Security News

Google Mending Another Crack in Widevine
2020-10-26 23:54

For the second time in as many years, Google is working to fix a weakness in its Widevine digital rights management technology used by online streaming sites like Disney, Hulu and Netflix to prevent their content from being pirated. The latest cracks in Widevine concern the encryption technology's protection for L3 streams, which is used for low-quality video and audio streams only.

Governments Use Pandemic to Crack Down on Online Dissent: Watchdog
2020-10-14 11:00

Governments around the world are using the pandemic as a justification to expand surveillance and crack down on dissent online, resulting in a 10th consecutive annual decline in internet freedom, a human rights watchdog report said Wednesday. "The pandemic is accelerating society's reliance on digital technologies at a time when the internet is becoming less and less free," said Michael Abramowitz, president of the nonprofit group.

Fake Zoom alerts and dodgy medical freebies among COVID-cracks detected by Taiwan's CERT
2020-09-17 03:32

Taiwan's CERT detected cyber-crooks impersonating medical authorities to attack the country's tech industry during the early stages of the COVID pandemic. "Attackers used COVID-19 social engineering to increase the success rate of their attacks," said TWCERT/CC director Chih-Hung Lin.

Bletchley Park Trust can’t crack COVID-caused revenue slump without losing staff
2020-08-24 04:57

The Bletchley Park Trust, the host of Britain's National Museum of Computing and the site of critical feats of wartime code-cracking, has hit financial strife and expects to lay off around a third of its staff. The Trust posted news of its plight late last week, writing that it "Is proposing to restructure as a result of the financial impact of the coronavirus crisis."

TeamViewer flaw could be exploited to crack users’ password
2020-08-06 09:48

A high-risk vulnerability in TeamViewer for Windows could be exploited by remote attackers to crack users' password and lead to further system exploitation. TeamViewer is an application developed by German company TeamViewer GmbH and is available for Windows, macOS, Linux, Chrome OS, iOS, Android, Windows RT Windows Phone 8 and BlackBerry operating systems.

Zoom Bug Allowed Snoopers Crack Private Meeting Passwords in Minutes
2020-08-06 09:12

Popular video conferencing app Zoom recently fixed a new security flaw that could have allowed potential attackers to crack the numeric passcode used to secure private meetings on the platform and snoop on participants. Zoom meetings are by default protected by a six-digit numeric password, but according to Tom Anthony, VP Product at SearchPilot who identified the issue, the lack of rate limiting enabled "An attacker to attempt all 1 million passwords in a matter of minutes and gain access to other people's private Zoom meetings."

Zoom Flaw Could Have Allowed Hackers To Crack Meeting Passcodes
2020-07-30 21:40

A security issue in popular video conferencing platform Zoom was disclosed this week, which could have allowed attackers to crack private meeting passcodes and snoop in on video conferences. The problem, which has already been fixed, stems from Zoom not having any check against repeated incorrect meeting password attempts.

Zoom Bug Allowed Snoopers Crack Private Meeting Passwords in Minutes
2020-07-30 03:40

Popular video conferencing app Zoom recently fixed a new security flaw that could have allowed potential attackers to crack the numeric passcode used to secure private meetings on the platform and snoop on participants. Zoom meetings are by default protected by a six-digit numeric password, but according to Tom Anthony, VP Product at SearchPilot who identified the issue, the lack of rate limiting enabled "An attacker to attempt all 1 million passwords in a matter of minutes and gain access to other people's private Zoom meetings."

E.U. Authorities Crack Encryption of Massive Criminal and Murder Network
2020-07-03 15:10

Two months ago investigators in France and the Netherlands cracked the network's encryption, allowing law enforcement to listen in to criminal communications about selling and trafficking drugs, laundering money and murdering rivals, authorities said. The service's owners apparently became aware of the criminal investigation last month, informing an estimated 60,000 users with a message warning them to get rid of their EncroChat devices because their servers-operating out of France - had been "Seized illegally by government entities," according to the NCA. The service relied on EncroChat devices, which came with pre-loaded apps for instant messaging as well as the ability to make secure internet calls, with no other "Conventional smartphone" functionality, U.K. officials said.

Remember when we warned in February Apple will crack down on long-life HTTPS certs? It's happening: Chrome, Firefox ready to join in, too
2020-06-30 03:57

From September 1, Apple software, from Safari to macOS to iOS, will reject new HTTPS and other SSL/TLS certificates that are valid for more than 398 days, plus or minus some caveats. "Connections to TLS servers violating these new requirements will fail," Apple warned in its official note.