Scammers have long been exploiting Twitter to steal digital currencies from naive users, but this month one attacker pulled off a rare coup by compromising a verified Twitter account.
Recently someone managed to gain access to a verified Twitter account for a now-defunct Fox show called Almost Human and use it to impersonate cryptocurrency entrepreneur Justin Sun, founder of the TRON decentralized blockchain application platform.
Researchers have discovered a flaw in some Bluetooth implementations that could allow an attacker to intercept or tamper with data exchanged between two vulnerable devices. The cryptographic bug, tracked as CVE-2018-5383, has been identified by scientists at the Israel Institute of Technology.
It impacts two related Bluetooth features: Secure Simple Pairing and LE Secure Connections.
Cisco reported four critical vulnerabilities affecting its Policy Suite. The flaws tracked as CVE-2018-0374, CVE-2018-0375, CVE-2018-0376, and CVE-2018-0377 have been discovered during internal testing. Two of these flaws could be exploited by a remote unauthenticated attacker to access the Policy Builder interface and the Open Systems Gateway initiative (OSGi) interface.
The access to the Policy Builder interface could allow an attacker to change to existing repositories and create new ones, while the access to the OSGi interface could allow an attacher to access or change any file accessible by the OSGi process.
Recently, Apple introduced restricted mode to protect iPhones from attacks by companies like Cellebrite and Greyshift, which allow attackers to recover information from a phone without the password or fingerprint.
Elcomsoft recently announced that it can easily bypass it. This is the reason actual cryptographers and security engineers are very skeptical when a random company announces that their product is "secure."
Reports emerged of a hacker who was found selling sensitive U.S. Air Force documents on the dark web for between $150 and $200. The hacker was attempting to sell secret documents about the MQ-9 Reaper drone used across federal government agencies for only a few hundred dollars on a Dark Web forum a few weeks ago.
The MQ-9 Reaper drone is currently used by the U.S. Air Force, the U.S. Navy, U.S. Customs and Border Protection, NASA, the CIA, and the militaries of several other countries.
Arch Linux has pulled a user-provided AUR (Arch User Repository) package, because it contained malware. Arch Linux user, if you recently downloaded a PDF viewer named "acroread" in the short time it was compromised, you'll need to delete it.
While the breach isn't regarded as serious, it sparked a debate about the security of untrusted software. The user repository included the acroread package, which had been abandoned by its maintainer.