KrØØk: Serious vulnerability affected encryption of billion+ Wi‑Fi devices

ESET researchers uncover a previously unknown security flaw allowing an adversary to decrypt some wireless network packets transmitted by vulnerable devices. ESET Research has published its latest white paper, KrØØk – CVE-2019-15126: Serious vulnerability deep inside your Wi-Fi encryption. This blogpost summarizes that white paper, authored by researchers Miloš Čermák, Robert Lipovský and Štefan Svorenčík. For updated … More KrØØk: Serious vulnerability affected encryption of billion+ Wi‑Fi devices

Google: Flaws in Apple’s privacy tool could enable tracking

Safari’s anti-tracking feature could apparently give access to users’ browsing habits. An anti-tracking tool baked into Apple’s Safari web browser was found to contain flaws that, if abused, could enable the very thing that the tool was designed to prevent, according to a team of Google researchers. In a recently released report, the researchers disclosed multiple … More Google: Flaws in Apple’s privacy tool could enable tracking

Microsoft exposed 250 million customer support records

Databases containing 14 years’ worth of customer support logs were publicly accessible with no password protection. Over 250 million customer service and support records were exposed by Microsoft over a two-day period in December 2019 due to a server misconfiguration. Since the records weren’t secured with any authentication measures, anyone with an internet connection and … More Microsoft exposed 250 million customer support records

New Internet Explorer zero‑day remains unpatched

You may want to implement a workaround or stop using the browser altogether, at least until Microsoft issues a a fix. Microsoft has released a security advisory alerting users to an as-yet unpatched vulnerability in its Internet Explorer (IE) web browser that is being exploited in limited targeted attacks. The zero-day, which is tracked as CVE-2020-0674, is a … More New Internet Explorer zero‑day remains unpatched

Millions of modems at risk of remote hijacking

Multiple cable modem models from various manufacturers found vulnerable to takeover attacks. Hundreds of millions of cable modems from various manufacturers may be susceptible to a critical vulnerability that can enable attackers to intercept people’s private messages or redirect their internet traffic, new research has found. Tracked as CVE-2019-19494 and nicknamed Cable Haunt, the vulnerability is estimated to … More Millions of modems at risk of remote hijacking