/ Security Assessments News /

When you visit a new website, your computer probably submits a request to the domain name system (DNS) to translate the domain name (like arstechnica.com) to an IP address. Currently, most DNS queries are unencrypted, which raises privacy and security concerns. Google and Mozilla are trying to address these concerns by adding support in their browsers …

/ Security Assessments News /

Joshua Lott/Bloomberg via Getty Images For nearly three years, the December 2016 cyberattack on the Ukrainian power grid has presented a menacing puzzle. Two days before Christmas that year, Russian hackers planted a unique specimen of malware in the network of Ukraine’s national grid operator, Ukrenergo. Just before midnight, they used it to open every …

/ Security Assessments News /

Shenzhen i365 Tech An estimated 600,000 GPS trackers for monitoring the location of kids, seniors, and pets contain vulnerabilities that open users up to a host of creepy attacks, researchers from security firm Avast have found. The $25 to $50 devices are small enough to wear on a necklace or stash in a pocket or …

/ Security Assessments News /

The perils of Google Play are once again on display with the discovery of an app with 100 million downloads that contained a malicious component that downloaded secret payloads onto infected Android devices. Throughout most of its life, CamScanner was a legitimate app that provided useful functions for scanning and managing documents, researchers from antivirus …

/ Security Assessments News /

Collin Mulliner Developing and maintaining secure firmware for tablets, cars, and IoT devices is hard. Often, the firmware is initially developed by a third party rather than in-house. And it can be tough as projects move from inception and prototyping to full-force engineering and finally to deployment and production. Now, an engineer at self-driving car …

/ Security Assessments News /

Enlarge / An AT&T store in New Jersey. Michael Brochstein/SOPA Images/LightRocket via Getty Images When Michael Terpin’s smartphone suddenly stopped working in June 2017, he knew it wasn’t a good sign. He called his cellular provider, AT&T, and learned that a hacker had gained control of his phone number. The stakes were high because Terpin …

/ Security Assessments News /

Enlarge / Graffiti urging people to use Signal, a highly encrypted messaging app, is spray-painted on a wall during a protest on February 1, 2017 in Berkeley, California. Elijah Nouvelage | Getty Images US Attorney General William Barr today launched a new front in the feds’ ongoing fight against consumer encryption, railing against the common …

/ Security Assessments News /

Apple said it has pushed a silent macOS update that removes the undocumented webserver that was installed by the Zoom conferencing app for Mac. The webserver accepts connections from any device connected to the same local network, a security researcher disclosed on Monday. The server continues to run even when a Mac user uninstalls Zoom. …

Enlarge / Microsoft at a trade show. Microsoft is launching a new layer of security for users of its OneDrive cloud storage service. OneDrive Personal Vault is a new section of your storage that’s accessed through two-step verification, or a “strong authentication method,” although Microsoft didn’t define the latter term. Microsoft notes that fingerprinting, face scans, …

/ Security Assessments News /

Enlarge / The 2018 15-inch Apple MacBook Pro with Touch Bar. Samuel Axon When Apple executive Craig Federighi described a new location-tracking feature for Apple devices at the company’s Worldwide Developer Conference keynote on Monday, it sounded—to the sufficiently paranoid, at least—like both a physical security innovation and a potential privacy disaster. But while security …