Archive for June, 2015

UL brought scientific rigor  to the testing of consumer products, such as this early electric oven.

In-brief: The Obama Whitehouse has tapped famed hacker Peiter Zatko (aka “Mudge”) to head up a new project aimed at developing an “underwriters’ lab” for cyber security. Continue reading

Embedded, networked sensors and actuators are everywhere. They are in engines, monitoring combustion and performance. They are in our shoes and on our wrists, helping us exercise enough and measuring our sleep. They are in our phones, our homes, hospitals, offices, ovens, planes, trains, and automobiles. Continue reading

Security researchers at ESET in Bratislava, Slovakia have published an analysis of another apparently state-sponsored cyber-espionage tool used to target computers in Iran—and potentially elsewhere. The malware, also recently mentioned by Kaspersky researchers, was named “Dino” by its developers and has been described as a “full featured espionage platform.” Continue reading

In this blog we describe a sophisticated backdoor, called Dino by its creators. We believe this malicious software has been developed by the Animal Farm espionage group, who also created the infamous Casper, Bunny and Babar malware. Dino contains interesting technical features, and also a few hints that the developers are French speaking. Continue reading

One night to hack in Paris

The past Saturday we had the privilege of participating in this year’s edition of “Nuit du Hack”, a French security conference which brings together professionals and amateurs of all skill levels for a series of lectures and challenges. It’s a full day (and night) of hacking goodness. A cloudy day set the perfect mood at the venue, the Academie Fratellini, in the marvelous and beautiful city of Paris. Continue reading

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website. Continue reading

In the recent release of iOS 8.4, Apple fixed several vulnerabilities including vulnerabilities that allow attackers to deploy two new kinds of Masque Attack (CVE-2015-3722/3725, and CVE-2015-3725). We call these exploits Manifest Masque and Extension Masque, which can be used to demolish apps, including system apps (e.g., Apple Watch, Health, Pay and so on), and to break the app data container. Continue reading

For fall 2015, Apple is preparing an “S” iPhone upgrade that superficially preserves the exterior designs of the iPhone 6 and iPhone 6 Plus, but includes a collection of major internal changes. Continue reading