Tag

Security Research

All articles tagged with #security research

security16 days ago•4 min saved

Researchers expose 25 recovery attacks against leading cloud password managers

A joint ETH Zurich/USI study identifies 25 distinct password-recovery/related attacks across major cloud password managers (Bitwarden, Dashlane, LastPass; with 1Password also noted for some flaws). Attacks span four categories: exploiting key escrow in account recovery, weaknesses in item-level encryption and metadata, vulnerabilities in sharing features, and downgrades due to legacy code. In total, 12 attacks hit Bitwarden, 7 LastPass, and 6 Dashlane; 1Password was linked to item-level and sharing flaws as known limitations. Vendors have issued patches or mitigations (e.g., Dashlane removing legacy crypto, Bitwarden remediation, LastPass hardening, 1Password using SRP), and there’s no evidence these issues have been exploited in the wild.

via The Hacker News|

#cloud-security #cryptography #password-managers

cybersecurity28 days ago•3 min saved

Claude Opus 4.6 Unmasks 500 Open-Source Flaws, Redefining Cyber Defense

Anthropic’s Claude Opus 4.6, tested in a sandbox, autonomously found over 500 previously unknown high-severity zero-day vulnerabilities in open-source libraries—ranging from crashes to memory corruption—in projects like GhostScript, OpenSC, and CGIF; it used out-of-the-box analysis and even wrote its own proof-of-concepts in some cases. Anthropic says these capabilities could greatly aid defenders, plans to broaden access to the security community, and has added safeguards to prevent abuse.

via Axios|

#ai-security #cybersecurity #open-source

technology2 years ago•3 min saved

Def Con: iPhone Popups, Bomb Threats, and Fearsome Hackers

A security researcher named Jae Bochs has claimed responsibility for the mysterious and persistent pop-ups that appeared on attendees' iPhones at the hacking conference Def Con. The pop-ups prompted users to connect to an Apple TV or share a password with a nearby Apple TV. Bochs stated that the experiment was intended to remind people to turn off Bluetooth and to have a laugh, rather than collect data. However, it remains unclear if data could have been collected or if the feature could be exploited for malicious purposes. Some attendees found the pop-ups annoying but amusing, while others criticized the researcher for potentially abusing users. Apple has not commented on the matter.

via TechCrunch|

#bluetooth #def-con #iphone

technology2 years ago•2 min saved

Apple's iOS Simulator Copyright Case Remains Unresolved.

The US Court of Appeals for the Eleventh Circuit ruled that Corellium's CORSEC simulator, which allows security researchers to identify flaws in the iPhone's iOS operating system, is protected by copyright law's fair use doctrine. Apple had sued Corellium in 2019, arguing that its software was a "wholesale copying and reproduction" of iOS and served as a market substitute for its own security research products. The appeals court largely sided with Corellium, stating that its copying of iOS code was transformative and furthered scientific progress. The case has been closely watched by security researchers and digital rights groups.

via Bloomberg Law|