January 2025

MediaTek rings in the new year with a parade of chipset vulns

Manufacturers should have had ample time to apply the fixes MediaTek kicked off the first full working week of the new year by disclosing a bevy of security vulnerabilities, including a critical remote code execution bug affecting 51 chipsets.…

After China’s Salt Typhoon, the reconstruction starts now

If 40 years of faulty building gets blown down, don’t rebuild with the rubble Opinion  When a typhoon devastates a land, it takes a while to understand the scale of the destruction. Disaster relief kicks in, communications rebuilt, and news flows out. Salt Typhoon is no different.…

Taiwan reportedly claims China-linked ship damaged one of its submarine cables

More evidence of Beijing’s liking for gray zone warfare, or a murky claim with odd African entanglements? Taiwanese authorities have asserted that a China-linked ship entered its waters and damaged a submarine cable.…

Telemetry data from 800K VW Group EVs exposed online

PLUS: DoJ bans data sale to enemy nations; Do Kwon extradited to US; Tenable CEO passes away; and more Infosec in Brief  Welcome to 2025: hopefully you enjoyed a pleasant holiday season and returned to the security operations center without incident - unlike Volkswagen, which last week admitted…

Encryption backdoor debate ‘done and dusted,’ former White House tech advisor says

When the FBI urges E2EE, you know it's serious business interview  In the wake of the Salt Typhoon hacks, which lawmakers and privacy advocates alike have called the worst telecoms breach in America's history, the US government agencies have reversed course on encryption.…

Atos denies Space Bears’ ransomware claims – with a ‘but’

Points finger at third-party infrastructure being breached French tech giant Atos today denied that Space Bears criminals breached its systems - but noted that third-party infrastructure was compromised by the ransomware crew, and that files accessed by the crooks included "data mentioning the Atos company name."…

CAPTCHAs now run Doom – on nightmare mode

As if the bot defense measure wasn't obnoxious enough Though the same couldn't be said for most of us mere mortals, Vercel CEO Guillermo Rauch had a productive festive period, resulting in a CAPTCHA that requires the user to kill three monsters in Doom – on nightmare mode.…

Boffins carve up C so code can be converted to Rust

Mini-C is a subset of C that can be automatically turned to Rust without much fuss Computer scientists affiliated with France's Inria and Microsoft have devised a way to automatically turn a subset of C code into safe Rust code, in an effort to meet the growing demand…

Chinese cyber-spies reportedly targeted sanctions intel in US Treasury raid

OFAC, Office of the Treasury Secretary feared hit in data-snarfing swoop Chinese spies who compromised the US Treasury Department's workstations reportedly stole data belonging to a government office responsible for sanctions against organizations and individuals.…

Apple offers to settle ‘snooping Siri’ lawsuit for an utterly incredible $95M

Even the sound of a zip could be enough to start the recordings, according to claims Apple has filed a proposed settlement in California suggesting it will pay $95 million to settle claims that Siri recorded owners' conversations without consent and allowed contractors to listen in.…

Copyright © 2024 Lugapel