Zip Slip Vulnerability Affects Thousands of Projects Researchers discovered a flaw in almost all zip-style file decompressors – RAR, TAR, 7ZIP-APK and others. The problem is caused by a very old attack vector called directory traversal that these libraries do not handle correctly. The decompressor libraries were likely downloaded from places like Github and Stack […]
Continue reading → [DISPLAY_ACURAX_ICONS]Israeli Startup Raises $12.5 Million to Help Governments Hack IoT Given the sad state of IoT security, I am not sure that governments need any help in hacking IoT devices, but just in case they do, Israeli startup Toka raised $12.5 million to help police hack iPhones, Alexas, Echos and Nests, along with other IoT […]
Continue reading → [DISPLAY_ACURAX_ICONS]NBC is reporting that the Intelligence Community developed substantial evidence that Russian financed attackers compromised the voter registration systems or web sites of seven states to different degrees. Up until this time DHS has been completely mum about this, saying absolutely nothing. But now NBC is reporting that the seven states are Alaska, Arizona, California, […]
Continue reading → [DISPLAY_ACURAX_ICONS]If I seem a bit skeptical, that is because I am. Attorney General Jeff Sessions announced yesterday that the Justice Department is going to form a committee to study the subject. Last week the leaders of several of the branches of the Intelligence Community testified before Congress saying, publicly, that the Russians did interfere with […]
Continue reading → [DISPLAY_ACURAX_ICONS]The universe is an interesting place. While the Senate and House, among others, are trying to figure out how much damage Russia did during last year’s election cycle, Cisco and others are sharing their source code with the people who supposedly hacked us. Seem strange? It is! Here is the story. For some countries, including […]
Continue reading → [DISPLAY_ACURAX_ICONS]LinkedIn is becoming LinkedOut, at least in Russia. Our friend Vladimir Putin passed a law in 2014 that said that any company that operates in Russia needs to store it’s user’s data in country. Most U.S. companies protested against it, although it is believed that a few have an architecture that allows them to do […]
Continue reading → [DISPLAY_ACURAX_ICONS]