U.S. DOJ will no longer prosecute good-faith security researchers under CFAA
The U.S. Department of Justice announced the revision of its policy regarding charging violations of the Computer Fraud and Abuse Act (CFAA), which says that, among other …
research
BLE vulnerability may be exploited to unlock cars, smart locks, building doors, smartphones
A Bluetooth Low Energy (BLE) vulnerability discovered by NCC Group researchers may be used by attackers to unlock Teslas (or other cars with automotive keyless entry), …
How to avoid headaches when publishing a CVE
You have discovered a vulnerability. Congratulations! So, what happens next? Finding a CVE (Common Vulnerabilities and Exposures) is the first step in a process which starts …
Nimbuspwn bugs allow attackers to gain root privileges on some Linux machines (CVE-2022-29799, CVE-2022-29800)
Microsoft has unearthed two security vulnerabilities (CVE-2022-29799, CVE-2022-29800) in the networkd-dispatcher daemon that may be exploited by attackers to gain root on many …
How mobile app usage data could reveal a person’s identity
The time a person spends on different smartphone apps is enough to identify them from a larger group in more than one in three cases say researchers, who warn of the …
How hackers could use popular virtual reality headsets to steal sensitive information
Researchers at Rutgers University-New Brunswick have published “Face-Mic,” the first work examining how voice command features on virtual reality headsets could lead to major …
Preventing software security vulnerabilities with automation
A team of UTSA researchers is exploring how a new automated approach could prevent software security vulnerabilities. The team sought to develop a deep learning model that …
Researchers propose a new method for quantum computing in trapped ions
Physicists from the University of Amsterdam have proposed a new architecture for a scalable quantum computer. Making use of the collective motion of the constituent particles, …
VirusTotal Hacking: Finding stolen credentials hosted on VirusTotal
VirusTotal, the popular online service for analyzing suspicious files, URLs and IP addresses, can be used to collect credentials stolen by malware, researchers at SafeBreach …
Detect and identify IoT malware by analyzing electromagnetic signals
Electromagnetic (EM) emanations can be recorded and used to detect and identify malware running on IoT devices, a group of researchers working at IRISA have proven. The setup …
150+ HP multifunction printers open to attack (CVE-2021-39237, CVE-2021-39238)
Over 150 HP multifunction printers (MFPs) are open to attack via two exposed physical access port vulnerabilities (CVE-2021-39237) and two different font parsing …
Researchers shed light on hidden root CAs
How widespread is the use of hidden root CAs and certificates signed by them? To answer that and other questions, a group of researchers from several Chinese and U.S. …