Researchers use Rowhammer bit flips to steal 2048-bit crypto key - https://arstechnica.com/information-technology/2019/06/researchers-use-rowhammer-bitflips-to-steal-2048-bit-crypto-key/
SACK Panic – Multiple TCP-based remote denial-of-service issues
#sack #tcp https://access.redhat.com/security/vulnerabilities/tcpsack
Intel CPUs afflicted with simple data-spewing spec-exec vulnerability
China's social network surveillance databases are apparently leaked to Internet https://mobile.twitter.com/0xDUDE/status/1101917885100945409
Facebook’s global lobbying against data privacy laws.
Social network targeted legislators around the world, promising or threatening to withhold investment https://www.theguardian.com/technology/2019/mar/02/facebook-global-lobbying-campaign-against-data-privacy-laws-investment
ICANN Calls for DNSSEC for All Domains Following Domain Hijacking Attempts - https://www.icann.org/news/announcement-2019-02-22-en
New flaws in 4G, 5G allow attackers to intercept calls and track phone locations
A group of academics have found three new security flaws in 4G and 5G, which they say can be used to intercept phone calls and track the locations of cell phone users. https://techcrunch.com/2019/02/24/new-4g-5g-security-flaws/
Google says the built-in microphone it never told Nest users about was 'never supposed to be a secret' https://www.businessinsider.com/nest-microphone-was-never-supposed-to-be-a-secret-2019-2
#NIST Reveals 26 Algorithms Advancing to the #Post-Quantum #Crypto ‘Semifinals’ https://www.nist.gov/news-events/news/2019/01/nist-reveals-26-algorithms-advancing-post-quantum-crypto-semifinals
#Downgrade Attack on #TLS 1.3 and Vulnerabilities in Major TLS Libraries https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/february/downgrade-attack-on-tls-1.3-and-vulnerabilities-in-major-tls-libraries/
The UAE’s secret hacking team of U.S. mercenaries - https://uk.reuters.com/article/uk-usa-spying-raven-specialreport-idUKKCN1PO1A6
Massive mortgage and loan data leak gets worse as original documents also exposed
Remember that massive data leak of mortgage and loan data we reported on Wednesday? In case you missed it, millions of documents were found leaking after an exposed Elasticsearch server was found without a password. The documents contained highly sensitive financial data on tens of thousands of ind…
Coming Soon to a Police Station Near You: The DNA ‘Magic Box’
The key phrase: "...In 2017, President Trump signed into law the Rapid DNA Act, which, starting this year, will enable approved police booking stations in several states to connect their Rapid DNA machines to Codis, the national DNA database..."
Hmmm... I wonder how many DNA samples of foreigners are already in that DB?
That's the next step towards #1984
Millions of bank loan and mortgage documents have #leaked online
A trove of more than 24 million financial and $banking documents, representing tens of thousands of loans and mortgages from some of the biggest banks in the U.S., has been found online after a server #security lapse. The server, running an #Elasticsearch database, had more than a decade’s worth… https://techcrunch.com/2019/01/23/financial-files/
7-zip broken password random number generator - https://threadreaderapp.com/thread/1087848040583626753.html
Hackers broke into an SEC database and made millions from inside information, says DOJ https://www.cnbc.com/2019/01/15/international-stock-trading-scheme-hacked-into-sec-database-justice-dept-says.html
35-year-old vulnerability discovered in #scp https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt
How a Russian firm helped catch an alleged NSA data thief
Marriott Concedes 5 Million Passport Numbers Lost to Hackers Were Not Encrypted
The overall number of guests affected by the hacking, in which Chinese intelligence is the leading suspect, declined to 383 million. But the passport data is critical to intelligence agencies. https://www.nytimes.com/2019/01/04/us/politics/marriott-hack-passports.html
A Mastodon instance for info/cyber security-minded people.