https://news.hitb.org/index.php/ en https://news.hitb.org/index.php/content/lte-security-flaw-can-be-abused-take-out-subscriptions-your-expense <article data-history-node-id="55890" role="article" class="node article teaser clearfix UTF-8"> <header> <h2 class="title text-center"><a href="/index.php/content/lte-security-flaw-can-be-abused-take-out-subscriptions-your-expense" rel="bookmark"><span>LTE security flaw can be abused to take out subscriptions at your expense</span> </a></h2> <div class="meta submit clearfix"> <div class="date text-right"> <span class="lowercase">posted on</span>February 24, 2020 </div> <div class="author"> <span class="lowercase">by</span> <span><span>l33tdawg</span></span> </div> </div> </header> <div class="image-default"> <div> <a href="/index.php/content/lte-security-flaw-can-be-abused-take-out-subscriptions-your-expense" hreflang="en"><img loading="lazy" src="/sites/default/files/styles/medium/public/2018-07/4gltemobileinternetspeedlogo-580x358.jpg?itok=VU9aOhi6" width="220" height="136" alt="Flickr" /> </a> </div> <div class="image-credit"> <strong>Credit:</strong> Flickr </div> </div> <div class="content"> <div><p>A security vulnerability in LTE can be exploited to sign up for subscriptions or paid website services at someone else's expense, new research suggests.</p> <p>According to researchers from Ruhr-Universität Bochum, the flaw exists in the 4G mobile communication standard and permits smartphone user impersonation, which could allow attackers to "start a subscription at the expense of others or publish secret company documents under someone else's identity."</p></div> </div> <div class="meta link clearfix"> <div class="comment"> <span class="lowercase">no</span>comment </div> <div class="share text-center show-for-medium"> <span class="a2a_kit a2a_kit_size_16 addtoany_list" data-a2a-url="https://news.hitb.org/index.php/content/lte-security-flaw-can-be-abused-take-out-subscriptions-your-expense" data-a2a-title="LTE security flaw can be abused to take out subscriptions at your expense"><a class="a2a_button_facebook"><span class="fa fa-facebook"></span></a><a class="a2a_button_twitter"><span class="fa fa-twitter"></span></a><a class="a2a_button_linkedin"><span class="fa fa-linkedin"></span></a><a class="a2a_button_email"><span class="fa fa-envelope"></span></a></span> </div> <div class="read-more"><a href="/index.php/content/lte-security-flaw-can-be-abused-take-out-subscriptions-your-expense"><span class="lowercase">&#8594;</span>READ MORE</a></div> </div> </article> Mon, 24 Feb 2020 14:19:48 +0000 l33tdawg 55890 at https://news.hitb.org https://news.hitb.org/index.php/content/google%E2%80%99s-project-zero-chastised-trend-micro-over-security-vulnerability <article data-history-node-id="51490" role="article" class="node article teaser clearfix UTF-8"> <header> <h2 class="title text-center"><a href="/index.php/content/google%E2%80%99s-project-zero-chastised-trend-micro-over-security-vulnerability" rel="bookmark"><span>Google’s Project Zero chastised Trend Micro over security vulnerability</span> </a></h2> <div class="meta submit clearfix"> <div class="date text-right"> <span class="lowercase">posted on</span>January 12, 2016 </div> <div class="author"> <span class="lowercase">by</span> <span><span>l33tdawg</span></span> </div> </div> </header> <div class="image-default"> <div> <a href="/index.php/content/google%E2%80%99s-project-zero-chastised-trend-micro-over-security-vulnerability" hreflang="en"><img loading="lazy" src="/sites/default/files/styles/medium/public/field/image/hackers-2-640x0.jpg?itok=xp853KW7" width="220" height="146" alt="http://icdn2.digitaltrends.com/image/hackers-2-640x0.jpg" title="Credit: Digital Trends " /> </a> </div> <div class="image-credit"> <strong>Credit:</strong> <a href="http://icdn2.digitaltrends.com/image/hackers-2-640x0.jpg" target="_blank">http://icdn2.digitaltrends.com/image/hackers-2-640x0.jpg</a> </div> </div> <div class="content"> <div><p>When you pay for security software, you probably hope it’s protecting you — not creating a massive security breach in and of itself. But if you ran Trend Micro’s password manager, enabled by default for all Trend Micro users, any site on the web could have executed any app on your computer just by including a bit of code.</p> <p>A patch issued today mostly solves the problem. But as Ars Technica reports, that only happened because Google Project Zero team member Tavis Ormandy publicly berated the company.</p></div> </div> <div class="meta link clearfix"> <div class="comment"> <span class="lowercase">no</span>comment </div> <div class="share text-center show-for-medium"> <span class="a2a_kit a2a_kit_size_16 addtoany_list" data-a2a-url="https://news.hitb.org/index.php/content/google%E2%80%99s-project-zero-chastised-trend-micro-over-security-vulnerability" data-a2a-title="Google’s Project Zero chastised Trend Micro over security vulnerability"><a class="a2a_button_facebook"><span class="fa fa-facebook"></span></a><a class="a2a_button_twitter"><span class="fa fa-twitter"></span></a><a class="a2a_button_linkedin"><span class="fa fa-linkedin"></span></a><a class="a2a_button_email"><span class="fa fa-envelope"></span></a></span> </div> <div class="read-more"><a href="/index.php/content/google%E2%80%99s-project-zero-chastised-trend-micro-over-security-vulnerability"><span class="lowercase">&#8594;</span>READ MORE</a></div> </div> </article> Tue, 12 Jan 2016 00:26:47 +0000 l33tdawg 51490 at https://news.hitb.org