Summary

Total Articles Found: 3

Top sources:

Top Keywords:

Top Authors

Top Articles:

  • LastPass attackers steal source code, no evidence users’ passwords compromised
  • New Bluetooth Attack
  • Google’s Project Zero Finds a Nation-State Zero-Day Operation

New Bluetooth Attack

Published: 2023-12-08 12:05:19

Popularity: 20

Author: Bruce Schneier

Keywords:

  • Uncategorized
  • authentication
  • Bluetooth
  • cyberattack
  • man-in-the-middle attacks
  • secrecy
  • vulnerabilities
  • New attack breaks forward secrecy in Bluetooth. Three news articles: BLUFFS is a series of exploits targeting Bluetooth, aiming to break Bluetooth sessions’ forward and future secrecy, compromising the confidentiality of past and future communications between devices. This is achieved by exploiting four flaws in the session key derivation process, two of which are new, to force the derivation of a short, thus weak and predictable session key (SKC). Next, the attacker brute-forces the key, enabling them to decrypt past communication and decrypt or manipulate future communications...

    ...more

    LastPass attackers steal source code, no evidence users’ passwords compromised

    Published: 2022-08-26 14:03:07

    Popularity: 28

    Author: Graham Cluley

    Keywords:

  • Featured Articles
  • IT Security and Data Protection
  • cyberattack
  • data breach
  • LastPass
  • password
  • password manager
  • LastPass, the popular password manager used by millions of people around the world, has announced that it suffered a security breach two weeks ago that saw attackers break into its systems and steal information. But don’t panic just yet – that doesn’t mean that all of your passwords are now in the hands of internet […]… Read More The post LastPass attackers steal source code, no evidence users’ passwords compromised appeared first on The State of Security.

    ...more

    Google’s Project Zero Finds a Nation-State Zero-Day Operation

    Published: 2021-04-08 11:06:53

    Popularity: 12

    Author: Bruce Schneier

    Keywords:

  • Uncategorized
  • cyberattack
  • Google
  • terrorism
  • zero-day
  • 🤖: "hacked again"

    Google’s Project Zero discovered, and caused to be patched, eleven zero-day exploits against Chrome, Safari, Microsoft Windows, and iOS. This seems to have been exploited by “Western government operatives actively conducting a counterterrorism operation”: The exploits, which went back to early 2020 and used never-before-seen techniques, were “watering hole” attacks that used infected websites to deliver malware to visitors. They caught the attention of cybersecurity experts thanks to their scale, sophistication, and speed. […] It’s true that Project Zero does not formally attribute hacking to specific groups. But the Threat Analysis Group, which also worked on the project, does perform attribution. Google omitted many more details than just the name of the government behind the hacks, and through that information, the teams knew internally who the hacker and targets were. It is not clear whether Google gave advance notice to government officials that they would be publicizing and shutting down the method of attack...

    ...more

    end