New Wi-Fi Vulnerability Enables Network Eavesdropping via Downgrade Attacks ( thehackernews.com )
How I upgraded my water heater and discovered how bad smart home security can be ( arstechnica.com )
I continue to be amazed that anybody connects their appliances to the internet.
BIMI and DMARC Can't Save You: The Overlooked DKIM Exploit ( www.zone.eu )
16 years of CVE-2008-0166 - Debian OpenSSL Bug ( 16years.secvuln.info )
Today, 16 years ago, Debian published a security advisory announcing CVE-2008-0166, a severe bug in their OpenSSL package that effectively broke the random number generator and limited the key space to a few ten thousand keys. The vulnerability affected Debian+Ubuntu between 2006 and 2008. In 2007, an email signature system...
Novel attack against virtually all VPN apps neuters their entire purpose ( arstechnica.com )
How well can an employer be certain of a remote employee's geographical location?
cross-posted from: https://lemmy.ml/post/15178977...
Stealing your Telegram account in 10 seconds flat ( lyra.horse )
Nation-state hackers exploit Cisco firewall 0-days to backdoor government networks ( arstechnica.com )
A doubt in encryption ( lemmy.ml )
There’s a server, a client, and a hacker in a network. For encryption, the client and the server need to share their private keys. Wouldn’t the hacker be able to grab those during their transmission and decrypt further messages as they please?
Computer scientists unveil novel attacks on cybersecurity ( www.sciencedaily.com )
cross-posted from: https://infosec.pub/post/11554206...
Passkeys: A Shattered Dream ( fy.blackhats.net.au )
A dozen+ RCEs on popular LLM framework libraries like LangChain and LlamaIndex - used in lots of chat-assisted apps including GitHub ( mastodon.social )
After XZ Utils, More Open-Source Maintainers Under Attack ( www.bankinfosecurity.com )
cross-posted from: https://infosec.pub/post/11143989...
PuTTY priority high vulnerability CVE-2024-31497 ( hachyderm.io )
Gmail And YouTube Hackers Bypass Google’s 2FA Account Security ( www.forbes.com )
New Technique Detected in an Open Source Supply Chain Attack ( checkmarx.com )
New Spectre v2 attack impacts Linux systems on Intel CPUs ( www.bleepingcomputer.com )
cross-posted from: https://infosec.pub/post/10912691...
GParted Live Is Now Patched Against the XZ Backdoor, Powered by Linux Kernel 6.7 ( 9to5linux.com )
Critical Rust flaw enables Windows command injection attacks ( www.bleepingcomputer.com )
Where The Wild Things Are: Brute-Force SSH Attacks In The Wild And How To Stop Them ( www.flux.utah.edu )
https://discuss.systems/@ricci/112247553557306560
Thoughts on the xz backdoor: an lzma-rs perspective | Blog ( gendignoux.com )
Running the “Reflections on Trusting Trust” Compiler ( research.swtch.com )
Security advisory for the standard library (CVE-2024-24576) ( blog.rust-lang.org )
The Bootstrapping Exam: Escaping from “Trusting Trust” ( www.devever.net )
XZ Utils backdoor - Wikipedia ( en.wikipedia.org )
