The password-killing tech known as “passkeys” have proliferated over the past two years, developed by the tech industry association known as the FIDO Alliance as an easier and more secure authentication alternative. And although superseding any technology as entrenched as passwords is difficult, new features and resources launching this week …
Read More »Millions of Vehicles Could Be Hacked and Tracked Thanks to a Simple Website Bug
When security researchers in the past found ways to hijack vehicles' internet-connected systems, their proof-of-concept demonstrations tended to show, thankfully, that hacking cars is hard. Exploits like the ones that hackers used to remotely take over a Chevrolet Impala in 2010 or a Jeep in 2015 took years of work …
Read More »Apple Vision Pro’s Eye Tracking Exposed What People Type
You can tell a lot about someone from their eyes. They can indicate how tired you are, the type of mood you’re in, and potentially provide clues about health problems. But your eyes could also leak more secretive information: your passwords, PINs, and messages you type. Today, a group of …
Read More »YubiKeys Are a Security Gold Standard—but They Can Be Cloned
The YubiKey 5, the most widely used hardware token for two-factor authentication based on the FIDO standard, contains a cryptographic flaw that makes the finger-sized device vulnerable to cloning when an attacker gains temporary physical access to it, researchers said Tuesday. The cryptographic flaw, known as a side channel, resides …
Read More »Powerful Spyware Exploits Enable a New String of ‘Watering Hole’ Attacks
In recent years, elite commercial spyware vendors like Intellexa and NSO Group have developed an array of powerful hacking tools that exploit rare and unpatched “zero-day” software vulnerabilities to compromise victim devices. And increasingly, governments around the world have emerged as the prime customers for these tools, compromising the smartphones …
Read More »Notorious Iranian Hackers Have Been Targeting the Space Industry With a New Backdoor
The Iranian government-backed hacking group known as APT 33 has been active for more than 10 years, conducting aggressive espionage operations against a diverse array of public and private sector victims around the world, including critical infrastructure targets. And while the group is particularly known for strategic but technically simple …
Read More »Nearly All Google Pixel Phones Exposed by Unpatched Flaw in Hidden Android App
Google's flagship Pixel smartphone line touts security as a centerpiece feature, offering guaranteed software updates for seven years and running stock Android that's meant to be free of third-party add-ons and bloatware. On Thursday, though, researchers from the mobile device security firm iVerify are publishing findings on an Android vulnerability …
Read More »‘Sinkclose’ Flaw in Hundreds of Millions of AMD Chips Allows Deep, Virtually Unfixable Infections
Security flaws in your computer's firmware, the deep-seated code that loads first when you turn the machine on and controls even how its operating system boots up, have long been a target for hackers looking for a stealthy foothold. But only rarely does that kind of vulnerability appear not in …
Read More »How Hackers Extracted the ‘Keys to the Kingdom’ to Clone HID Keycards
HID Global's keycards—the company's radio-frequency-enabled plastic rectangles that are inside hundreds of millions of pockets and purses—serve as the front line of physical security for hundreds of companies and government agencies. They can also be spoofed, it turns out, by any hacker clever enough to read one of those cards …
Read More »Google Researchers Found Nearly a Dozen Flaws in Popular Qualcomm Software for Mobile GPUs
Demand for graphics processing units or GPUs has exploded in recent years as video rendering and artificial intelligence systems have expanded the need for processing power. And while most of the most visible shortages (and soaring stock prices) relate to top-tier PC and server chips, mobile graphics processors are the …
Read More »