The United States military is now testing high-altitude surveillance balloons across the Midwest, according to documents a military contractor filed with the Federal Communications Commission. The news was first reported by The Guardian. The filing states the intent of military contractor Sierra Nevada Corporation is to ‘provide a persistent surveillance system to locate and deter… Read More

Earlier this year in April, two security researchers disclosed details about five vulnerabilities (collectively known as Dragonblood) in the WiFi Alliance’s recently launched WPA3 WiFi security and authentication standard. Yesterday, the same security researchers disclosed two new additional bugs impacting the same standard. The two researchers — Mathy Vanhoef and Eyal Ronen — found these… Read More

Capital One and GitHub have been sued this week as part of a class-action lawsuit filed in California on allegations of failing to secure or prevent a security breach during which the personal details of more than 106 million users were stolen by a hacker. While Capital One is named in the lawsuit because it… Read More

At the Black Hat security conference in Las Vegas next week, a group of network communication security researchers will present findings on flaws in the 5G protections meant to thwart the surveillance devices known as stingrays. Also called ‘IMSI catchers’ after the international mobile subscriber identity number attached to every cell phone, stingrays masquerade as… Read More

Late last week, the U.S. House of Representatives passed legislation to mandate federal research on a radically ‘retro’approach to protect power grids from cyber attack: unplugging or otherwise isolating the most criticalequipment from grid operators’ digital control systems. Angus King, an independent senator from Maine whose identical bill passedthe Senate last month, says such a… Read More

Forescout estimates that ‘software in modern cars exceeds 100 million lines of code’ — 15 times greater than in avionics software. That means that hackers have numerous points of entry, whether it’s through mobile apps, cell phone networks, internet access, the vehicle’s Controller Area Network (CAN) bus, or even the onboard diagnostics port. A 2019… Read More

Facebook’s web codebase currently contains millions of lines of Hack code. To handle the sheer volume of code, we build sophisticated systems and tools to augment the comprehensive reviews our security engineers conduct. Today, we are sharing the details of one of those tools, called Zoncolan, for the first time. Zoncolan helps security engineers scale… Read More

The recent disclosure of yet another cloud security misconfiguration leading to the loss of sensitive personal information made the headlines this past week. This particular incident came with a bit more information from the indictment of the accused party, allowing us to piece together the revealed data and take an educated guess as to what… Read More