Russia's communications regulator has threatened Apple to face the consequences if the company does not remove secure messaging app Telegram from its App Store.
The Russian government had banned Telegram in the country for the company's refusal to hand over private encryption keys to Russian state security services to access messages sent using the secure service.
However, so far, the Telegram app is still available in the Russian version of Apple's App Store.
Researchers have demonstrated that the Z-Wave wireless communications protocol, which is used by more than 100 million Internet-of-Things (IoT) devices, is vulnerable to security downgrade attacks.
Z-Wave, a protocol primarily used for home automation, uses low-energy radio waves for wireless communications over distances of up to 100 meters (330 feet).
According to the Z-Wave Alliance, an organization dedicated to advancing Z-Wave, the protocol is currently used by 700 companies in over 2,400 IoT and smart home products, including thermostats, locks and home monitoring systems.
Does your organization have cybersecurity defense systems in place? Are your employees trained to recognize some of the most common social engineering tricks? If not your system still has a wide-open gap.
Social engineers are cunning and malicious and they will go to any lengths to get access to information, systems or secure buildings e.t.c for instance phishing, tailgating, crankcall (phone impersonation) and not to mention oversharing by the employees ( social media pretexting)
After the first-wave of Spectre and Meltdown attacks were conquered, people relaxed. That was a mistake. Early this year, researchers from several organizations warned that processors from Intel, AMD, ARM and other companies are affected by flaws that allow malicious applications to bypass memory isolation mechanisms and gain access to sensitive data.
Spectre attacks are possible due to CVE-2017-5753/ CVE-2017-5715 (Variant 1 & 2), while Meltdown attacks are possible due to CVE-2017-5754 (Variant 3). Researchers at Google Project Zero & Microsoft recently identified a new method which they have dubbed Variant 4.
Security researchers have gone public with vulnerabilities in some secure mail apps that can be exploited by miscreants to decrypt intercepted PGP-encrypted messages.
Red Hat, opensource solutions provider, recently announced a critical vulnerability in its DHCP client tracked as CVE-2018-1111 that could be exploited by attackers to execute arbitrary commands with root privileges on targeted systems.
Security expert discovered the critical remote command injection vulnerability in the DHCP client implementation of Red Hat Linux, the issue also affects other distros based on it like Fedora.