Security News

Researchers at the University of Birmingham have managed to break Intel SGX, a set of security functions used by Intel processors, by creating a $30 device to control CPU voltage. Break Intel SGX. The work follows a 2019 project, in which an international team of researchers demonstrated how to break Intel's security guarantees using software undervolting.

The Dark Web/Darknet continues to be an environment for bad actors to share stolen credentials and discuss successful attacks. Just as there's a lot of bad on the Dark Web, there is also good - mostly in the form of intel that can be used to help protect organizations from attacks.

ESET researchers have discovered ModPipe, a modular backdoor that gives its operators access to sensitive information stored in devices running ORACLE MICROS Restaurant Enterprise Series 3700 POS - a management software suite used by hundreds of thousands of bars, restaurants, hotels and other hospitality establishments worldwide. What makes the backdoor distinctive are its downloadable modules and their capabilities, as it contains a custom algorithm designed to gather RES 3700 POS database passwords by decrypting them from Windows registry values.

According to Jan Kopriva, a team leader of ALEFs Computer Security Incident Response Team and SANS ISC contributor, despite the attention the vulnerability received when first disclosed and the public availability of PoCs for exploiting it, Shodan searches show upwards of 100,000 systems still vulnerable. Shodan, he explains, can be used to discover systems that are affected by a specific vulnerability, although the exact manner in which the search engine determines whether a machine is vulnerable to SMBGhost attacks is unclear.

So not only have you eliminated by far the majority of messages, you've also broken the "OTP proof" of "All messages are equiprobable". Using compression does alow you to change the encrypted message length, which for years was also desirable because reducing the size of a message had other benifits, not the least of which was cost, which is why the later Victorians were apparently "Code book crazy".

UPDATE. Link previews in popular chat apps on iOS and Android are a firehose of security and privacy issues, researchers have found. When a user sends a link through, it renders a short summary and a preview image in-line in the chat, so other users don't have to click the link to see what it points to.

An analysis of the manner in which popular chat applications handle link previews has revealed several privacy and security issues, including some that still need addressing, security researchers warn. Link previews provide users with information on what a link received in chat would lead them to, regardless of whether it is a file or a web page.

Dutch ethical hacker Victor Gevers claims it only took five attempts to guess the password to President Donald Trump's Twitter account - "Maga2020!". Twitter Safety & 2FA. Twitter said it is dubious about the report.

A database with information on virtually the entire US voting population has been circulated on hacker forums, opening up the potential for disinformation and scams that could impact the November 3 election, security researchers say. A report released Wednesday by the security firm Trustwave said its researchers "Discovered massive databases with detailed information about US voters and consumers offered for sale on several hacker forums."

Researchers from the University of Ottawa, in collaboration with Ben-Gurion University of the Negev and Bar-Ilan University scientists, have been able to create optical framed knots in the laboratory that could potentially be applied in modern technologies. Their work opens the door to new methods of distributing secret cryptographic keys - used to encrypt and decrypt data, ensure secure communication and protect private information.