You can bypass Windows Hello with a low-res printed photoIn a report published yesterday, German pen-testing company SySS GmbH says it discovered that Windows Hello is vulnerable to the simplest and most common attack against facial recognition biometrics software — the doomsday scenario of using a printed photo of the device’s owner.Researchers say that by Read more about Windows 10 Facial Recognition Feature Can Be Bypassed with a low res Photo[…]

a prototype tool created by researchers from the University of California San Diego (UCSD) aims to bring greater transparency to such breaches. The system, called Tripwire, detects websites that were hacked, as is detailed in this study. Here’s here how it works: To detect breaches, the researchers created a bot that automatically registered accounts on Read more about Tripwire detects hacks companies haven’t told us about by creating accounts with unique emails on thousands of servers. If the email account is accessed, the site has been breached. No-one knows or cares that there has been a breach in vast majority of cases.[…]

A Google security researcher has found and helped patch a severe vulnerability in Keeper, a password manager application that Microsoft has been bundling with some Windows 10 distributions this year.”I’ve heard of Keeper, I remember filing a bug a while ago about how they were injecting privileged UI into pages,” said Tavis Ormandy, the Google Read more about Windows 10 Password Manager Keeper allows sites to steal any password.[…]

According to a blog post published Wednesday by Internet monitoring service BGPMon, the hijack lasted a total of six minutes and affected 80 separate address blocks. It started at 4:43 UTC and continued for three minutes. A second hijacking occurred at 7:07 UTC and also lasted three minutes. Meanwhile, a second monitoring service, Qrator Labs, Read more about “Suspicious” event routes traffic for big-name sites through Russia[…]

Tens of thousands, perhaps millions, of Google Chromebooks, widely prized by schools due to their low cost and ease of configuration, were reported to be offline for several hours on Tuesday. The apparent cause? A seemingly botched WiFi policy update pushed out by Google that caused many Chromebooks to forget their approved network connection, leaving Read more about Apparent Google update glitch disconnects student Chromebooks in schools across the U.S. – GeekWire[…]

System76 is one a handful of companies that sells computers that run Linux software out of the box. But like most PCs that have shipped with Intel’s Core processors in the past few years, System76 laptops include Intel’s Management Engine firmware. Intel recently confirmed a major security vulnerability affecting those chips and it’s working with Read more about System76 will disable Intel Management engine on its Linux laptops via firmware update[…]

High-Tech Bridge used its free mobile app analysis software, called Mobile X-Ray, to peek under the hood of the top 30 cryptocurrency apps in the Google Play store at three different popularity levels: apps with up to 100,000 downloads, up to 500,000 downloads, and apps with more than 500,000 downloads. So, a total of 90 Read more about 66 Percent of Popular Android Cryptocurrency Apps Don’t Use Encryption[…]

The sensitive personal information of 246,000 Department of Homeland Security employees was found on the home computer server of a DHS employee in May, according to documents obtained by USA TODAY. Also discovered on the server was a copy of 159,000 case files from the inspector general’s investigative case management system, which suspects in an Read more about Former DHS employee had 246000 DHS employee records at home to sell. DHS waits 3 months(!) to notify employees.[…]

The patch addresses a flaw in its operating system that allows anyone sitting at a Mac to gain administrator access by entering “root” as the username and leaving the password box blank in authentication prompts. This works when altering system settings, logging into the machine, and accessing it remotely via VNC, RDP, screen sharing, and Read more about As Apple fixes macOS root password hole, here’s what went wrong (note: get patching!)[…]

Forget fingerprint computer identification or retinal scanning. A University at Buffalo-led team has developed a computer security system using the dimensions of your heart as your identifier. The system uses low-level Doppler radar to measure your heart, and then continually monitors your heart to make sure no one else has stepped in to run your Read more about Using heart size by scanning using doppler radar as a biometric[…]

On November 23, Imgur was notified of a potential security breach that occurred in 2014 that affected the email addresses and passwords of 1.7 million user accounts. Imgur

