This week’s Threatpost News Wrap Podcast recaps the ROCA, KRACK and Boundhook attacks, as well as the release of Google Advanced Protection for Gmail.
Source: Threatpost.com | Privacy
All posts by Michael Mimoso
KRACK Attack Devastates Wi-Fi Security
The KRACK, or key reinstallation attack, disclosed today allow attackers to decrypt encrypted traffic, steal data and inject malicious code depending on the network configuration.
Source: Threatpost.com | Privacy
Adobe Private PGP Key Leak a Blunder, But It Could Have Been Worse
Adobe suffered at a minimum a PR black eye on Friday when one of its private PGP keys was inadvertently published to its Product Incident Security Response Team (PSIRT) blog.
Source: Threatpost.com | Privacy
Joomla Patches Eight-Year-Old LDAP Injection Vulnerability
Joomla on Tuesday patched a critical LDAP injection vulnerability that had lingered in the content management system for eight years. Attackers could use this bug to steal admin login credentials.
Source: Threatpost.com | Privacy
Vendor Exposes Backup of Chicago Voter Roll via AWS Bucket
Voter registration data belonging to the entirety of Chicago’s electoral roll—1.8 million records—was found a week ago in an Amazon Web Services bucket.
Source: Threatpost.com | Privacy
Facebook Security Boss: Empathy, Inclusion Must Come to Security
At Black Hat, Facebook CSO Alex Stamos’ keynote message was one of bringing empathy and inclusion to security, and that it’s time to stop being insular.
Source: Threatpost.com | Privacy
Ultrasonic Beacons Are Tracking Your Every Movement
More than 200 Android mobile applications listen surreptitiously for ultrasonic beacons embedded in audio that are used to track users and serve them with targeted advertising.
Source: Threatpost.com | Privacy
Fuze Patches Bug That Exposed Recordings of Private Business Meetings
Fuze addressed two issues that publicly exposed recordings of private business meetings made over the collaboration platform.
Source: Threatpost.com | Privacy
Dan Geer: Cybersecurity, Humanity’s Future ‘Conjoined’
Dan Geer’s Source Boston keynote included a declaration that cybersecurity and humanity’s future are forever conjoined.
Source: Threatpost.com | Privacy
US-CERT Warns HTTPS Inspection May Degrade TLS Security
Security tools that proxy and inspect HTTPS traffic create a blindspot for network administrators trying to determine whether communication between clients and servers is secure.
Source: Threatpost.com | Privacy