Google pulls Huawei’s Android license May 20, 2019 | sento | Leave a comment Following the US crackdown on Chinese technology companies, Google has cut off Huawei’s Android license, dealing a huge blow to the besieged phonemaker. Reuters first reported the news, and The Verge subsequently confirmed Google’s suspension of business with Huawei with a source familiar with the matter. Reached for comment, a Google spokesperson said only “We… Read More
Google’s Sensorvault Is a Boon for Law Enforcement. This Is How It Works. May 19, 2019 | sento | Leave a comment Law enforcement officials across the country have been seeking information from a Google database called Sensorvault — a trove of detailed location records involving at least hundreds of millions of devices worldwide, The New York Times found. Though the new technique can identify suspects near crimes, it runs the risk of sweeping up innocent bystanders,… Read More
Post-mortem and remediations for Apr 11 security incident May 19, 2019 | sento | Leave a comment On April 11th we dealt with a major security incident impacting the infrastructure which runs the Matrix.org homeserver – specifically: removing an attacker who had gained superuser access to much of our production network. We provided updates at the time as events unfolded on April 11 and 12 via Twitter and our blog, but in… Read More
A serious hack hit WhatsApp May 18, 2019 | sento | Leave a comment A security flaw in WhatsApp’s audio calling feature let hackers install spyware on iPhones and Androids. The attack is expected to have a limited reach but you should update WhatsApp straight away WhatsApp’s default end-to-end encryption is one of Facebook’s biggest security assets – but even this doesn’t help when the app itself is attacked.… Read More
Google Titan Security Key Recalled After Bluetooth Pairing Bug May 18, 2019 | sento | Leave a comment Google’s Titan Security Key, launched in the U.S. market last August, is a USB dongle that offers an added layer of security features for Google accounts, such as two-factor authentication and protections from phishing attacks. Specifically impacted is the version of the Titan Security Key with Bluetooth Low Energy (BLE) – not the NFC version… Read More
Cisco Service Provider, WebEx Bugs Offer Up Remote Code Execution May 18, 2019 | sento | Leave a comment Cisco is warning of critical remote code-execution (RCE) vulnerabilities in the Cisco Prime Infrastructure (PI) and Evolved Programmable Network (EPN) Manager, which is used by telcos, mobile carriers, cable companies and ISPs to manage their hardware infrastructure. The vendor also issued estimated bug-fix dates for an unpatched, high-severity Secure Boot flaw that was disclosed on… Read More
Forbes Becomes Latest Victim of Magecart Payment Card Skimmer May 18, 2019 | sento | Leave a comment The web skimming script was recently found stealing payment data on the websites of Forbes Magazine as well as seven others. The payment card-siphoning Magecart group has struck again; this time injecting web-skimming scripts into the subscription website for the Forbes print magazine (as well as a slew of others over the past week). The… Read More
Stack Overflow hacker went undetected for a week May 18, 2019 | sento | Leave a comment The hacker who breached Stack Overflow last week managed to access data on user accounts, the company said today in an update on its investigation into a security breach it disclosed last night. The update comes to shed some light into what happened on the company’s servers last week, after Stack Overflow left many users… Read More
Chinese state-sponsored hackers breached TeamViewer in 2016 May 18, 2019 | sento | Leave a comment The German newspaper Der Spiegel revealed that the software company behind TeamViewer was compromised in 2016 by Chinese hackers. According to the media outlet, Chinese state-sponsored hackers used the Winnti trojan malware to infect the systems of the Company. The Winnti group was first spotted by Kaspersky in 2013, according to the researchersthe gang has… Read More
Alpine Linux Docker Images Shipped for 3 Years with Root Accounts Unlocked May 11, 2019 | sento | Leave a comment For three years, some Alpine Linux Docker images have shipped with a root account and no password, opening the door for attackers to easily access vulnerable servers and workstations provisioned for the images. Affected versions of Alpine Linux Docker distros include 3.3, 3.4, 3.5, 3.6, 3.7, 3.8 and 3.9 Alpine Docker Edge, according to Cisco… Read More