SECURITY NEWS
RECENT SECURITY NEWS
Windows 10 SDK preview build 18272 adds support for WPA3
Microsoft Windows is already supporting the most recent Wi-Fi encryption standard, even though devices who make use of it haven't been released yet. Click the button below, scroll down to "API Updates, Additions and Removals", and then check out the 42nd and 43rd lines of code to see what I mean.
Hardware-based SSD encryption mechanisms are vulnerable
Carlo Meijer and Bernard van Gastel from Radboud University have recently analyzed the hardware encryption mechanisms of several SSDs by reverse engineering their firmware. The two security researchers have discovered that many hardware implementations have critical security weaknesses.
Texas Instruments' Bluetooth chip flaw makes devices vulnerable to remote attacks
A new Bluetooth vulnerability, which affects Aruba's Wi-Fi access point Series 300, was caused by an issue with Texas Instruments' firmware update feature in BLE chips called "over-the-air firmware download". Fortunately, TI has already released the needed patches, which can be downloaded by clicking the button below.
Windows Defender can now run in a sandbox
Windows' built-in security application is the first antivirus in the world which can run inside a sandbox environment, which means that it can be completely isolated from all the other installed applications. This way, if the antivirus gets infected, the damage won't spread to the other applications.
Google mandates at least two years of security updates for Android phones
At least that's what The Verge claims! The tech portal has recently published an article which mentions Google’s recent contract with its main Android partners. According to The Verge, the contract stipulates that Android device makers need to update their most popular phones and tablets for at least two years.
WhatsApp video calls may get your account compromised
Security researcher Natalie Silvanovich has recently discovered a critical vulnerability in WhatsApp, which can allow hackers to take control over your copy of the application, and then record all your future conversations by simply video calling you. The bug affects both the Android and the iOS apps; the developers have already patched the Android version, and the iOS fix is supposed to be ready within the next few days.
Wi-Fi standards get simplified, number-based versions
Wi-Fi Alliance, which certifies and manages the implementation of various Wi-Fi versions, has recently announced that it will use a simple naming scheme for its standards from now on. The current Wi-Fi standard (802.11ac) will be renamed Wi-Fi 5, and the next generation of wireless technology, which will provide improved speeds, performance and power efficiency, will be named Wi-Fi 6.
Zero-day vulnerability discovered in the Microsoft Jet Database Engine
According to Zero Day Initiative, the vulnerability allows an attacker to execute malicious code remotely on the affected Windows-based computer. It's true that the attacker must persuade the targeted user to open a specially crafted JET database before being able to execute his code on the target system.
Online retailer Newegg was hacked
Magecart, which was responsible for the British Airways and the Ticketmaster security incidents, has made the headlines once again. The hacker managed to steal credit card details for most people who entered their information in the Newegg forms last month. According to Risk IQ, the malicious code became active around August 14th and was removed on September 18th.
British Airways was hacked
British Airways has confirmed a serious data breach which has exposed personal and financial details of its customers who have made ticket reservations on ba.com or have used BA's mobile app between 22:58 BST August 21, 2018 and 21:45 BST September 5, 2018.
Melbourne teen hacked Apple's servers
A Melbourne private schoolboy who broke into Apple’s servers is facing serious criminal charges. The teenager downloaded almost 100 GB of data and accessed several customer accounts. The international investigation started after Apple contacted the FBI.
Cyber criminals can infiltrate your corporate network by exploiting a fax machine
Check Point researchers have recently demonstrated "Faxploit", a method that allows cyber criminals to infiltrate corporate networks by exploiting their all-in-one printer & fax machines.