Security

Researchers at a security firm named AdaptiveMobile Security have issued a report (via TNW) about a new vulnerability nicknamed Simjacker that uses your phone's SIM card to spy on you. Because all makes and models of mobile phones can be used with Simjacker, over 1 billion handsets might be affected globally. The research firm says that it believes the vulnerability was developed by a private company that works with governments to monitor the locations of individuals around the world. The exploit also can help the attackers obtain the unique IMEI number belonging to each phone.

Hackers exploited more than a dozen iOS vulnerabilities—most of them unpatched zerodays—in a two-year campaign that stole photos, emails, log-in credentials, and more from iPhones and iPads, researchers from Google’s Project Zero said.

L33tdawg: Don't miss this talk at #HITBGSEC on Wednesday

Hackers are actively unleashing attacks that attempt to steal encryption keys, passwords, and other sensitive data from servers that have failed to apply critical fixes for two widely used virtual private network (VPN) products, researchers said.

In an attempt to quell a controversy that has raised the ire of white-hat hackers, the maker of the Steam online game platform said on Thursday it made a mistake when it turned away a researcher who recently reported two separate vulnerabilities.

In its statement, Valve Corporation references HackerOne, the reporting service that helps thousands of companies receive and respond to vulnerabilities in their software or hardware. The company also writes:

Researchers have demonstrated a serious weakness in the Bluetooth wireless standard that could allow hackers to intercept keystrokes, address books, and other sensitive data sent from billions of devices.

L33tdawg: Such a bad idea it's not even funny. Here's why. I guess it's time for Rop and Hari to make a trip to Malaysia.

THE Election Commission (EC) is studying the possibility of implementing electronic voting (e-voting) to cater to an estimated 22 million voters in the next general election.

On Tuesday, Tavis Ormandy of Google's Project Zero released an exploit kit called ctftool, which uses and abuses Microsoft's Text Services Framework in ways that can effectively get anyone root—er, system that is—on any unpatched Windows 10 system they're able to log in to. The patches for this vulnerability—along with several other serious issues—went out in this week's Patch Tuesday update.

Multiple vulnerabilities in Canon’s DSLR camera firmware could allow an attacker to plant malware on devices and ransom images from users. The bugs, outlined in a session here at DEF CON, open the door to a range of hacks via a Wi-Fi network or a PC’s USB connection to a camera.

For months, systems administrators have been racing to patch their Windows systems against BlueKeep, a critical vulnerability in Microsoft's Remote Desktop Protocol that could enable a global, internet-chewing worm if not fixed across hundreds of thousands of vulnerable computers. That worm has yet to arrive. But now, Microsoft has reset the clock in that race, revealing a collection of new RDP vulnerabilities, two of which could also result in the same sort of global worm—and this time in newer versions of Windows.

CA/Browser Forum – an industry body of web browser makers, software developers, and security certificate issuers – is considering slashing the lifetime of HTTPS certs from 27 months to 13 months.