Security Alerts & News
by Tymoteusz A. Góral

History
#1465 Signal bug lets attackers tamper with encrypted messages—patch now
Signal, the mobile messaging app recommended by NSA leaker Edward Snowden and a large number of security professionals, just fixed a bug that allowed attackers to tamper with the contents of encrypted messages sent by Android users.

The authentication-bypass vulnerability was one of two weaknesses found by researchers Jean-Philippe Aumasson and Markus Vervier in an informal review of the Java code used by the Android version of Signal. The bug made it possible for attackers who compromised a Signal server or were otherwise able to monitor data passing between Signal users to replace a valid attachment with a fraudulent one. A second bug possibly would have allowed attackers to remotely execute malicious code, but a third bug made limited exploits to a simple remote crash.

"The results are not catastrophic, but show that, like any piece of software, Signal is not perfect," Aumasson wrote in an e-mail. "Signal drew the attention of many security researchers, and it's impressive that no vulnerability was ever published until today. This pleads in favor of Signal, and we'll keep trusting it."
Read more
#1468 BkSoD by ransomware: HDDCryptor uses commercial tools to encrypt network shares and lock HDDs
#1467 Pay-to-click ad service hacked, 6.6M plaintext passwords dumped
#1466 Cisco patches critical WebEx meetings server vulnerability
#1465 Signal bug lets attackers tamper with encrypted messages—patch now
#1464 Neverquest trojan gets big summer update
#1463 Ransomware getting more targeted and expensive
#1462 DualToy Windows trojan attacks Android and iOS Devices
#1461 Google is giving you $200,000 to hack the Nexus 6P and 5X
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12