Apple fixes latest lockscreen security bug with iOS 7.0.2: Apple has started to roll out iOS 7.0.2 today to fix a lockscreen security flaw. The issue was discovered just a day after Apple release iOS 7 to the public earlier this month. Apple says iOS 7.0.2 should address an issue where users could bypass an iPhone […]

iOS 7 loophole bypasses the lockscreen for access to photos, email, and Twitter: Like iOS 6.1 before it, the latest version of iOS has shipped with a security loophole. The iOS 7 update, rolled out yesterday, allows users to bypass an iPhone or iPad lockscreen with a tricky maneuver that offers access to a users photos, […]

C&C PHP script for staging DDoS attacks sold on underground forums: Earlier this year, US-CERT has deemed it important to release an alert about publicly accessible open recursive DNS servers that are increasingly being used in DNS amplification attacks – a very effective form of DDoS attack. The problem often lies in the misconfiguration of […]

Aggressive Ad Module Scans Android Apps: During our routine patrols of popular marketplaces offering Android applications we recently came across some suspicious applications hosted on the popular Google Play. The applications are distributed as hacking tools, utility tools, and pornographic apps by different developers.

Forensic implications of a person using Firefox’s “Private Browsing”: This blog post is the final in a three part series that discusses the privacy modes of the three major web browsers and what implications it has on digital forensics. You can see the original post for Internet Explorer here, or Google Chrome here.In this post, […]

Dotcom set to claim $6m: Taxpayers face a $6 million bill in damages over the unlawful raid and illegal spying on Kim Dotcom and others. Legal papers filed with the High Court allege an “excessively aggressive and invasive approach” by police during a raid on Dotcom’s mansion 18 months ago. They also accuse Deputy Prime […]

Officials Misused US Surveillance Program: NPR: Government officials for nearly three years accessed data on thousands of domestic phone numbers they shouldn’t have and then misrepresented their actions to a secret spy court to reauthorize the government’s surveillance program, documents released Tuesday show. The government’s explanation points to an enormous surveillance infrastructure with such incredible […]

EU commissioners clash over proposed net neutrality law: Kroes has repeatedly said that the new law would guarantee net neutrality and an end to blocking or throttling of competing services. However digital rights activists have published leaked drafts of the law that they say shows the opposite. “The sheer number of leaked drafts and documents, […]

MWR Labs Pwn2Own 2013 Write: MWR Labs took part in Pwn2Own 2013, demonstrating a full sandbox escape against Google Chrome. Two exploits were used in the demonstration: A type confusion in WebKit, Chrome’s rendering Engine (CVE-2013-0912). We blogged about this vulnerability previously. A kernel pool overflow in Win32k which allowed us to break out of […]

Breach after patient data pops up online: A debt collection agency that contracted with University of Chicago Physicians Group is notifying nearly 1,400 patients that their protected health information, insurance data and Social Security numbers have been compromised after being accessible to viewers on the Internet. ICS Collection Service Inc. on July 9 received a […]