Security News

We've all shared the frustration when it comes to errors - software updates that are intended to make our applications run faster inadvertently end up doing just the opposite. These bugs, dubbed in the computer science field as performance regressions, are time-consuming to fix since locating software errors normally requires substantial human intervention.

Security researchers at the Massachusetts Institute of Technology have published a technical paper that describes several security flaws in Voatz, a smartphone app used for limited online voting during the 2018 U.S. midterm elections. In their paper, the MIT researchers note that they were unable to obtain complete information about how Voatz engineers developed the company's voting application, nor were they able to access the full backend of the company's infrastructure to investigate how the app checks and verifies identity.

Nine of the ten bugs can so far only be exploited to force an affected device either to reboot or to hang; only one can potentially be abused by crooks to access your device without needing you to let them pair with it first. The other bugs are somewhat milder - at the moment, all the researchers have been able to do with them is reboot or freeze a device.

Vulnerabilities in the Voatz Internet voting app could allow adversaries to alter, stop, or expose a user's vote, security researchers from the Massachusetts Institute of Technology have discovered. Developed by the private Boston-based Voatz, the application is the first Internet voting app to have been used in high-stakes U.S. federal elections and is "On track to be used in the 2020 Primaries," the researchers point out.

Security researchers have found key flaws in a mobile voting app that some states plan to use in the 2020 election that can allow hackers to launch both client- and server-side attacks that can easily manipulate or even delete someone's vote, as well as prevent a reliable audit from taking place after the fact, they said. A team of researchers at MIT released a security audit of Voatz-a blockchain app that already was used in a limited way for absentee-ballot voting in the 2018 mid-term elections-that they said bolsters the case for why internet voting is a bad idea and voting transparency is the only way to ensure legitimacy.

Researchers at Ben-Gurion University of the Negev have made a name for themselves figuring out how to get data out of air-gapped computers. Now, they've figured out a way to retrieve data from a disconnected computer by altering its LCD display's pixel density just enough for a nearby camera to pick it up.

Researchers claim more than 500,000 PCs have been left wriggling with malware after a cracked app went on to retrieve further nasties from Bitbucket repos. We searched Bing for "Download Adobe" and right at the top of the page were videos with guides to illegal downloads; no, we did not test these for malware but it would not be surprising if they came with some unwanted extras.

Researchers at Check Point have demonstrated how to infect a network with malware via a simple IoT device, a Philips Hue smart lightbulb. One is CVE-2020-6007 which is a buffer overflow in the Philips Hue Bridge controller firmware, in the part of the software that adds new devices to the controller.

A researcher has discovered more than 60 vulnerabilities across 20 physical security products, including critical flaws that can be exploited remotely to take complete control of a device. The DHS's Cybersecurity and Infrastructure Security Agency recently published an advisory to warn users of Honeywell's MAXPRO video management system and network video recorder products that Austria-based researcher Joachim Kerschbaumer had identified two serious vulnerabilities that could allow hackers to take control of affected systems.

Gamers, security researchers, and technologists have been invited to identify security vulnerabilities in Xbox network and services and report them to Microsoft. Microsoft runs a number of bug bounty programs and has now decided that their Xbox offerings need extra attention from security researchers.