A group of researchers from Italy and the UK recently published a paper highlighting cryptographic insecurities in the TP-Link Tapo L530E smart light bulb, which is currently a bestseller on Amazon Italy. The researchers contacted TP-Link through their Vulnerability Research Program, and the company acknowledged the vulnerabilities and began working on fixes. However, the researchers…
Rewrite: In this episode of the Naked Security podcast, hosts Doug Aamoth and Paul Ducklin cover a range of topics, including crocodilian cryptocrime, the BWAIN streak, and the importance of touch-typing. They kick off the episode with a discussion on Tech History, highlighting IBM’s presentation of the Automatic Sequence Controlled Calculator (Mark I) to Harvard…
Apple recently released a full update that includes not only the second Rapid Response patch but also a fix for another zero-day vulnerability. The zero-day in WebKit, which was previously addressed in the Rapid Response patch, has now been accompanied by a fix for a kernel-level vulnerability. Interestingly, the zero-day in WebKit was attributed to…
If you’ve been silently uncovering cryptographic bugs in a private police radio system for the past two years, you might be wondering how to handle the disclosure of your research. The researchers at Midnight Blue, a boutique Dutch cybersecurity consultancy, have a unique approach. They have planned a world tour of conference appearances in the…
Last week, Microsoft released a report titled “Analysis of Storm-0558 techniques for unauthorized email access,” which shed light on a previously undisclosed hack. The breach affected approximately 25 organizations, including government agencies and consumer accounts in the public cloud. While the number of organizations targeted may seem small, the potential number of individuals affected could…
The Naked Security podcast, hosted by Doug Aamoth and Paul Ducklin, covers a range of topics related to cybersecurity, including password manager cracks, login bugs, and historical examples of security breaches. In a recent episode, the hosts discussed a ransomware attack against a technology company in Oxfordshire, England, which involved a man-in-the-middle attack by a…
Trusted Platform Module (TPM) is an encryption-and-cybersecurity system invented by the Trusted Computing Group (TCG). It is used to help secure the bootup process and is sometimes implemented as a miniature plug-in board with 14 or 20 pins in two rows of 7 or 10 that plugs into a designated TPM socket on the computer’s…
DoppelPaymer and other ransomware gangs have been using a double-extortion technique to increase pressure on victims to pay up. They scramble all the data files and steal copies of those files as extra leverage. The attackers offer to delete the stolen files if the victims pay for the decryption key. Europol has recently revealed that…
