Security News
The Russian government, via mouthpiece RIA Novosti, has claimed Korean tech giant Samsung will comply with a controversial Russian law passed in November that forces smartphones and computers to come pre-installed with domestic-made shovelware. "Samsung Electronics will be ready to meet the requirements of the Russian legislation provided by the regulator and adapt the company's activities in accordance with the adopted regulations," the state-owned wire service quoted a "Representative" as telling it.
FYI: Wacom's official tablet drivers leak to the manufacturer the names of every application opened, and when, on the computers they are connected to. If you want to disable this snooping, open your Wacom Desktop Center, find the slightly hidden More link, click on it, go to the privacy settings, and opt out of "Wacom's Experience Program." Note that you may have to opt out again after updating your driver installation: this data collection is enabled by default.
Four of the five high-severity bugs are remote code execution issues affecting Cisco routers, switches, and IP cameras, whereas the fifth vulnerability is a denial-of-service issue affecting Cisco IP phones. Collectively dubbed 'CDPwn,' the reported vulnerabilities reside in the various implementations of the Cisco Discovery Protocol that comes enabled by default on virtually all Cisco devices and can not be turned OFF. Cisco Discovery Protocol is an administrative protocol that works at Layer 2 of the Internet Protocol stack.
Four of the five high-severity bugs are remote code execution issues affecting Cisco routers, switches, and IP cameras, whereas the fifth vulnerability is a denial-of-service issue affecting Cisco IP phones. Collectively dubbed 'CDPwn,' the reported vulnerabilities reside in the various implementations of the Cisco Discovery Protocol that comes enabled by default on virtually all Cisco devices and can not be turned OFF. Cisco Discovery Protocol is an administrative protocol that works at Layer 2 of the Internet Protocol stack.
December's story of the researcher who tricked Twitter's Android app into matching random phone numbers to 17 million user accounts just took a turn for the worse. The flaw related to Twitter's contact upload feature, by which users upload their contact book to enable them to connect to other Twitter users whose email or phone number matches the data.
Twitter has admitted a flaw in its backend systems was exploited to discover the cellphone numbers of potentially millions of twits en masse, which could lead to their de-anonymization. That is the same day that security researcher Ibrahim Balic revealed he had managed to match 17 million phone numbers to Twitter accounts by uploading a list of two billion automatically generated phone numbers to Twitter's contact upload feature, and match them to usernames.
Criminals sometimes damage their mobile phones in an attempt to destroy data. Manufacturers use those taps to test their circuit boards, but by soldering wires onto them, forensic investigators can extract data from the chips.
Twitter today issued a warning revealing that attackers abused a legitimate functionality on its platform to unauthorizedly determine phone numbers associated with millions of its users' accounts. According to Twitter, the vulnerability resided in one of the APIs that has been designed to make it easier for users to find people they may already know on Twitter by matching phone numbers saved in their contacts with twitter accounts.
Motherboard obtained and published the technical report on the hack of Jeff Bezos's phone, which is being attributed to Saudi Arabia, specifically to Crown Prince Mohammed bin Salman. "[W]ithin hours of the encrypted downloader being received, a massive and unauthorized exfiltration of data from Bezos' phone began, continuing and escalating for months thereafter," the report states.
A forensic investigation commissioned by Bezos concludes claims to have uncovered the May 2018 hack attack. Bin Salman sent Bezos a large video file on May 1, 2018, which FTI describes as "Arriving unexpectedly and without explanation," as if people routinely warn their friends that they're about to send a video attachment.