Thanks to an investigation by third-party researchers into Intel’s hidden firmware in certain chips, Intel decided to audit its firmware and on Monday confirmed it had found 11 severe bugs that affect millions of computers and servers. The flaws affect Management Engine (ME), Trusted Execution Engine (TXE), and Server Platform Services (SPS). Intel discovered the Read more about Intel: We’ve found severe bugs in secretive unpatchable Management Engine, affecting millions[…]

This is more than a little embarrassing for a business that supplies handmade leather goods to the British royal family. Founded in 1880 by brothers Thomas, John and William Loake, the firm has since sold more than 50 million pairs of Goodyear welted shoes in more than 50 countries. […] Loake strangely described described the Read more about Loakes shoes hacked, fluffs the explanation[…]

A series of recently disclosed critical Bluetooth flaws that affect billions of Android, iOS, Windows and Linux devices have now been discovered in millions of AI-based voice-activated personal assistants, including Google Home and Amazon Echo.As estimated during the discovery of this devastating threat, several IoT and smart devices whose operating systems are often updated less Read more about Bluetooth Hack Affects 20 Million Amazon Echo and Google Home Devices[…]

Getting into and hijacking the Management Engine means you can take full control of a box, underneath and out of sight of whatever OS, hypervisor or antivirus is installed. This powerful God-mode technology is barely documented and supposedly locked down to prevent miscreants from hijacking and exploiting the engine to silently spy on users or Read more about Intel’s super-secret Management Engine firmware breached via USB[…]

There’s a wall of lava lamps in the lobby of our San Francisco office. We use it for cryptography. Here are the nitty-gritty technical details. […] In cryptography, the term random means unpredictable. That is, a process for generating random bits is secure if an attacker is unable to predict the next bit with greater Read more about LavaRand in Production: The Nitty-Gritty Technical Details or How Cloudflare uses a wall of lava lamps to protect the internet[…]

“All of them can be triggered with a crafted malicious USB device in case an attacker has physical access to the machine,” Konovalov said. Konovalov has found a total of 79 Linux USB-related bugsThe 14 flaws are actually part of a larger list of 79 flaws Konovalov found in Linux kernel USB drivers during the Read more about Linux Has a USB Driver Security Problem. 79 of them. Fortunately, they require physical access.[…]

Digitally signed malware can bypass system protection mechanisms that install or launch only programs with valid signatures. It can also evade anti-virus programs, which often forego scanning signed binaries. Known from advanced threats such as Stuxnet and Flame, this type of abuse has not been measured systematically in the broader malware landscape. In particular, the Read more about Signed Malware: using digital certificates to circumvent malware checks[…]

The personal information of more than 30 million South Africans has apparently been leaked online. This is according to Australian security researcher and creator of ‘Have I Been Pwned’, Troy Hunt. His website allows people to check if their personal information has been compromised in a data breach.He took to Twitter on Tuesday to say Read more about Millions of South Africans’ personal information may have been leaked online[…]

If the plan is approved, Firefox will not trust certificates issued by the Staat der Nederlanden (State of the Netherlands) Certificate  Authority (CA). This CA is operated by PKIOverheid/Logius, a division of the Ministry of Interior and Kingdom Relations, which is the same ministry that oversees the AIVD intelligence service. New law givers Dutch govt Read more about Mozilla Wants to Distrust Dutch HTTPS Provider Because of Local Dystopian Law (Sleepnetwet)[…]

Back in September, IBM was left red-faced when its global load balancer and reverse DNS services fell over for 21 hours.At the time, IBM blamed the outage on a third-party domain name registrar that was transferring some domains to another registrar. The sending registrar, IBM said, accidentally put the domains in a “hold state” that Read more about IBM broke its cloud by letting three domain names expire[…]

The Management Engine (ME), part of Intel AMT, is a separate CPU that can run and control a computer even when powered off. The ME has been the bane of the security market since 2008 on all Intel based CPUs, with publicly released exploits against it, is now disabled by default on all Purism Librem Read more about Purism Librem Laptops Completely Disable Intel’s Management Engine[…]