“Email is a plaintext communication medium whose communication paths are partly protected by TLS. For people in hostile environments (journalists, political activists, whistleblowers, ...) who depend on the confidentiality of digital communication, this may not be enough.” This is according to a researcher on the EFail website, who goes on to describe how this vulnerability … [Read more...]
AMD Responds to CTS – Daily Security Byte
In an earlier video, I told you how a research organization called CTS disclosed thirteen vulnerabilities in AMD processors. However, there were a lot of strange factors around this disclosure. Though one other 3rd party security researcher did verify the flaws existed, CTS only gave AMD 24 hours before going to the press, they didn't share any technical details, they claimed … [Read more...]
Meltdown and Spectre CPU Vulnerabilities
On 3 January 2018, security researchers at Google, Graz University of Technology, and several other education institutions disclosed multiple vulnerabilities found in most modern Intel, AMD and ARM processors. The more severe vulnerability, Meltdown (CVE-2017-5754), appears isolated to Intel processors developed in the last 10 years. Spectre (CVE-2017-5715 and CVE-2017-5753) on … [Read more...]
Apple’s Blank Root Password – Daily Security Byte
Despite what some believe, Apple devices don't have bullet-proof security, and have been hacked in the past. That said, Apple's team does tend to take security seriously, and makes better security decisions than some. That's why the industry was so surprised by an unexpected local root vulnerability in the latest version of MacOS. In short, Apple's MacOS update results in a … [Read more...]
BlueBorne Bluetooth Vulnerabilities – Daily Security Byte
Imagine this nightmare wireless attack scenario. A guest walks into your offices not realizing his mobile wireless device is already infected with malware that spreads wirelessly. This guest's device automatically infects any other device it comes into proximity with. The infection doesn't require your users to interact in any way, nor does it require them to pair their devices … [Read more...]