Silensec Newsletter

Microsoft warns about 2 apps that installed root certificates; leaked the private keys

Microsoft warns about 2 apps that installed root certificates; leaked the private keys

Microsoft has issued a security advisory today warning that two applications accidentally installed two root certificates on users' computers, and then leaked the private keys for all.

The software developer's mistake means that malicious third-parties can extract the private keys from the two applications and use them to issue forged certificates to spoof legitimate websites and software publishers for years to come.

Read more...

Two celebrities have been charged for illegally touting crypto offerings

Two celebrities have been charged for illegally touting crypto offerings

Two American celebrities are facing charges from the Securities and Exchange Commission today after they failed to disclose that they were being paid promotional fees to tout fraudulent initial coin offerings.

According to the SEC, this is the first time that individuals have faced charges involving ICOs. The Commission is accusing Mayweather of failing to disclose a $100,000 promotional payment and DJ Khaled with a $50,000 one.

Read more...

US China-watcher warns against Middle Kingdom tech dominance

US China-watcher warns against Middle Kingdom tech dominance

Another U.S. government panel has warned of the dangers of over-reliance on Chinese tech vendors: the US-China Economic and Security Review Commission.

The commission released its 2018 annual report today, and in it warned that China's plans to dominate two key tech sectors - the Internet of Things, and 5G - represented a threat to US critical infrastructure.

Read more...

Microsoft patches windows zero-day used by multiple cyber-espionage groups

Microsoft patches windows zero-day used by multiple cyber-espionage groups

Microsoft released today its monthly roll-up of security patches known as Patch Tuesday. This month, the Redmond-based company has fixed 62 security flaws.

Among the 62 fixes, there is also a fix for a zero-day vulnerability that was under active exploitation before today's patches were made available.

The zero-day, tracked as CVE-2018-8589, impacts the Windows Win32k component.

Read more...

Here's how hackers could have spied on your DJI drone account

Here's how hackers could have spied on your DJI drone account

Cybersecurity researchers today revealed details of a potential dangerous vulnerability in DJI Drone web app that could have allowed attackers access user accounts and synced sensitive information within it, including flight records, location, live video camera feed, and photos taken during a flight.

Read more...

Apple T2 security chip in new MacBooks disconnects Microphone when lid is closed

Apple T2 security chip in new MacBooks disconnects Microphone when lid is closed

Almost as soon as Apple released iOS 12.1 on Tuesday, a Spanish security researcher discovered a bug that exploits group Facetime calls to give anyone access to an iPhone users' contact information with no need for a passcode.

Read more...