.
The site, now owned by Expedia, confirmed in a statement that it "identified and remediated a data security incident affecting a legacy travel booking platform."
Alex Stamos, Facebook's chief information security officer, will shift roles at the company. His transition will come in the wake of disagreements with other Facebook executives like COO Sheryl Sandberg about how to investigate and disclose Russian activity on the platform, The New York Times reports, citing employees of the social network. Stamos advocated for greater disclosure. Prior to his hiring at Facebook in 2015, Stamos was Chief Information Security Officer at Yahoo.
Amsterdam – 19 March 2018: User behavior analytics (UBA) solutions typically applies machine learning algorithms to detect abnormal user activities and the market is continuing to expand rapidly with vendor and open-source UBA tech to help organisations identify ‘unknown unknowns’ for further investigation. A key to successfully implementing these solutions requires advanced understanding of the underlying technology, concepts and risks involved.
For at past nine years, Mozilla has been using an insufficiently strong encryption mechanism for the "master password" feature.
Both Firefox and Thunderbird allow users to set up a "master password" through their settings panel. This master password plays the role of an encryption key that is used to encrypt each password string the user saves in his browser or email client.
Amsterdam – 16 March 2018: A smart connected car is not much more than a computer on wheels, with systems that control one or more areas of the automobile called electronic control units (ECUs). ECUs communicate in real-time over a system called a controller area network or CAN. At the Hack In The Box Conference in Amsterdam next month, ElevenPaths Claudio Caracciolo and Sheila Ayelan Berta will be presenting a new feature of their hardware device ‘The Bicho’ which exploits the CAN bus allowing for remote take over of the target vehicle.
Shipping in the second half of this year, the next generation of Xeon Scalable Processors (codenamed Cascade Lake) will contain hardware fixes for the Meltdown attack and certain variants of the Spectre attack. So, too, will a range of processors using the same 8th generation Core branding that some processors are already using.
Earlier this year, attacks that exploit the processor's speculative execution were published with the names Meltdown and Spectre, prompting a reaction from hardware and software companies.
The US has introduced new sanctions against Russia after accusing the country not only of interfering in the 2016 election, but also launching a cyberattack on its energy grid.
Officials say that malware traced back to Moscow had been found to have infected operating systems on computers belonging to companies in the energy sector. The Department of Homeland Security is in no doubt that the Russian government is responsible.
CTS Labs, a heretofore unknown Tel Aviv-based cybersecurity startup, has claimed it's found over a dozen security problems with AMD Ryzen and EPYC processors. Linus Torvalds, Linux's creator, doesnt buy it.
Torvalds, in a Google+ discussion, wrote:
"When was the last time you saw a security advisory that was basically 'if you replace the BIOS or the CPU microcode with an evil version, you might have a security problem?' Yeah."
In July of 2017, the nonprofit certificate authority Let's Encrypt promised to deliver something that would put secure websites and Web applications within reach of any Internet user: free "wildcard" certificates to enable secure HTTP connections for entire domains. Today, Let's Encrypt took that promised service live, in addition to a new version of the Automated Certificate Management Environment (ACME) protocol, an interface that can be used by a variety of client software packages to automate verification of certificate requests.