Technology & Science

In epic hack, Signal developer turns the tables on forensics firm Cellebrite

Enlarge (credit: Moxie Marlinspike/Signal) For years, Israeli digital forensics firm Cellebrite has helped governments and police around the world break into confiscated mobile phones, mostly by exploiting vulnerabilities that went overlooked by device manufacturers. Now, Moxie Marlinspike—the brainchild behind the Signal messaging app—has turned the tables. On Wednesday, Marlinspike published a post that reported vulnerabilities […]

Technology & Science

SpaceX says OneWeb spread false story of “near-miss” satellite collision

Enlarge / A stack of 60 Starlink satellites launched in 2019. (credit: SpaceX / Flickr) SpaceX has accused satellite-broadband rival OneWeb of spreading a false story claiming that the companies’ satellites nearly crashed into each other. In reality, “[t]he probability of collision never exceeded the threshold for a [collision-avoidance] maneuver, and the satellites would not […]

Technology & Science

They hacked McDonald’s ice cream machines—and started a cold war

Enlarge / The lure of frozen deliciousness that led to uncovering insane techno craziness. (credit: NurPhoto | Getty Images) Of all the mysteries and injustices of the McDonald’s ice cream machine, the one that Jeremy O’Sullivan insists you understand first is its secret passcode. Press the cone icon on the screen of the Taylor C602 digital […]

Technology & Science

Tool links email addresses to Facebook accounts at scale

Enlarge (credit: Getty Images) Still smarting from last month’s dump of phone numbers belonging to 500 million Facebook users, the social media giant has a new privacy crisis to contend with: a tool that, on a mass scale, links the Facebook accounts associated with email addresses, even when users choose settings to keep them from […]

Technology & Science

Hackers are exploiting a Pulse Secure 0day to breach orgs around the world

Enlarge (credit: CHUYN / Getty Images) Hackers backed by nation-states are exploiting critical vulnerabilities in the Pulse Secure VPN to bypass two-factor authentication protections and gain stealthy access to networks belonging to a raft of organizations in the US Defense industry and elsewhere, researchers said. At least one of the security flaws is a zeroday, […]

Technology & Science

Venmo’s new crypto service lets you buy and sell bitcoin, ether, and litecoin

Enlarge / Promotional image of Crypto on Venmo. (credit: Venmo) The PayPal-owned Venmo service will let users buy, sell, and hold bitcoin and other cryptocurrencies within the Venmo app, the company announced today. “Customers will have the ability to buy and sell cryptocurrency using funds from their balance with Venmo, or a linked bank account or […]

Technology & Science

Google Play apps with 700k installs steal texts and charge you money

Enlarge (credit: Getty Images) Security researchers have uncovered a batch of Google Play apps that stole users’ text messages and made unauthorized purchases on users’ dime. The malware, which was hidden in eight apps that had more than 700,000 downloads, hijacked SMS message notifications and then made unauthorized purchases, McAfee mobile researchers Sang Ryol Ryu […]

Technology & Science

Millions of web surfers are being targeted by a single malvertising group

Enlarge (credit: Getty Images) Hackers have compromised more than 120 ad servers over the past year in an ongoing campaign that displays malicious advertisements on tens of millions, if not hundreds of millions, of devices as they visit sites that, by all outward appearances, are benign. Malvertising is the practice of delivering ads to people […]

Technology & Science

Dishy McFlatface to become “fully mobile,” allowing Starlink use away from home

Enlarge / A Starlink satellite dish in the Idaho panhandle’s Coeur d’Alene National Forest. (credit: Wandering-coder) SpaceX CEO Elon Musk expects the Starlink satellite broadband service to be “fully mobile” later in 2021, allowing customers to use the satellite dishes away from home. “Yeah, should be fully mobile later this year, so you can move […]

Technology & Science

Backdoored developer tool that stole credentials escaped notice for 3 months

Enlarge (credit: Getty Images) A publicly available software development tool contained malicious code that stole the authentication credentials that apps need to access sensitive resources. It’s the latest revelation of a supply chain attack that has the potential to backdoor the networks of countless organizations. The Codecov bash uploader contained the backdoor from late January […]