All posts by Michael Mimoso

BoundHook, gmail security, Google Advanced Protection, Infineon TPM vulnerability, KRACK, Podcasts, Privacy, ROCA, RSA private keys, Vulnerabilities, Web Security, Wi-Fi security, WPA2

Threatpost News Wrap, Oct. 20, 2017

October 20, 2017 Michael Mimoso Leave a comment

This week’s Threatpost News Wrap Podcast recaps the ROCA, KRACK and Boundhook attacks, as well as the release of Google Advanced Protection for Gmail.
Source: Threatpost.com | Privacy

Android, Key Reinstallation AttaCK, KRACK attack, Linux, Mathy Vanhoef, Privacy, Vulnerabilities, Wi-Fi security, wireless security, wpa_supplicant

KRACK Attack Devastates Wi-Fi Security

October 16, 2017 Michael Mimoso Leave a comment

The KRACK, or key reinstallation attack, disclosed today allow attackers to decrypt encrypted traffic, steal data and inject malicious code depending on the network configuration.
Source: Threatpost.com | Privacy

2NS, adobe, Adobe key leak, Adobe private key, Adobe PSIRT, Cryptography, Encryption, Juho Nurminen, PGP keys, Privacy, Public Key, Second Nature Security, Vulnerabilities

Adobe Private PGP Key Leak a Blunder, But It Could Have Been Worse

September 25, 2017 Michael Mimoso Leave a comment

Adobe suffered at a minimum a PR black eye on Friday when one of its private PGP keys was inadvertently published to its Product Incident Security Response Team (PSIRT) blog.
Source: Threatpost.com | Privacy

administrator credentials, CVE-2017-14596, Johannes Dahse, Joomla, LDAP Injection, Privacy, RIPS Technologies, super user password, Vulnerabilities

Joomla Patches Eight-Year-Old LDAP Injection Vulnerability

September 21, 2017 Michael Mimoso Leave a comment

Joomla on Tuesday patched a critical LDAP injection vulnerability that had lingered in the content management system for eight years. Attackers could use this bug to steal admin login credentials.
Source: Threatpost.com | Privacy

Chicago Board of Elections, Chris Vickery, data breach, ES&S, fbi, Government, Jon Hendren, personal information leak, Privacy, UpGuard, voting machine, voting security, Vulnerabilities

Vendor Exposes Backup of Chicago Voter Roll via AWS Bucket

August 18, 2017 Michael Mimoso Leave a comment

Voter registration data belonging to the entirety of Chicago’s electoral roll—1.8 million records—was found a week ago in an Amazon Web Services bucket.
Source: Threatpost.com | Privacy

Alex Stamos, Black Hat, diversity, doxing, empathy, Facebook, inclusion, Phishing, Privacy, Spam, Web Security, WhatsApp

Facebook Security Boss: Empathy, Inclusion Must Come to Security

July 26, 2017 Michael Mimoso Leave a comment

At Black Hat, Facebook CSO Alex Stamos’ keynote message was one of bringing empathy and inclusion to security, and that it’s time to stop being insular.
Source: Threatpost.com | Privacy

Android, Christian Wressnegger, Daniel Arp, device tracking, Erwin Quiring, google play, Konrad Rieck, mobile ads, mobile applications, Mobile Security, Privacy, Technische Universitat Braunschweig, ultrasonic beacons

Ultrasonic Beacons Are Tracking Your Every Movement

May 5, 2017 Michael Mimoso Leave a comment

More than 200 Android mobile applications listen surreptitiously for ultrasonic beacons embedded in audio that are used to track users and serve them with targeted advertising.
Source: Threatpost.com | Privacy

Authentication, Cloud Security, collaboration, Featured, Fuze, Privacy, Rapid7, Samuel Huckins, Vulnerabilities

Fuze Patches Bug That Exposed Recordings of Private Business Meetings

May 2, 2017 Michael Mimoso Leave a comment

Fuze addressed two issues that publicly exposed recordings of private business meetings made over the collaboration platform.
Source: Threatpost.com | Privacy

artificial intelligence, attribution, Critical Infrastructure, Cryptography, Dan Geer, exploit markets, Government, gray markets, Privacy, self-modifying algorithms, software liability, SOURCE Boston

Dan Geer: Cybersecurity, Humanity’s Future ‘Conjoined’

May 1, 2017 Michael Mimoso Leave a comment

Dan Geer’s Source Boston keynote included a declaration that cybersecurity and humanity’s future are forever conjoined.
Source: Threatpost.com | Privacy

Carnegie Mellon University, Cryptography, DHS, digital certificates, Encryption, HTTPS, HTTPS Inspection, Privacy, SSL, tls, US-CERT, Vulnerabilities, Will Dorman

US-CERT Warns HTTPS Inspection May Degrade TLS Security

March 17, 2017 Michael Mimoso Leave a comment

Security tools that proxy and inspect HTTPS traffic create a blindspot for network administrators trying to determine whether communication between clients and servers is secure.
Source: Threatpost.com | Privacy

Predict – Prevent – Detect – Analyse – Respond | Cyber Security