A new Bluetooth vulnerability called Bleedingbit came out yesterday, affecting Bluetooth APs if they use a Texas Instruments chip. With many IoT devices using Bluetooth including TVs, cellphones, locks, and modern cars there are a lot of potential devices that could be exploited. Before we dive in, if you are a WatchGuard customer, you're probably wondering if you are … [Read more...]
How to Defeat Malicious Everything as-a-Service
In the sharing & collaborative economy we live in, we are witnessing two major trends at play. First, an increasing number of people are getting online. Recent statistics suggest that 4 billion people around the world are now using the internet (this is half of the world’s population): https://wearesocial.com/blog/2018/01/global-digital-report-2018 Second, the … [Read more...]
Meltdown and Spectre CPU Vulnerabilities
On 3 January 2018, security researchers at Google, Graz University of Technology, and several other education institutions disclosed multiple vulnerabilities found in most modern Intel, AMD and ARM processors. The more severe vulnerability, Meltdown (CVE-2017-5754), appears isolated to Intel processors developed in the last 10 years. Spectre (CVE-2017-5715 and CVE-2017-5753) on … [Read more...]
macOS High Sierra Password Theft Vulnerability
A security researcher spoiled Apple’s release of macOS High Sierra today when he published a video showing a zero day exploit of the built-in password management system, Keychain. macOS uses the Keychain system to securely store encrypted passwords, cryptographic keys, and SSL certificates. Normally, applications should not be able to programmatically retrieve plaintext … [Read more...]
Should The Responsible Disclosure Process Be Standardized?
For every cyber-villain looking to exploit software and hardware vulnerabilities, there’s a cyber-hero fighting to expose (and close) those same security flaws. That reporting process is called responsible disclosure. But in today’s complex cyber landscape, the rules of responsible disclosure can vary dramatically. Begging the question, should the industry be standardizing this … [Read more...]
