Security is complicated. This is why open development is a key factor and a precondition for creating secure solutions. Security is getting more important every day. Also due to the development of machine learning applications many data driven solutions are poisoned with privacy related data. Transparency and openness increase security protection levels. A good security product should never ever introduce extra vulnerabilities. However many low quality security products increase your cyber risk profile instead of lowering.
1 0-days exploited by commercial surveillance vendor in Egypt
Your digital assets are not safe in Egypt. Android devices in Egypt. be warned by this fantastic research work
(Link)
2 Microsoft Digital Defense Report 2024
A must read report for all serious security specialists. Microsoft matters. Especially when it comes down to mitigating digital cyber and privacy threats.
(Link)
3 Tiffin Tom: Fish, chips and a side of identity theft
Tiffin Tom is a “Just Eat” style, online food ordering service. Just enter your postcode and a world of artery-clogging yet convenient food awaits. Unfortunately, it’s also a sure-fire way to have your identity & payment information stolen – very, very quickly indeed.
(Link)
4 End-to-End Encrypted Cloud Storage in the Wild A Broken Ecosystem
The current ecosystem of E2EE cloud storage is largely broken. A malicious server can inject files, tamper with file data, and even gain direct access to plaintext. Cause is of course severe issues in the design. Doing encryption good is not simple!
(Link)
5 Hacking Millions of Modems
Over 700 exposed APIs with many giving administrative functionality (e.g. querying the connected devices of a modem). Each API suffered permission issues where replaying HTTP requests repeatedly would allow an attacker to run unauthorized commands.
(Link)
6 Passkeys: A Shattered Dream
Interesting analysis and question: Are passwords a better experience than passkeys?
(Link)
7 SAP AI vulnerabilities expose customers’ cloud environments and private AI artifacts
AI is trending. So this should be no news! Vulnerabilities found in SAP AI Core, allowing malicious actors to take over the service and access customer data.
(Link)
8 FortiGate Firewalls Are Vulnerable
Too often expensive security tools makes your security protection weaker. Remote code execution is no joke. There are 490,000 affected SSL VPN interfaces exposed on the internet, and many are still unpatched. So get rid of firewalls that do more harm than good. Just a FOSS solution and make it better.
(Link)
Our partners:
The Open Security newsletter is an overview of cyber security news with a core focus on openness. Pointing out what went wrong after a cyber security breach is easy. Designing good and simple measurements is hard. So join the open Security Reference Architecture collaboration project to create better solutions together. Or become a partner to support this project. Use our RSS or ATOM feed to follow Open Security News.