Security

In late 2016, Google’s security team scrambled to fix a critical vulnerability that allowed attackers to gain unfettered root access to Android devices by using a relatively new class of exploit that manipulates data stored in memory chips. Now, 21 months later, many of the same researchers behind the attack, dubbed Drammer, are back to say that a large number of Android phones and tablets remain vulnerable to the rooting attacks because the patches Google deployed weren’t adequate.

Last week, developers on OpenBSD—the open source operating system that prioritizes security—disabled hyperthreading on Intel processors. Project leader Theo de Raadt said that a research paper due to be presented at Black Hat in August prompted the change, but he would not elaborate further.

The joint product of researchers at UT Texas, the Hebrew University, and Technion, a new paper aimed at considering smartphone security details a potentially devastating hack that would allow an attacker to use your battery as a 'snitch'.

The attack, currently only tested in a simulated environment, uses a microcontroller to turn a smartphone battery into a 'snitch' by sampling power flowing in and out of it, and correlating the different rates at which power is consumed to different actions.

A fresh FBI charge against Marcus Hutchins has led to the Kronos banking trojan and the UPAS Kit backdoor being linked in the news over the past week.

However, a fresh analysis this week shows that, at least on a code level, the similarities (and differences) between the two are far from conclusive.

A Chinese-linked cyber-espionage unit has hacked a data center belonging to a Central Asian country and has embedded malicious code on government sites.

The hack of the data center happened sometime in mid-November 2017, according to a report published by Kaspersky Lab earlier this week.

For their entire existence, some of the world's most widely used email encryption tools have been vulnerable to hacks that allowed attackers to spoof the digital signature of just about any person with a public key, a researcher said Wednesday. GnuPG, Enigmail, GPGTools, and python-gnupg have all been updated to patch the critical vulnerability. Enigmail and the Simple Password Store have also received patches for two related spoofing bugs.

Countless Android devices are leaving themselves open to attack after being shipped with a critical port left unsecured.

Android Debug Bridge (ADB) is a feature that allows developers to communicate with an Android device remotely, executing commands, and – if necessary – taking full remote control.

For almost 11 years, hackers have had an easy way to get macOS malware past the scrutiny of a host of third-party security tools by tricking them into believing the malicious wares were signed by Apple, researchers said Tuesday.

L33tdawg: See you guys at HITBSecConf2018 - Beijing on November 1st and 2nd :)

At first glance, you couldn’t see much of a difference between DEF CON, the notoriously rowdy American hacker conference, and its newly formed franchise in Beijing, where in May China hosted its first hacker conference.

Apple on Monday previewed a variety of security and privacy features it plans to add to macOS and iOS operating systems, including encrypted Facetime group calls, password-management tools, and camera and microphone protections. The company also released a beta version of the upcoming iOS 12 that, according to Motherboard, all but kills off two iPhone unlocking tools used by police forces around the world.