VU#144389: TLS implementations may disclose side channel information via discrepencies between...

TLS implementations may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding,and may therefore be vulnerable to Bleichenbacher-style attacks..

This attack is known as aROBOT attackquot;.

Vulnerability Found in Two Keyless Entry Locks

Researchers are warning of a default-configuration vulnerability in the enterprise-class keyless entry products made by AMAG Technology.

Leftover Debugger Doubles as a Keylogger on Hundreds of HP Laptop...

HP released an update that fixes debugger code that could allow an attacker to use a Synaptics Touchpad driver as a keylogger.

Android Flaw Poisons Signed Apps with Malicious Code

An Android vulnerability called Janus allows attackers to inject malicious code into signed Android apps.

Apple Fixes Flaw Impacting HomeKit Devices

Apple said it has fixed an undisclosed vulnerability in its HomeKit framework that could have allowed unauthorized remote control of HomeKit devices such as smart locks and connected garage door openers.

Banking Apps Found Vulnerable to MITM Attacks

Using a free tool called Spinner, researchers identified certificate pinning vulnerabilities in mobile banking apps that left customers vulnerable to man-in-the-middle attacks.

Google Patches Critical Encryption Bug Impacting Pixel, Nexus Phones

As part of its December Android and Pixel/Nexus security updates, Google has issued patches addressing a bevy of flaws, 11 of which are rated critical.

TeamViewer Rushes Fix for Permissions Bug

TeamViewer says it has issued a hotfix to address a bug that allows users sharing a desktop session to gain control of the other’s computer without permission.

Developers Targeted in ‘ParseDroid’ PoC Attack

A proof of concept attack developed by researchers target users of the development platforms for Android and Java.

Google Cracks Down On Nosy Android Apps

Google beefs up privacy protections on apps distributed via third-party Android marketplaces and Google Play that that collect personal data without user consent.

Ursnif Trojan Adopts New Code Injection Technique

Researchers have found a variant of Ursnif Trojan they said is a “v3 build” that targets Australian bank customers with new redirection attack techniques.

Flaw Found In Dirty COW Patch

Researchers have found a flaw in the original fix for the Dirty COW vulnerability patched in October 2016.