Enlarge (credit: Aurich Lawson | Getty Images) Apple has released several security updates this week to patch a “FORCEDENTRY” vulnerability on iOS devices. The “zero-click, zero-day” vulnerability has been actively exploited by Pegasus, a spyware app developed by the Israeli company NSO Group, which has been known to target activists, journalists, and prominent people around […]
Enlarge / This isn’t how the OMIGOD vulnerability works, of course—but lightning is much more photogenic than maliciously crafted XML. (credit: Aurich Lawson | Getty Images) Cloud security vendor Wiz—which recently made news by discovering a massive vulnerability in Microsoft Azure’s CosmosDB-managed database service—has found another hole in Azure. The new vulnerability impacts Linux virtual machines […]
Enlarge / If you don’t maintain good relationships with bug reporters, you may not get to control the disclosure timeline. (credit: mhatzapa via Getty Images / Jim Salter) The Washington Post reported earlier today that Apple’s relationship with third-party security researchers could use some additional fine tuning. Specifically, Apple’s “bug bounty” program—a way companies encourage ethical […]
Enlarge / The security of Facebook’s popular messaging app leaves several rather important devils in its details. (credit: WhatsApp) Yesterday, independent newsroom ProPublica published a detailed piece examining the popular WhatsApp messaging platform’s privacy claims. The service famously offers “end-to-end encryption,” which most users interpret as meaning that Facebook, WhatsApp’s owner since 2014, can neither read […]
Enlarge / ProtonMail offers end-to-end encryption and a stated focus on privacy for its email service—which offers a user interface quite similar to those of more mainstream services such as Gmail. (credit: Jim Salter) This weekend, news broke that security/privacy-focused anonymous email service ProtonMail turned over a French climate activist’s IP address and browser fingerprint to […]
Enlarge (credit: Drew Angerer | Getty Images ) If you receive an email from someone@arstechnіca. com , is it really from someone at Ars? Most definitely not—the domain in that email address will be not the same arstechnica. com that you know. The ‘і’ character in there is usually from the Cyrillic script and not […]
Enlarge / Gah, don’t you miss unstressed travel? (credit: Klaus Vedfelt / Getty Images) On the Friday heading into Memorial Day weekend this year, it was meat processing giant JBS . On the Fri before the Fourth of July, it was IT management software company Kaseya and, by extension, over a thousand businesses of varying […]
Enlarge / Each Telum package consists of two 7nm, eight-core / sixteen-thread processors running at a base clock speed above 5GHz. A typical system will have sixteen of these chips in total, arranged in four-socket “drawers.” (credit: IBM) From the perspective of a traditional x86 computing enthusiast—or professional—mainframes are strange, archaic beasts. They’re physically enormous, […]
Enlarge (credit: Getty Images) Popular NPM package “pac-resolver” has fixed a severe remote code execution (RCE) flaw. The pac-resolver package receives over 3 million weekly downloads, extending this vulnerability to Node.js applications relying on the open source dependency. Pac-resolver touts itself as a module that accepts JavaScript proxy configuration files and generates a function for […]
Enlarge / On Friday afternoon, Coinbase sent email and SMS text messages to 125,000 customers, erroneously telling them that their 2FA settings had been changed. (credit: SOPA Images) Cryptocurrency exchange Coinbase sent an automated message to a large number of its customers on Friday, saying “your 2-step verification settings have been changed.” Unfortunately, the message […]